[FFmpeg-cvslog] avformat/mxfdec: Check that key was read sucessfull
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Sun Aug 11 22:53:47 2024 +0200| [9762ef37a5ed092e2597f15436733c5f28484dd7] |
committer: Michael Niedermayer
avformat/mxfdec: Check that key was read sucessfull
Fixes: use of uninitialized value
Fixes:
70932/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-4870202133643264
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 4c62cbcae2612acbc7ab5e8a7e7815674a6e8df4)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9762ef37a5ed092e2597f15436733c5f28484dd7
---
libavformat/mxfdec.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
index a506a1635a..a731ef71ba 100644
--- a/libavformat/mxfdec.c
+++ b/libavformat/mxfdec.c
@@ -1289,7 +1289,8 @@ static int mxf_read_indirect_value(void *arg, AVIOContext
*pb, int size)
if (size <= 17)
return 0;
-avio_read(pb, key, 17);
+if (avio_read(pb, key, 17) != 17)
+return AVERROR_INVALIDDATA;
/* TODO: handle other types of of indirect values */
if (memcmp(key, mxf_indirect_value_utf16le, 17) == 0) {
return mxf_read_utf16le_string(pb, size - 17, &tagged_value->value);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/matroskadec: Check pre_ns for overflow
ffmpeg | branch: release/4.3 | Michael Niedermayer | Wed Dec 11 21:36:11 2024 +0100| [6ad3e87a87cfbbe4a91e28856caa68d99ac9348c] | committer: Michael Niedermayer avformat/matroskadec: Check pre_ns for overflow Fixes: signed integer overflow: -3483479120376300096 - 7442323944145700864 cannot be represented in type 'long' Fixes: 383187489/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-4561470580391936 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 361d24e6d920e4f7e4e5fa1fd6fbb6922bff35f2) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6ad3e87a87cfbbe4a91e28856caa68d99ac9348c --- libavformat/matroskadec.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index a42f8e34d1..73c7b3437a 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -4064,9 +4064,10 @@ static int64_t webm_dash_manifest_compute_bandwidth(AVFormatContext *s, int64_t // The prebuffer ends in the last Cue. Estimate how much data was // prebuffered. pre_bytes = desc_end.end_offset - desc_end.start_offset; -pre_ns = desc_end.end_time_ns - desc_end.start_time_ns; -if (pre_ns <= 0) +if (desc_end.end_time_ns <= desc_end.start_time_ns || +desc_end.end_time_ns - (uint64_t)desc_end.start_time_ns > INT64_MAX) return -1; +pre_ns = desc_end.end_time_ns - desc_end.start_time_ns; pre_sec = pre_ns / nano_seconds_per_second; prebuffer_bytes += pre_bytes * ((temp_prebuffer_ns / nano_seconds_per_second) / pre_sec); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/shorten: clear padding
ffmpeg | branch: release/4.3 | Michael Niedermayer | Sun Aug 4 22:10:48 2024 +0200| [a3431f279e7c83cf272e5ecb916a0734fe715241] | committer: Michael Niedermayer avcodec/shorten: clear padding Fixes: use-of-uninitialized-value Fixes: 70854/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5533480570650624 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit e44349ee88418ac16051bbc9231c1bfdc25d3504) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a3431f279e7c83cf272e5ecb916a0734fe715241 --- libavcodec/shorten.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/shorten.c b/libavcodec/shorten.c index 4134af74cf..762bca0df3 100644 --- a/libavcodec/shorten.c +++ b/libavcodec/shorten.c @@ -558,6 +558,7 @@ static int shorten_decode_frame(AVCodecContext *avctx, void *data, buf = &s->bitstream[s->bitstream_index]; buf_size += s->bitstream_size; s->bitstream_size = buf_size; +memset(buf + buf_size, 0, AV_INPUT_BUFFER_PADDING_SIZE); /* do not decode until buffer has at least max_framesize bytes or * the end of the file has been reached */ ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/vc1dec: Clear mb_type_base and ttblk_base
ffmpeg | branch: release/4.3 | Michael Niedermayer | Sun Aug 4 22:15:08 2024 +0200| [9b7d4ad167708ef5db038eed72370333d55c8b28] | committer: Michael Niedermayer avcodec/vc1dec: Clear mb_type_base and ttblk_base Fixes: two use-of-uninitialized-value Fixes: 70856/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5539349918187520 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 50471f96c4a68874575ab21f799c5999ed920838) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9b7d4ad167708ef5db038eed72370333d55c8b28 --- libavcodec/vc1dec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/vc1dec.c b/libavcodec/vc1dec.c index 01ca8ea389..a7f46a2246 100644 --- a/libavcodec/vc1dec.c +++ b/libavcodec/vc1dec.c @@ -344,7 +344,7 @@ av_cold int ff_vc1_decode_init_alloc_tables(VC1Context *v) if (!v->block || !v->cbp_base) goto error; v->cbp = v->cbp_base + 2 * s->mb_stride; -v->ttblk_base = av_malloc(sizeof(v->ttblk_base[0]) * 3 * s->mb_stride); +v->ttblk_base = av_mallocz(sizeof(v->ttblk_base[0]) * 3 * s->mb_stride); if (!v->ttblk_base) goto error; v->ttblk= v->ttblk_base + 2 * s->mb_stride; @@ -358,7 +358,7 @@ av_cold int ff_vc1_decode_init_alloc_tables(VC1Context *v) v->luma_mv = v->luma_mv_base + 2 * s->mb_stride; /* allocate block type info in that way so it could be used with s->block_index[] */ -v->mb_type_base = av_malloc(s->b8_stride * (mb_height * 2 + 1) + s->mb_stride * (mb_height + 1) * 2); +v->mb_type_base = av_mallocz(s->b8_stride * (mb_height * 2 + 1) + s->mb_stride * (mb_height + 1) * 2); if (!v->mb_type_base) goto error; v->mb_type[0] = v->mb_type_base + s->b8_stride + 1; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/dxva2: initialize hr in ff_dxva2_common_end_frame()
ffmpeg | branch: release/4.3 | Michael Niedermayer | Sun May 26 22:33:11 2024 +0200| [e102dfd3317d3cd456b82603717d13d9aab77b5a] | committer: Michael Niedermayer avcodec/dxva2: initialize hr in ff_dxva2_common_end_frame() Related: CID1591924 Uninitialized scalar variable Related: CID1591938 Uninitialized scalar variable Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer (cherry picked from commit 1d6a2aebae202652feb5964a2d62bdba4e5cc6e4) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e102dfd3317d3cd456b82603717d13d9aab77b5a --- libavcodec/dxva2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/dxva2.c b/libavcodec/dxva2.c index 3f8944856e..282d32dbbe 100644 --- a/libavcodec/dxva2.c +++ b/libavcodec/dxva2.c @@ -894,7 +894,7 @@ int ff_dxva2_common_end_frame(AVCodecContext *avctx, AVFrame *frame, #endif DECODER_BUFFER_DESC *buffer = NULL, *buffer_slice = NULL; int result, runs = 0; -HRESULT hr; +HRESULT hr = -1; unsigned type; FFDXVASharedContext *sctx = DXVA_SHARED_CONTEXT(avctx); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/aic: Clear slice_data
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Sun Aug 4 22:30:03 2024 +0200| [985ee2366558803668a2c7d561285912441dfa0d] |
committer: Michael Niedermayer
avcodec/aic: Clear slice_data
Fixes: use-of-uninitialized-value
Fixes:
70865/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AIC_fuzzer-4874102695854080
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit de3f6cbcf3df4ca6cb265a83507b95c884cd)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=985ee2366558803668a2c7d561285912441dfa0d
---
libavcodec/aic.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/libavcodec/aic.c b/libavcodec/aic.c
index f027fa99ef..444e7725b1 100644
--- a/libavcodec/aic.c
+++ b/libavcodec/aic.c
@@ -470,8 +470,7 @@ static av_cold int aic_decode_init(AVCodecContext *avctx)
}
}
-ctx->slice_data = av_malloc_array(ctx->slice_width, AIC_BAND_COEFFS
-* sizeof(*ctx->slice_data));
+ctx->slice_data = av_calloc(ctx->slice_width, AIC_BAND_COEFFS *
sizeof(*ctx->slice_data));
if (!ctx->slice_data) {
av_log(avctx, AV_LOG_ERROR, "Error allocating slice buffer\n");
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/avcodec: Warn about data returned from get_buffer*()
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Sat Aug 17 01:11:50 2024 +0200| [c5b3a3f9697f4f0683c10a174a3b9ece30fa5c03] |
committer: Michael Niedermayer
avcodec/avcodec: Warn about data returned from get_buffer*()
Text based on suggestion by: epira...@gmail.com
Signed-off-by: Michael Niedermayer
(cherry picked from commit 93444c46fce195e378c4ebb1a20ea662e7f0123b)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c5b3a3f9697f4f0683c10a174a3b9ece30fa5c03
---
libavcodec/avcodec.h | 4
1 file changed, 4 insertions(+)
diff --git a/libavcodec/avcodec.h b/libavcodec/avcodec.h
index c91b2fd169..963dd2a214 100644
--- a/libavcodec/avcodec.h
+++ b/libavcodec/avcodec.h
@@ -1294,6 +1294,10 @@ typedef struct AVCodecContext {
* this callback and filled with the extra buffers if there are more
* buffers than buf[] can hold. extended_buf will be freed in
* av_frame_unref().
+ * Decoders will generally initialize the whole buffer before it is
output
+ * but it can in rare error conditions happen that uninitialized data is
passed
+ * through. \important The buffers returned by get_buffer* should thus
not contain sensitive
+ * data.
*
* If AV_CODEC_CAP_DR1 is not set then get_buffer2() must call
* avcodec_default_get_buffer2() instead of providing buffers allocated by
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/dxva2: Initialize dxva_size and check it
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Sun May 26 22:13:28 2024 +0200| [5b82c7c04c502495388cce6d76f336edda6fd118] |
committer: Michael Niedermayer
avcodec/dxva2: Initialize dxva_size and check it
Related: CID1591878 Uninitialized scalar variable
Related: CID1591928 Uninitialized pointer read
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer
(cherry picked from commit c8c59e99295f9ef572b5d6f0fd9075bb2b79acbd)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5b82c7c04c502495388cce6d76f336edda6fd118
---
libavcodec/dxva2.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/dxva2.c b/libavcodec/dxva2.c
index 32416112bf..b3b808b0b4 100644
--- a/libavcodec/dxva2.c
+++ b/libavcodec/dxva2.c
@@ -794,7 +794,7 @@ int ff_dxva2_commit_buffer(AVCodecContext *avctx,
unsigned type, const void *data, unsigned size,
unsigned mb_count)
{
-void *dxva_data;
+void *dxva_data = NULL;
unsigned dxva_size;
int result;
HRESULT hr = 0;
@@ -816,7 +816,7 @@ int ff_dxva2_commit_buffer(AVCodecContext *avctx,
type, (unsigned)hr);
return -1;
}
-if (size <= dxva_size) {
+if (dxva_data && size <= dxva_size) {
memcpy(dxva_data, data, size);
#if CONFIG_D3D11VA
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/dxva2: Initialize ConfigBitstreamRaw
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Sun May 26 22:23:16 2024 +0200| [cb57b8352de63494bcf6ebc040f9f4d2be87fc80] |
committer: Michael Niedermayer
avcodec/dxva2: Initialize ConfigBitstreamRaw
Related: CID1591894 Uninitialized scalar variable
Related: CID1591906 Uninitialized scalar variable
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer
(cherry picked from commit 489c05b9c3ea7d856b7a81abce247721b3b3d6e8)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cb57b8352de63494bcf6ebc040f9f4d2be87fc80
---
libavcodec/dxva2.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/dxva2.c b/libavcodec/dxva2.c
index b3b808b0b4..0bd67b2823 100644
--- a/libavcodec/dxva2.c
+++ b/libavcodec/dxva2.c
@@ -111,7 +111,7 @@ static int dxva_get_decoder_configuration(AVCodecContext
*avctx,
for (i = 0; i < cfg_count; i++) {
unsigned score;
-UINT ConfigBitstreamRaw;
+UINT ConfigBitstreamRaw = 0;
GUID guidConfigBitstreamEncryption;
#if CONFIG_D3D11VA
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/dxva2: initialize validate
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Sun May 26 22:28:04 2024 +0200| [e6a63439761fbbca04a9bdc96dfbf4d95b9b608e] |
committer: Michael Niedermayer
avcodec/dxva2: initialize validate
Related: CID1591915 Uninitialized scalar variable
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer
(cherry picked from commit 2232c4cc8c3d64dec4e4399b58e057f5dbb9ff98)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e6a63439761fbbca04a9bdc96dfbf4d95b9b608e
---
libavcodec/dxva2.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/dxva2.c b/libavcodec/dxva2.c
index 0bd67b2823..3f8944856e 100644
--- a/libavcodec/dxva2.c
+++ b/libavcodec/dxva2.c
@@ -262,7 +262,7 @@ static int dxva_get_decoder_guid(AVCodecContext *avctx,
void *service, void *sur
*decoder_guid = ff_GUID_NULL;
for (i = 0; dxva_modes[i].guid; i++) {
const dxva_mode *mode = &dxva_modes[i];
-int validate;
+int validate = 0;
if (!dxva_check_codec_compatibility(avctx, mode))
continue;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/jfdctint_template: use unsigned z* in row_fdct()
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Thu Sep 19 21:57:09 2024 +0200| [a51d618e8b828b6a4395d1f04062abaf235e92de] |
committer: Michael Niedermayer
avcodec/jfdctint_template: use unsigned z* in row_fdct()
Fixes: signed integer overflow: 856827136 + 2123580416 cannot be represented in
type 'int'
Fixes:
70772/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PRORES_KS_fuzzer-5180569961431040
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit f27c8b04d3059fa538db8f2db6503cbb586eb3ad)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a51d618e8b828b6a4395d1f04062abaf235e92de
---
libavcodec/jfdctint_template.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/jfdctint_template.c b/libavcodec/jfdctint_template.c
index 2f4e28b3a3..126c3d913c 100644
--- a/libavcodec/jfdctint_template.c
+++ b/libavcodec/jfdctint_template.c
@@ -183,7 +183,7 @@ static av_always_inline void FUNC(row_fdct)(int16_t *data)
{
int tmp0, tmp1, tmp2, tmp3, tmp4, tmp5, tmp6, tmp7;
int tmp10, tmp11, tmp12, tmp13;
- int z1, z2, z3, z4, z5;
+ unsigned z1, z2, z3, z4, z5;
int16_t *dataptr;
int ctr;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/eacmv: Check input size for intra frames
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Thu Sep 19 23:57:31 2024 +0200| [8d3f10011d052094d1ac862f573fa1601364b129] |
committer: Michael Niedermayer
avcodec/eacmv: Check input size for intra frames
Fixes: Timeout
Fixes:
71135/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EACMV_fuzzer-6251879028293632
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit c3a1cbbf5d99337b5e99260eb95c84e65c7587f6)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8d3f10011d052094d1ac862f573fa1601364b129
---
libavcodec/eacmv.c | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/libavcodec/eacmv.c b/libavcodec/eacmv.c
index 6f39d72b88..08e9ae0192 100644
--- a/libavcodec/eacmv.c
+++ b/libavcodec/eacmv.c
@@ -198,12 +198,15 @@ static int cmv_decode_frame(AVCodecContext *avctx,
if ((ret = av_image_check_size(s->width, s->height, 0, s->avctx)) < 0)
return ret;
+buf += EA_PREAMBLE_SIZE;
+if (!(buf[0]&1) && buf_end - buf < s->width * s->height * (int64_t)(100 -
s->avctx->discard_damaged_percentage) / 100)
+return AVERROR_INVALIDDATA;
+
if ((ret = ff_get_buffer(avctx, frame, AV_GET_BUFFER_FLAG_REF)) < 0)
return ret;
memcpy(frame->data[1], s->palette, AVPALETTE_SIZE);
-buf += EA_PREAMBLE_SIZE;
if ((buf[0]&1)) { // subtype
cmv_decode_inter(s, frame, buf+2, buf_end);
frame->key_frame = 0;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] swscale/swscale: Use unsigned operation to avoid undefined behavior
ffmpeg | branch: release/4.3 | Michael Niedermayer | Thu Sep 12 20:08:42 2024 +0200| [f0442346e6974bad892f2dea2f0e832e380a4ad4] | committer: Michael Niedermayer swscale/swscale: Use unsigned operation to avoid undefined behavior I have not checked that the constant is correct, this just fixes the undefined behavior Fixes: signed integer overflow: -646656 * 3517 cannot be represented in type 'int Fixes: 70559/clusterfuzz-testcase-minimized-ffmpeg_SWS_fuzzer-5209368631508992 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 44c5641ae82387fcfce94820f5b53ce8e9dcd27f) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f0442346e6974bad892f2dea2f0e832e380a4ad4 --- libswscale/swscale.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libswscale/swscale.c b/libswscale/swscale.c index 481176c084..d9bcac4631 100644 --- a/libswscale/swscale.c +++ b/libswscale/swscale.c @@ -225,7 +225,7 @@ static void lumRangeFromJpeg16_c(int16_t *_dst, int width) int i; int32_t *dst = (int32_t *) _dst; for (i = 0; i < width; i++) -dst[i] = (dst[i]*(14071/4) + (33561947<<4)/4)>>12; +dst[i] = ((int)(dst[i]*(14071U/4) + (33561947<<4)/4)) >> 12; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/vc2enc: basic sanity check on slice_max_bytes
ffmpeg | branch: release/4.3 | Michael Niedermayer | Thu Sep 12 20:03:55 2024 +0200| [dfdb353fffa673715d9026018dc66a0a92255650] | committer: Michael Niedermayer avcodec/vc2enc: basic sanity check on slice_max_bytes Fixes: left shift of 896021632 by 3 places cannot be represented in type 'int' Fixes: 70544/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC2_fuzzer-6685593652756480 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 6df9a0292ca6c29ef3b220fbf9b257924cabf035) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=dfdb353fffa673715d9026018dc66a0a92255650 --- libavcodec/vc2enc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/vc2enc.c b/libavcodec/vc2enc.c index 2418297561..c2a5c3e122 100644 --- a/libavcodec/vc2enc.c +++ b/libavcodec/vc2enc.c @@ -986,7 +986,7 @@ static av_cold int vc2_encode_frame(AVCodecContext *avctx, AVPacket *avpkt, } s->slice_min_bytes = s->slice_max_bytes - s->slice_max_bytes*(s->tolerance/100.0f); -if (s->slice_min_bytes < 0) +if (s->slice_min_bytes < 0 || s->slice_max_bytes > INT_MAX >> 3) return AVERROR(EINVAL); ret = encode_frame(s, avpkt, frame, aux_data, header_size, s->interlaced); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/wmavoice: Do not use uninitialized pitch[0]
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Thu Aug 15 00:37:04 2024 +0200| [5a6bfec33d529d47c64b6efbcb810068cdc3470d] |
committer: Michael Niedermayer
avcodec/wmavoice: Do not use uninitialized pitch[0]
Fixes: use of uninitialized value
Fixes:
70850/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAVOICE_fuzzer-4806127362048000
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 53387079301690f1bd38b97fdf31d63194201d17)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5a6bfec33d529d47c64b6efbcb810068cdc3470d
---
libavcodec/wmavoice.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/libavcodec/wmavoice.c b/libavcodec/wmavoice.c
index f6550c6a71..dc8c818fc1 100644
--- a/libavcodec/wmavoice.c
+++ b/libavcodec/wmavoice.c
@@ -1491,6 +1491,8 @@ static int synth_frame(AVCodecContext *ctx, GetBitContext
*gb, int frame_idx,
/* Parse frame type ("frame header"), see frame_descs */
int bd_idx = s->vbm_tree[get_vlc2(gb, frame_type_vlc.table, 6, 3)],
block_nsamples;
+pitch[0] = INT_MAX;
+
if (bd_idx < 0) {
av_log(ctx, AV_LOG_ERROR,
"Invalid frame type VLC code, skipping\n");
@@ -1608,6 +1610,9 @@ static int synth_frame(AVCodecContext *ctx, GetBitContext
*gb, int frame_idx,
double i_lsps[MAX_LSPS];
float lpcs[MAX_LSPS];
+if(frame_descs[bd_idx].fcb_type >= FCB_TYPE_AW_PULSES && pitch[0] ==
INT_MAX)
+return AVERROR_INVALIDDATA;
+
for (n = 0; n < s->lsps; n++) // LSF -> LSP
i_lsps[n] = cos(0.5 * (prev_lsps[n] + lsps[n]));
ff_acelp_lspd2lpc(i_lsps, lpcs, s->lsps >> 1);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/notchlc: Check bytes left before reading
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Mon Aug 19 20:37:56 2024 +0200| [4c9978124d987d1d1f77dc5975110189b5ed4cae] |
committer: Michael Niedermayer
avcodec/notchlc: Check bytes left before reading
Fixes: Use of uninitialized value
Fixes:
71230/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_NOTCHLC_fuzzer-4624502095413248
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit b9c7f50c7de9b7d8c533eae173c9b77a6719346c)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4c9978124d987d1d1f77dc5975110189b5ed4cae
---
libavcodec/notchlc.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libavcodec/notchlc.c b/libavcodec/notchlc.c
index 05db9e4943..558de58fe1 100644
--- a/libavcodec/notchlc.c
+++ b/libavcodec/notchlc.c
@@ -92,6 +92,9 @@ static int lz4_decompress(AVCodecContext *avctx,
} while (current == 255);
}
+if (bytestream2_get_bytes_left(gb) < num_literals)
+return AVERROR_INVALIDDATA;
+
if (pos + num_literals < HISTORY_SIZE) {
bytestream2_get_buffer(gb, history + pos, num_literals);
pos += num_literals;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/wtvdec: clear sectors
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Wed Aug 7 00:18:51 2024 +0200| [3d9afae908f3a9103ffef41e8bd7876504f191d9] |
committer: Michael Niedermayer
avformat/wtvdec: clear sectors
The code can leave uninitialized holes in the array.
Fixes: use of uninitialized values
Fixes:
70883/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-6698694567591936
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross
Signed-off-by: Michael Niedermayer
(cherry picked from commit c95ea0310468e0a0906fa7d590ff7406c39d6991)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3d9afae908f3a9103ffef41e8bd7876504f191d9
---
libavformat/wtvdec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/wtvdec.c b/libavformat/wtvdec.c
index cd41ea04ed..cd0a4545af 100644
--- a/libavformat/wtvdec.c
+++ b/libavformat/wtvdec.c
@@ -182,7 +182,7 @@ static AVIOContext * wtvfile_open_sector(unsigned
first_sector, uint64_t length,
int nb_sectors1 = read_ints(s->pb, sectors1, WTV_SECTOR_SIZE / 4);
int i;
-wf->sectors = av_malloc_array(nb_sectors1, 1 << WTV_SECTOR_BITS);
+wf->sectors = av_calloc(nb_sectors1, 1 << WTV_SECTOR_BITS);
if (!wf->sectors) {
av_free(wf);
return NULL;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/mpeg: Check an avio_read() for failure
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Sun Aug 4 21:27:44 2024 +0200| [c9a2d48c2e2c7d6959d30afecf8f90241dd48a7b] |
committer: Michael Niedermayer
avformat/mpeg: Check an avio_read() for failure
Fixes: use-of-uninitialized-value
Fixes:
70849/clusterfuzz-testcase-minimized-ffmpeg_dem_MPEGPS_fuzzer-4684401009557504
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 66ee75d76ce56a3553a99d67e74b8a9970c18f5b)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c9a2d48c2e2c7d6959d30afecf8f90241dd48a7b
---
libavcodec/mvha.c | 4 ++--
libavformat/mpeg.c | 4 +++-
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/libavcodec/mvha.c b/libavcodec/mvha.c
index 9c7706aad7..caae39da97 100644
--- a/libavcodec/mvha.c
+++ b/libavcodec/mvha.c
@@ -187,8 +187,8 @@ static int decode_frame(AVCodecContext *avctx,
av_log(avctx, AV_LOG_ERROR, "Inflate error: %d\n", ret);
return AVERROR_EXTERNAL;
}
-if (zstream->avail_out > 0)
-memset(zstream->next_out, 0, zstream->avail_out);
+if (s->zstream.avail_out > 0)
+memset(s->zstream.next_out, 0, s->zstream.avail_out);
}
}
} else if (type == MKTAG('H','U','F','Y')) {
diff --git a/libavformat/mpeg.c b/libavformat/mpeg.c
index 2a0dd5f7c9..bed3777276 100644
--- a/libavformat/mpeg.c
+++ b/libavformat/mpeg.c
@@ -554,7 +554,9 @@ redo:
static const unsigned char avs_seqh[4] = { 0, 0, 1, 0xb0 };
unsigned char buf[8];
-avio_read(s->pb, buf, 8);
+ret = avio_read(s->pb, buf, 8);
+if (ret != 8)
+return AVERROR_INVALIDDATA;
avio_seek(s->pb, -8, SEEK_CUR);
if (!memcmp(buf, avs_seqh, 4) && (buf[6] != 0 || buf[7] != 1))
codec_id = AV_CODEC_ID_CAVS;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/ffv1dec: Fix end computation with ec=2
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Thu Oct 10 20:39:23 2024 +0200| [e958e49b31f25af12c2e29ce5641fbf8ca801ac7] |
committer: Michael Niedermayer
avcodec/ffv1dec: Fix end computation with ec=2
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer
(cherry picked from commit 10e5af15bf220d9da128ca12d2d474ff6ab0076e)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e958e49b31f25af12c2e29ce5641fbf8ca801ac7
---
libavcodec/ffv1dec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/ffv1dec.c b/libavcodec/ffv1dec.c
index 82a9c20853..0be1c94bb2 100644
--- a/libavcodec/ffv1dec.c
+++ b/libavcodec/ffv1dec.c
@@ -361,7 +361,7 @@ static int decode_slice(AVCodecContext *c, void *arg)
if (fs->ac != AC_GOLOMB_RICE && f->version > 2) {
int v;
get_rac(&fs->c, (uint8_t[]) { 129 });
-v = fs->c.bytestream_end - fs->c.bytestream - 2 - 5*f->ec;
+v = fs->c.bytestream_end - fs->c.bytestream - 2 - 5*!!f->ec;
if (v) {
av_log(f->avctx, AV_LOG_ERROR, "bytestream end mismatching by
%d\n", v);
fs->slice_damaged = 1;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] doc/developer: Document relationship between git accounts and MAINTAINERS
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Sat Nov 16 21:32:53 2024 +0100| [ac8fda6566d370b6207c3844d5764be7c40a4092] |
committer: Michael Niedermayer
doc/developer: Document relationship between git accounts and MAINTAINERS
This should have been documented long ago and i thought it was
Signed-off-by: Michael Niedermayer
(cherry picked from commit 7051825b0171bd5d566c5a5cc78852c5f3aa3072)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ac8fda6566d370b6207c3844d5764be7c40a4092
---
doc/developer.texi | 19 +++
1 file changed, 19 insertions(+)
diff --git a/doc/developer.texi b/doc/developer.texi
index b33cab0fc7..666be8223a 100644
--- a/doc/developer.texi
+++ b/doc/developer.texi
@@ -762,6 +762,25 @@ In case you need finer control over how valgrind is
invoked, use the
@code{--target-exec='valgrind } option in
your configure line instead.
+@anchor{Maintenance}
+@chapter Maintenance process
+
+@anchor{MAINTAINERS}
+@section MAINTAINERS
+
+The developers maintaining each part of the codebase are listed in
@file{MAINTAINERS}.
+Being listed in @file{MAINTAINERS}, gives one the right to have git write
access to
+the specific repository.
+
+@anchor{Becoming a maintainer}
+@section Becoming a maintainer
+
+People add themselves to @file{MAINTAINERS} by sending a patch like any other
code
+change. These get reviewed by the community like any other patch. It is
expected
+that, if someone has an objection to a new maintainer, she is willing to object
+in public with her full name and is willing to take over maintainership for
the area.
+
+
@anchor{Release process}
@chapter Release process
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/xan: Add basic input size check
ffmpeg | branch: release/4.3 | Michael Niedermayer | Sun Sep 22 23:15:35 2024 +0200| [3c005e89b208f2096f826af491d5ea2a52da2d92] | committer: Michael Niedermayer avcodec/xan: Add basic input size check Fixes: Timeout Fixes: 71739/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XAN_WC3_fuzzer-6170301405134848 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpe Signed-off-by: Michael Niedermayer (cherry picked from commit 56bef2fd58d0ed30dbe940083c30ada2b0404491) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3c005e89b208f2096f826af491d5ea2a52da2d92 --- libavcodec/xan.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/xan.c b/libavcodec/xan.c index 1ccf164847..c8f098d17c 100644 --- a/libavcodec/xan.c +++ b/libavcodec/xan.c @@ -614,6 +614,9 @@ static int xan_decode_frame(AVCodecContext *avctx, return AVERROR_INVALIDDATA; } +if (buf_size < 9) +return AVERROR_INVALIDDATA; + if ((ret = ff_get_buffer(avctx, frame, AV_GET_BUFFER_FLAG_REF)) < 0) return ret; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/mvdec: Check if name was fully read
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Thu Aug 15 00:37:05 2024 +0200| [d0a7da4874efc69b41423e8d86fec3e7ee9b8b14] |
committer: Michael Niedermayer
avformat/mvdec: Check if name was fully read
Fixes: use of uninitialized value
Fixes:
70901/clusterfuzz-testcase-minimized-ffmpeg_dem_MV_fuzzer-6341913949569024
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 4e39795c75e664ef06f17473adec8c75fcf9de6f)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d0a7da4874efc69b41423e8d86fec3e7ee9b8b14
---
libavformat/mvdec.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libavformat/mvdec.c b/libavformat/mvdec.c
index ab7bc5a328..aa7f1a8bca 100644
--- a/libavformat/mvdec.c
+++ b/libavformat/mvdec.c
@@ -251,7 +251,8 @@ static int read_table(AVFormatContext *avctx, AVStream *st,
if (avio_feof(pb))
return AVERROR_EOF;
-avio_read(pb, name, 16);
+if (avio_read(pb, name, 16) != 16)
+return AVERROR_INVALIDDATA;
name[sizeof(name) - 1] = 0;
size = avio_rb32(pb);
if (size < 0) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/svq3: Check for minimum size input
ffmpeg | branch: release/4.3 | Michael Niedermayer | Sun Sep 22 20:31:58 2024 +0200| [ab42cdfd0ebc97446da28dbf557dae6d0623ecb4] | committer: Michael Niedermayer avcodec/svq3: Check for minimum size input Fixes: Timeout Fixes: 71295/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SVQ3_fuzzer-441125111808 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 050b5e85cbe61414ba9b78f76a04b2488e816f42) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ab42cdfd0ebc97446da28dbf557dae6d0623ecb4 --- libavcodec/svq3.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/svq3.c b/libavcodec/svq3.c index 8a67836827..fef0202b79 100644 --- a/libavcodec/svq3.c +++ b/libavcodec/svq3.c @@ -1439,6 +1439,9 @@ static int svq3_decode_frame(AVCodecContext *avctx, void *data, if (svq3_decode_slice_header(avctx)) return -1; +if (avpkt->size < s->mb_width * s->mb_height / 8) +return AVERROR_INVALIDDATA; + s->pict_type = s->slice_type; if (s->pict_type != AV_PICTURE_TYPE_B) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/mxfdec: More offset_temp checks
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Thu Sep 12 22:29:04 2024 +0200| [99129350624ef9aaeeb024bbd87f3bc1d75f47aa] |
committer: Michael Niedermayer
avformat/mxfdec: More offset_temp checks
Fixes: signed integer overflow: 9223372036854775807 - -1927491430256034080
cannot be represented in type 'long'
Fixes:
70607/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-5282235077951488
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Tomas Härdin
Signed-off-by: Michael Niedermayer
(cherry picked from commit 5a96aa435af0d66bdec52ee115cf4dd971855fcd)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=99129350624ef9aaeeb024bbd87f3bc1d75f47aa
---
libavformat/mxfdec.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
index 91d10a27b7..4baf4913ee 100644
--- a/libavformat/mxfdec.c
+++ b/libavformat/mxfdec.c
@@ -1632,6 +1632,11 @@ static int mxf_edit_unit_absolute_offset(MXFContext
*mxf, MXFIndexTable *index_t
return mxf_absolute_bodysid_offset(mxf, index_table->body_sid,
offset_temp, offset_out, partition_out);
} else {
/* EditUnitByteCount == 0 for VBR indexes, which is fine since
they use explicit StreamOffsets */
+if (s->edit_unit_byte_count && (s->index_duration > INT64_MAX /
s->edit_unit_byte_count ||
+s->edit_unit_byte_count * s->index_duration > INT64_MAX -
offset_temp)
+)
+return AVERROR_INVALIDDATA;
+
offset_temp += s->edit_unit_byte_count * s->index_duration;
}
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/mxfdec: Fix overflow in midpoint computation
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Wed Oct 9 20:47:34 2024 +0200| [6c14d8e338aca358bb153a802b7c1b268ed5ea82] |
committer: Michael Niedermayer
avformat/mxfdec: Fix overflow in midpoint computation
Fixes: signed integer overflow: 4611686016549392399 + 9223372033098784800
cannot be represented in type 'long long'
Fixes:
368503277/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-5928227458056192
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 23088a5ff2b549fa4fc037bb9ed833fffbc89ca0)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6c14d8e338aca358bb153a802b7c1b268ed5ea82
---
libavformat/mxfdec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
index 3377351239..a506a1635a 100644
--- a/libavformat/mxfdec.c
+++ b/libavformat/mxfdec.c
@@ -3336,7 +3336,7 @@ static int mxf_get_next_track_edit_unit(MXFContext *mxf,
MXFTrack *track, int64_
a = -1;
b = track->original_duration;
while (b - 1 > a) {
-m = (a + b) >> 1;
+m = (a + (uint64_t)b) >> 1;
if (mxf_edit_unit_absolute_offset(mxf, t, m, track->edit_rate, NULL,
&offset, NULL, 0) < 0)
return -1;
if (offset < current_offset)
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] swscale/slice: clear allocated memory in alloc_lines()
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Sat Oct 19 00:08:03 2024 +0200| [9fbcecf43544a90b71719b9360065e9d66f99334] |
committer: Michael Niedermayer
swscale/slice: clear allocated memory in alloc_lines()
Fixes: use of uninitialized memory in hScale16To15_c()
Fixes:
373924007/clusterfuzz-testcase-minimized-ffmpeg_SWS_fuzzer-5841199968092160
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit aeec39f3c1be82863efe64ce95242de58e075e8f)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9fbcecf43544a90b71719b9360065e9d66f99334
---
libswscale/slice.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libswscale/slice.c b/libswscale/slice.c
index f9c413cebd..925ce55f30 100644
--- a/libswscale/slice.c
+++ b/libswscale/slice.c
@@ -59,7 +59,7 @@ static int alloc_lines(SwsSlice *s, int size, int width)
for (j = 0; j < n; ++j) {
// chroma plane line U and V are expected to be contiguous in
memory
// by mmx vertical scaler code
-s->plane[i].line[j] = av_malloc(size * 2 + 32);
+s->plane[i].line[j] = av_mallocz(size * 2 + 32);
if (!s->plane[i].line[j]) {
free_lines(s);
return AVERROR(ENOMEM);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/ilbcdec: Initialize tempbuff2
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Mon Sep 23 19:57:28 2024 +0200| [421207a390cde037ad85b78f236b23b0d2540384] |
committer: Michael Niedermayer
avcodec/ilbcdec: Initialize tempbuff2
Fixes: Use of uninitialized value
Fixes:
71350/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ILBC_fuzzer-6322020827070464
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 4482218440534804d067de00ee1a4bc493c8b41d)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=421207a390cde037ad85b78f236b23b0d2540384
---
libavcodec/ilbcdec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/ilbcdec.c b/libavcodec/ilbcdec.c
index 45f9e2cc36..81e51d105d 100644
--- a/libavcodec/ilbcdec.c
+++ b/libavcodec/ilbcdec.c
@@ -653,7 +653,7 @@ static void get_codebook(int16_t * cbvec, /* (o)
Constructed codebook vector *
int16_t k, base_size;
int16_t lag;
/* Stack based */
-int16_t tempbuff2[SUBL + 5];
+int16_t tempbuff2[SUBL + 5] = {0};
/* Determine size of codebook sections */
base_size = lMem - cbveclen + 1;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] INSTALL: explain the circular dependency issue and solution
ffmpeg | branch: release/4.3 | Michael Niedermayer | Sat Nov 2 18:23:50 2024 +0100| [334d24b539cd72e1c19db847a425772f9dd0b1a2] | committer: Michael Niedermayer INSTALL: explain the circular dependency issue and solution Sponsored-by: Sovereign Tech Fund Reviewed-by: James Almer Signed-off-by: Michael Niedermayer (cherry picked from commit df00705e0010cc2c53d17d51944f847c2c852189) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=334d24b539cd72e1c19db847a425772f9dd0b1a2 --- INSTALL.md | 8 1 file changed, 8 insertions(+) diff --git a/INSTALL.md b/INSTALL.md index 3b220bc6ff..bdf5814014 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -15,3 +15,11 @@ NOTICE -- - Non system dependencies (e.g. libx264, libvpx) are disabled by default. + +NOTICE for Package Maintainers +-- + + - It is recommended to build FFmpeg twice, first with minimal external dependencies so + that 3rd party packages, which depend on FFmpegs libavutil/libavfilter/libavcodec/libavformat + can then be built. And last build FFmpeg with full dependancies (which may in turn depend on + some of these 3rd party packages). This avoids circular dependencies during build. ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/ffv1enc: Prevent generation of files with broken slices
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Tue Oct 1 22:06:40 2024 +0200| [a24784d504ae623f11a2e0a3c6542068fd12ccbe] |
committer: Michael Niedermayer
avcodec/ffv1enc: Prevent generation of files with broken slices
Fixes: Ticket5548
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer
(cherry picked from commit b7ff66a35804275b25c1176cad560540785e8750)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a24784d504ae623f11a2e0a3c6542068fd12ccbe
---
libavcodec/ffv1.c| 7 +++
libavcodec/ffv1.h| 1 +
libavcodec/ffv1enc.c | 4
3 files changed, 12 insertions(+)
diff --git a/libavcodec/ffv1.c b/libavcodec/ffv1.c
index 5b52849400..af2fccb9b2 100644
--- a/libavcodec/ffv1.c
+++ b/libavcodec/ffv1.c
@@ -113,6 +113,13 @@ av_cold int ff_ffv1_init_slices_state(FFV1Context *f)
return 0;
}
+int ff_need_new_slices(int width, int num_h_slices, int chroma_shift) {
+int mpw = 1num_v_slices;
diff --git a/libavcodec/ffv1.h b/libavcodec/ffv1.h
index 147fe7ae16..cddf170a6b 100644
--- a/libavcodec/ffv1.h
+++ b/libavcodec/ffv1.h
@@ -146,6 +146,7 @@ int ff_ffv1_init_slice_contexts(FFV1Context *f);
int ff_ffv1_allocate_initial_states(FFV1Context *f);
void ff_ffv1_clear_slice_state(FFV1Context *f, FFV1Context *fs);
int ff_ffv1_close(AVCodecContext *avctx);
+int ff_need_new_slices(int width, int num_h_slices, int chroma_shift);
static av_always_inline int fold(int diff, int bits)
{
diff --git a/libavcodec/ffv1enc.c b/libavcodec/ffv1enc.c
index 77240352f4..a489ce0dc0 100644
--- a/libavcodec/ffv1enc.c
+++ b/libavcodec/ffv1enc.c
@@ -892,6 +892,10 @@ FF_ENABLE_DEPRECATION_WARNINGS
continue;
if (maxw * maxh * (int64_t)(s->bits_per_raw_sample+1) *
plane_count > 8<<24)
continue;
+if (s->version < 4)
+if ( ff_need_new_slices(avctx->width , s->num_h_slices,
s->chroma_h_shift)
+||ff_need_new_slices(avctx->height, s->num_v_slices,
s->chroma_v_shift))
+continue;
if (avctx->slices == s->num_h_slices * s->num_v_slices &&
avctx->slices <= MAX_SLICES || !avctx->slices)
goto slices_ok;
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/ffv1enc: Correct error message about unsupported version
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Tue Oct 1 22:04:58 2024 +0200| [736791b4e2e7ed19dd93068d51843ab3eccc7c69] |
committer: Michael Niedermayer
avcodec/ffv1enc: Correct error message about unsupported version
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer
(cherry picked from commit 556c767786e9e3c072f7666d60a68a31a3400438)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=736791b4e2e7ed19dd93068d51843ab3eccc7c69
---
libavcodec/ffv1enc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/ffv1enc.c b/libavcodec/ffv1enc.c
index 92e2322cc8..77240352f4 100644
--- a/libavcodec/ffv1enc.c
+++ b/libavcodec/ffv1enc.c
@@ -555,7 +555,7 @@ static av_cold int encode_init(AVCodecContext *avctx)
s->version = FFMAX(s->version, 3);
if ((s->version == 2 || s->version>3) && avctx->strict_std_compliance >
FF_COMPLIANCE_EXPERIMENTAL) {
-av_log(avctx, AV_LOG_ERROR, "Version 2 needed for requested features
but version 2 is experimental and not enabled\n");
+av_log(avctx, AV_LOG_ERROR, "Version 2 or 4 needed for requested
features but version 2 or 4 is experimental and not enabled\n");
return AVERROR_INVALIDDATA;
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/mxfdec: Check timecode for overflow
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Thu Sep 12 22:05:24 2024 +0200| [8bc1b2ee5d0606dce96bae0cf84b728320a15386] |
committer: Michael Niedermayer
avformat/mxfdec: Check timecode for overflow
Fixes: signed integer overflow: 9223372036840103968 + 538976288 cannot be
represented in type 'long'
Fixes:
70604/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-4844090340999168
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 6be3786c828edfd60d810c98a42a43eeac4f050c)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8bc1b2ee5d0606dce96bae0cf84b728320a15386
---
libavformat/mxfdec.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
index 4baf4913ee..3377351239 100644
--- a/libavformat/mxfdec.c
+++ b/libavformat/mxfdec.c
@@ -2133,6 +2133,9 @@ static int mxf_parse_physical_source_package(MXFContext
*mxf, MXFTrack *source_t
physical_track->edit_rate,
source_track->edit_rate);
+if (av_sat_add64(start_position, mxf_tc->start_frame) !=
start_position + (uint64_t)mxf_tc->start_frame)
+return AVERROR_INVALIDDATA;
+
if (av_timecode_init(&tc, mxf_tc->rate, flags, start_position
+ mxf_tc->start_frame, mxf->fc) == 0) {
mxf_add_timecode_metadata(&st->metadata, "timecode", &tc);
return 0;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/matroskadec: Check desc_bytes so bits fit in 64bit
ffmpeg | branch: release/4.3 | Michael Niedermayer | Sun Jul 28 22:08:23 2024 +0200| [71885a72b66b03baec2824df06b86fa5a1c472d8] | committer: Michael Niedermayer avformat/matroskadec: Check desc_bytes so bits fit in 64bit Likely a tighter check can be done Fixes: signed integer overflow: 3305606804154370442 * 8 cannot be represented in type 'long' Fixes: 70449/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-4771166007918592 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit c4122406f6d2726aea833480a2a8e345833dd881) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=71885a72b66b03baec2824df06b86fa5a1c472d8 --- libavformat/matroskadec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index 5e461c0d68..a42f8e34d1 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -4079,7 +4079,7 @@ static int64_t webm_dash_manifest_compute_bandwidth(AVFormatContext *s, int64_t int64_t desc_bytes = desc_end.end_offset - desc_beg.start_offset; int64_t desc_ns = desc_end.end_time_ns - desc_beg.start_time_ns; double desc_sec, calc_bits_per_second, percent, mod_bits_per_second; -if (desc_bytes <= 0) +if (desc_bytes <= 0 || desc_bytes > INT64_MAX/8) return -1; desc_sec = desc_ns / nano_seconds_per_second; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/hapdec: Clear tex buffer
ffmpeg | branch: release/4.3 | Michael Niedermayer | Sun Aug 11 23:15:32 2024 +0200| [ef2e5030a9f1b2ba17fc252f8e5bdd1595f5e2cf] | committer: Michael Niedermayer avcodec/hapdec: Clear tex buffer The code following makes no attempt to initialize all of the buffer Fixes: use of uninitialized value Fixes: 70980/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HAP_fuzzer-5329909059223552 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 7eeeda703b599847aa89c7c08bb433d0b3da9590) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ef2e5030a9f1b2ba17fc252f8e5bdd1595f5e2cf --- libavcodec/hapdec.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/hapdec.c b/libavcodec/hapdec.c index 692bb6e750..0f9d7fb6c4 100644 --- a/libavcodec/hapdec.c +++ b/libavcodec/hapdec.c @@ -372,6 +372,7 @@ static int hap_decode(AVCodecContext *avctx, void *data, ret = av_reallocp(&ctx->tex_buf, ctx->tex_size); if (ret < 0) return ret; +memset(ctx->tex_buf, 0, ctx->tex_size); avctx->execute2(avctx, decompress_chunks_thread, NULL, ctx->chunk_results, ctx->chunk_count); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avfilter/vf_addroi: Add missing NULL termination to addroi_var_names[]()
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Sun Jan 5 02:36:25 2025 +0100| [afc97bddb6fb5b332f5ec25ebe981f24ea856644] |
committer: Michael Niedermayer
avfilter/vf_addroi: Add missing NULL termination to addroi_var_names[]()
Fixes: out of array read
Found-by: Elias Myllymäki
Reviewed-by: Alexander Strasser
Signed-off-by: Michael Niedermayer
(cherry picked from commit b72de492959fb19eab37368232e65a4371c367f7)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=afc97bddb6fb5b332f5ec25ebe981f24ea856644
---
libavfilter/vf_addroi.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/libavfilter/vf_addroi.c b/libavfilter/vf_addroi.c
index 489998ce73..e9a5e0d530 100644
--- a/libavfilter/vf_addroi.c
+++ b/libavfilter/vf_addroi.c
@@ -38,6 +38,7 @@ enum {
static const char *const addroi_var_names[] = {
"iw",
"ih",
+NULL,
};
typedef struct AddROIContext {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] swscale/output: Fix undefined overflow in yuv2rgba64_full_X_c_template()
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Sun Dec 1 03:25:09 2024 +0100| [dda63e60a09de0902f93286d19ab45f544fcc98f] |
committer: Michael Niedermayer
swscale/output: Fix undefined overflow in yuv2rgba64_full_X_c_template()
Fixes: signed integer overflow: -1082982400 + -1195645138 cannot be represented
in type 'int'
Fixes:
376136843/clusterfuzz-testcase-minimized-ffmpeg_SWS_fuzzer-4791844321427456
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 56faee21c136942c491f30a2e82cfbbfce180beb)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=dda63e60a09de0902f93286d19ab45f544fcc98f
---
libswscale/output.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/libswscale/output.c b/libswscale/output.c
index ff9cc02f40..3cb00b4c99 100644
--- a/libswscale/output.c
+++ b/libswscale/output.c
@@ -1290,9 +1290,9 @@ yuv2rgba64_full_X_c_template(SwsContext *c, const int16_t
*lumFilter,
B =U * c->yuv2rgb_u2b_coeff;
// 8bit: 30 - 22 = 8bit, 16bit: 30bit - 14 = 16bit
-output_pixel(&dest[0], av_clip_uintp2(((R_B + Y)>>14) + (1<<15), 16));
-output_pixel(&dest[1], av_clip_uintp2((( G + Y)>>14) + (1<<15), 16));
-output_pixel(&dest[2], av_clip_uintp2(((B_R + Y)>>14) + (1<<15), 16));
+output_pixel(&dest[0], av_clip_uintp2(((int)(R_B + (unsigned)Y)>>14) +
(1<<15), 16));
+output_pixel(&dest[1], av_clip_uintp2(((int)( G + (unsigned)Y)>>14) +
(1<<15), 16));
+output_pixel(&dest[2], av_clip_uintp2(((int)(B_R + (unsigned)Y)>>14) +
(1<<15), 16));
if (eightbytes) {
output_pixel(&dest[3], av_clip_uintp2(A, 30) >> 14);
dest += 4;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/mlvdec: fix size checks
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Fri Feb 7 02:33:21 2025 +0100| [e134cf57980489e175fec58b7d0d94290015cf9a] |
committer: Michael Niedermayer
avformat/mlvdec: fix size checks
Fixes: heap-buffer-overflow
Fixes:
391962476/clusterfuzz-testcase-minimized-ffmpeg_dem_MLV_fuzzer-5746746587676672
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 251d43aef0df9262f2688c1c848af993bbb67d08)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e134cf57980489e175fec58b7d0d94290015cf9a
---
libavformat/mlvdec.c | 14 ++
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/libavformat/mlvdec.c b/libavformat/mlvdec.c
index a7716b0d66..645ce55e6c 100644
--- a/libavformat/mlvdec.c
+++ b/libavformat/mlvdec.c
@@ -429,19 +429,25 @@ static int read_packet(AVFormatContext *avctx, AVPacket
*pkt)
if (size < 16)
return AVERROR_INVALIDDATA;
avio_skip(pb, 12); //timestamp, frameNumber
-if (st->codecpar->codec_type == AVMEDIA_TYPE_VIDEO)
+size -= 12;
+if (st->codecpar->codec_type == AVMEDIA_TYPE_VIDEO) {
+if (size < 8)
+return AVERROR_INVALIDDATA;
avio_skip(pb, 8); // cropPosX, cropPosY, panPosX, panPosY
+size -= 8;
+}
space = avio_rl32(pb);
+if (size < space + 4LL)
+return AVERROR_INVALIDDATA;
avio_skip(pb, space);
+size -= space;
if ((mlv->class[st->id] & (MLV_CLASS_FLAG_DELTA|MLV_CLASS_FLAG_LZMA))) {
ret = AVERROR_PATCHWELCOME;
} else if (st->codecpar->codec_type == AVMEDIA_TYPE_VIDEO) {
ret = av_get_packet(pb, pkt, (st->codecpar->width *
st->codecpar->height * st->codecpar->bits_per_coded_sample + 7) >> 3);
} else { // AVMEDIA_TYPE_AUDIO
-if (space > UINT_MAX - 24 || size < (24 + space))
-return AVERROR_INVALIDDATA;
-ret = av_get_packet(pb, pkt, size - (24 + space));
+ret = av_get_packet(pb, pkt, size - 4);
}
if (ret < 0)
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/mxfdec: Check edit unit for overflow in mxf_set_current_edit_unit()
ffmpeg | branch: release/4.3 | Michael Niedermayer | Wed Feb 5 03:47:52 2025 +0100| [3c61273c8f5c1c0d99b88666e05c08ce7983cf0b] | committer: Michael Niedermayer avformat/mxfdec: Check edit unit for overflow in mxf_set_current_edit_unit() Fixes: signed integer overflow: 9223372036854775807 + 1 cannot be represented in type 'long' Fixes: 392672068/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-6232335892152320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Tomas Härdin Signed-off-by: Michael Niedermayer (cherry picked from commit 8a6ad9eab2f1c37a18c2f30e6660260edd7c0c16) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3c61273c8f5c1c0d99b88666e05c08ce7983cf0b --- libavformat/mxfdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c index 403053cdf7..68221d9dad 100644 --- a/libavformat/mxfdec.c +++ b/libavformat/mxfdec.c @@ -3391,7 +3391,7 @@ static int64_t mxf_set_current_edit_unit(MXFContext *mxf, AVStream *st, int64_t int64_t new_edit_unit; MXFIndexTable *t = mxf_find_index_table(mxf, track->index_sid); -if (!t || track->wrapping == UnknownWrapped) +if (!t || track->wrapping == UnknownWrapped || edit_unit > INT64_MAX - track->edit_units_per_packet) return -1; if (mxf_edit_unit_absolute_offset(mxf, t, edit_unit + track->edit_units_per_packet, track->edit_rate, NULL, &next_ofs, NULL, 0) < 0 && ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/huffyuvdec: Initialize whole output for decode_gray_bitstream()
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Sat Nov 30 01:48:22 2024 +0100| [d2c9b0438828f9a4b1ce394b845148688344d99b] |
committer: Michael Niedermayer
avcodec/huffyuvdec: Initialize whole output for decode_gray_bitstream()
Fixes: use of uninitialized memory
Fixes:
375286238/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HYMT_fuzzer-6352546854141952
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit ef71552cf970876085d99834abdb8e429aea9730)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d2c9b0438828f9a4b1ce394b845148688344d99b
---
libavcodec/huffyuvdec.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavcodec/huffyuvdec.c b/libavcodec/huffyuvdec.c
index 1cc4abe406..2b1a9c53b1 100644
--- a/libavcodec/huffyuvdec.c
+++ b/libavcodec/huffyuvdec.c
@@ -738,6 +738,8 @@ static void decode_gray_bitstream(HYuvContext *s, int count)
for (i = 0; i < count && BITS_LEFT(re, &s->gb) > 0; i++) {
READ_2PIX(s->temp[0][2 * i], s->temp[0][2 * i + 1], 0);
}
+for (; i < count; i++)
+s->temp[0][2 * i] = s->temp[0][2 * i + 1] = 0;
} else {
for (i = 0; i < count; i++) {
READ_2PIX(s->temp[0][2 * i], s->temp[0][2 * i + 1], 0);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/dxa: check bpc
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Sat Oct 19 01:15:53 2024 +0200| [3ce439f5fe7978b8288703b973815ae5810907fa] |
committer: Michael Niedermayer
avformat/dxa: check bpc
Fixes: integer overflow: -2147483648 - 1 cannot be represented in type 'int'
Fixes:
373971762/clusterfuzz-testcase-minimized-ffmpeg_dem_DXA_fuzzer-4880491112103936
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 7e020f21413269418180eea7933a94ecb6bf2ef8)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3ce439f5fe7978b8288703b973815ae5810907fa
---
libavformat/dxa.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavformat/dxa.c b/libavformat/dxa.c
index e815f8a540..831ba7a501 100644
--- a/libavformat/dxa.c
+++ b/libavformat/dxa.c
@@ -119,6 +119,8 @@ static int dxa_read_header(AVFormatContext *s)
avio_skip(pb, fsize);
}
c->bpc = (fsize + (int64_t)c->frames - 1) / c->frames;
+if (c->bpc < 0)
+return AVERROR_INVALIDDATA;
if(ast->codecpar->block_align) {
if (c->bpc > INT_MAX - ast->codecpar->block_align + 1)
return AVERROR_INVALIDDATA;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/rpl: Fix check for negative values
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Mon Nov 18 04:09:11 2024 +0100| [efe13fd99c2d055bfd6e58c5bb525e7707bee6c7] |
committer: Michael Niedermayer
avformat/rpl: Fix check for negative values
Fixes: signed integer overflow: 10 * -192326792533340 cannot be represented
in type 'int64_t' (aka 'long')
Fixes:
378891963/clusterfuzz-testcase-minimized-fuzzer_loadfile_direct-5714338935013376
Found-by: ossfuzz
Reported-by: Kacper Michajlow
Signed-off-by: Michael Niedermayer
(cherry picked from commit eab65379bf89c55d8ec4bc6f00e04f15b37d3d85)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=efe13fd99c2d055bfd6e58c5bb525e7707bee6c7
---
libavformat/rpl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/rpl.c b/libavformat/rpl.c
index ac82940b7a..5f1eaa2957 100644
--- a/libavformat/rpl.c
+++ b/libavformat/rpl.c
@@ -101,7 +101,7 @@ static AVRational read_fps(const char* line, int* error)
line++;
for (; *line>='0' && *line<='9'; line++) {
// Truncate any numerator too large to fit into an int64_t
-if (num > (INT64_MAX - 9) / 10 || den > INT64_MAX / 10)
+if (num > (INT64_MAX - 9) / 10ULL || den > INT64_MAX / 10ULL)
break;
num = 10 * num + (*line - '0');
den *= 10;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avfilter/af_pan: Fix sscanf() use
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Mon Jan 6 22:01:39 2025 +0100| [72c82bbb9fcaaab80bdd5142a7308323f490a13c] |
committer: Michael Niedermayer
avfilter/af_pan: Fix sscanf() use
Fixes: Memory Data Leak
Found-by: Simcha Kosman
Signed-off-by: Michael Niedermayer
(cherry picked from commit b5b6391d64807578ab872dc58fb8aa621dcfc38a)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=72c82bbb9fcaaab80bdd5142a7308323f490a13c
---
libavfilter/af_pan.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavfilter/af_pan.c b/libavfilter/af_pan.c
index b74854afcf..5377c1e625 100644
--- a/libavfilter/af_pan.c
+++ b/libavfilter/af_pan.c
@@ -186,7 +186,7 @@ static av_cold int init(AVFilterContext *ctx)
sign = 1;
while (1) {
gain = 1;
-if (sscanf(arg, "%lf%n *%n", &gain, &len, &len))
+if (sscanf(arg, "%lf%n *%n", &gain, &len, &len) >= 1)
arg += len;
if (parse_channel_name(&arg, &in_ch_id, &named)){
av_log(ctx, AV_LOG_ERROR,
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/mpegvideo_enc: Check FLV1 resolution limits
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Wed Jan 8 02:59:28 2025 +0100| [43b8852feba98ac668c217d331857706f5174396] |
committer: Michael Niedermayer
avcodec/mpegvideo_enc: Check FLV1 resolution limits
Found-by: Elias Myllymäki
Reviewed-by: Alexander Strasser
Signed-off-by: Michael Niedermayer
(cherry picked from commit 827c073154f4cc17d1bd3777dff3b58370210bcb)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=43b8852feba98ac668c217d331857706f5174396
---
libavcodec/mpegvideo_enc.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/libavcodec/mpegvideo_enc.c b/libavcodec/mpegvideo_enc.c
index d42f2db862..b5c3f6f612 100644
--- a/libavcodec/mpegvideo_enc.c
+++ b/libavcodec/mpegvideo_enc.c
@@ -562,6 +562,12 @@ FF_ENABLE_DEPRECATION_WARNINGS
av_log(avctx, AV_LOG_ERROR, "H.263 does not support resolutions above
2048x1152\n");
return AVERROR(EINVAL);
}
+if (s->codec_id == AV_CODEC_ID_FLV1 &&
+(avctx->width > 65535 ||
+ avctx->height > 65535 )) {
+av_log(avctx, AV_LOG_ERROR, "FLV does not support resolutions above
16bit\n");
+return AVERROR(EINVAL);
+}
if ((s->codec_id == AV_CODEC_ID_H263 ||
s->codec_id == AV_CODEC_ID_H263P) &&
((avctx->width &3) ||
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avutil/avstring: dont mess with NULL pointers in av_match_list()
ffmpeg | branch: release/4.3 | Michael Niedermayer | Wed Jan 15 03:30:21 2025 +0100| [1ca62c17185e3f09b96412f9b9a4b7a79c5bed5a] | committer: Michael Niedermayer avutil/avstring: dont mess with NULL pointers in av_match_list() Fixes: applying zero offset to null pointer Signed-off-by: Michael Niedermayer (cherry picked from commit c6c54943d161812b3c4034116cb14f3f5c05dc43) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1ca62c17185e3f09b96412f9b9a4b7a79c5bed5a --- libavutil/avstring.c | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libavutil/avstring.c b/libavutil/avstring.c index f4b8ed2b45..1bc428cebd 100644 --- a/libavutil/avstring.c +++ b/libavutil/avstring.c @@ -457,10 +457,12 @@ int av_match_list(const char *name, const char *list, char separator) if (k && (!p[k] || p[k] == separator)) return 1; q = strchr(q, separator); -q += !!q; +if(q) +q++; } p = strchr(p, separator); -p += !!p; +if (p) +p++; } return 0; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/mlvdec: Check avio_read()
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Wed Dec 25 05:13:02 2024 +0100| [1c4667297c080004a7b511eefb4571f88828dba9] |
committer: Michael Niedermayer
avformat/mlvdec: Check avio_read()
Fixes: use-of-uninitialized-value
Fixes:
383170476/clusterfuzz-testcase-minimized-ffmpeg_dem_MLV_fuzzer-4696002884337664
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross
Signed-off-by: Michael Niedermayer
(cherry picked from commit bb85423142103d694d97bad1967bd3dc55440e71)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1c4667297c080004a7b511eefb4571f88828dba9
---
libavformat/mlvdec.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/libavformat/mlvdec.c b/libavformat/mlvdec.c
index f08aabf4e0..a7716b0d66 100644
--- a/libavformat/mlvdec.c
+++ b/libavformat/mlvdec.c
@@ -82,13 +82,15 @@ static int check_file_header(AVIOContext *pb, uint64_t guid)
static void read_string(AVFormatContext *avctx, AVIOContext *pb, const char
*tag, unsigned size)
{
char * value = av_malloc(size + 1);
+int ret;
+
if (!value) {
avio_skip(pb, size);
return;
}
-avio_read(pb, value, size);
-if (!value[0]) {
+ret = avio_read(pb, value, size);
+if (ret != size || !value[0]) {
av_free(value);
return;
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/ipmovie: Check signature_buffer read
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Thu Dec 26 03:07:51 2024 +0100| [08d94cbe2b45b86d249c93e942dc7e2ab0f5a437] |
committer: Michael Niedermayer
avformat/ipmovie: Check signature_buffer read
Fixes: use of uninitilaized data
Fixes:
385167047/clusterfuzz-testcase-minimized-ffmpeg_dem_IPMOVIE_fuzzer-5941477505564672
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 788abe0d253b2034af15876d7889265d4746df2b)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=08d94cbe2b45b86d249c93e942dc7e2ab0f5a437
---
libavformat/ipmovie.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libavformat/ipmovie.c b/libavformat/ipmovie.c
index 137c857700..76cfef7c7b 100644
--- a/libavformat/ipmovie.c
+++ b/libavformat/ipmovie.c
@@ -639,7 +639,8 @@ static int ipmovie_read_header(AVFormatContext *s)
ipmovie->avf = s;
-avio_read(pb, signature_buffer, sizeof(signature_buffer));
+if (avio_read(pb, signature_buffer, sizeof(signature_buffer)) !=
sizeof(signature_buffer))
+return AVERROR_INVALIDDATA;
while (memcmp(signature_buffer, signature, sizeof(signature))) {
memmove(signature_buffer, signature_buffer + 1,
sizeof(signature_buffer) - 1);
signature_buffer[sizeof(signature_buffer) - 1] = avio_r8(pb);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avfilter/vf_xfade_opencl: Check ff_inlink_consume_frame() for failure
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Fri Jul 12 00:28:14 2024 +0200| [418c7e221dd415b4e76cdec83383dad6e768300c] |
committer: Michael Niedermayer
avfilter/vf_xfade_opencl: Check ff_inlink_consume_frame() for failure
Fixes: CID1458127 Unchecked return value
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer
(cherry picked from commit 43b62b7e0c85c0a1038ac2bc90ae06597e3ef706)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=418c7e221dd415b4e76cdec83383dad6e768300c
---
libavfilter/vf_xfade_opencl.c | 14 +++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/libavfilter/vf_xfade_opencl.c b/libavfilter/vf_xfade_opencl.c
index 4736043147..12221c9081 100644
--- a/libavfilter/vf_xfade_opencl.c
+++ b/libavfilter/vf_xfade_opencl.c
@@ -294,7 +294,9 @@ static int xfade_opencl_activate(AVFilterContext *avctx)
if (ctx->first_pts + ctx->offset_pts > ctx->xf[0]->pts) {
ctx->xf[0] = NULL;
ctx->need_second = 0;
-ff_inlink_consume_frame(avctx->inputs[0], &in);
+ret = ff_inlink_consume_frame(avctx->inputs[0], &in);
+if (ret < 0)
+return ret;
return ff_filter_frame(outlink, in);
}
@@ -303,8 +305,14 @@ static int xfade_opencl_activate(AVFilterContext *avctx)
}
if (ctx->xf[0] && ff_inlink_queued_frames(avctx->inputs[1]) > 0) {
-ff_inlink_consume_frame(avctx->inputs[0], &ctx->xf[0]);
-ff_inlink_consume_frame(avctx->inputs[1], &ctx->xf[1]);
+ret = ff_inlink_consume_frame(avctx->inputs[0], &ctx->xf[0]);
+if (ret < 0)
+return ret;
+ret = ff_inlink_consume_frame(avctx->inputs[1], &ctx->xf[1]);
+if (ret < 0) {
+av_frame_free(&ctx->xf[0]);
+return ret;
+}
ctx->last_pts = ctx->xf[1]->pts;
ctx->pts = ctx->xf[0]->pts;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avfilter/vf_v360: Assert that vf was initialized
ffmpeg | branch: release/4.3 | Michael Niedermayer | Thu Jul 11 00:10:45 2024 +0200| [072d22d40272dc558cb8687f54032cc419492cd2] | committer: Michael Niedermayer avfilter/vf_v360: Assert that vf was initialized Maybe helps: CID1504571 Uninitialized scalar variable Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer (cherry picked from commit f802d65de0fe419563705a6846a73b77b020ef14) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=072d22d40272dc558cb8687f54032cc419492cd2 --- libavfilter/vf_v360.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavfilter/vf_v360.c b/libavfilter/vf_v360.c index e9457d9400..4ace071e9d 100644 --- a/libavfilter/vf_v360.c +++ b/libavfilter/vf_v360.c @@ -3392,6 +3392,8 @@ static int barrelsplit_to_xyz(const V360Context *s, l_y = 0.5f; l_z = (-0.5f + vf) / scaleh; break; +default: +av_assert0(0); } } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avfilter/vf_tonemap_opencl: Dereference after NULL check
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Wed Jul 10 23:47:46 2024 +0200| [156ed79d284f3b8d110c44562ccd997a2f375d40] |
committer: Michael Niedermayer
avfilter/vf_tonemap_opencl: Dereference after NULL check
Fixes: CID1437472 Dereference before null check
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer
(cherry picked from commit e5c0f56ca09b4cb4ea87a61547218f9c818b52d7)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=156ed79d284f3b8d110c44562ccd997a2f375d40
---
libavfilter/vf_tonemap_opencl.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavfilter/vf_tonemap_opencl.c b/libavfilter/vf_tonemap_opencl.c
index b880228727..6feb61f56e 100644
--- a/libavfilter/vf_tonemap_opencl.c
+++ b/libavfilter/vf_tonemap_opencl.c
@@ -345,8 +345,7 @@ static int tonemap_opencl_filter_frame(AVFilterLink
*inlink, AVFrame *input)
int err;
double peak = ctx->peak;
-AVHWFramesContext *input_frames_ctx =
-(AVHWFramesContext*)input->hw_frames_ctx->data;
+AVHWFramesContext *input_frames_ctx;
av_log(ctx, AV_LOG_DEBUG, "Filter input: %s, %ux%u (%"PRId64").\n",
av_get_pix_fmt_name(input->format),
@@ -354,6 +353,7 @@ static int tonemap_opencl_filter_frame(AVFilterLink
*inlink, AVFrame *input)
if (!input->hw_frames_ctx)
return AVERROR(EINVAL);
+input_frames_ctx = (AVHWFramesContext*)input->hw_frames_ctx->data;
output = ff_get_video_buffer(outlink, outlink->w, outlink->h);
if (!output) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avfilter/vf_xfade: Compute w2, h2 with float
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Thu Jul 11 00:17:39 2024 +0200| [a24f1e1f7a78719cba2c80ac107652f32088638d] |
committer: Michael Niedermayer
avfilter/vf_xfade: Compute w2, h2 with float
Fixes: CID1458148 Result is not floating-point
Fixes: CID1458149 Result is not floating-point
Fixes: CID1458150 Result is not floating-point
Fixes: CID1458151 Result is not floating-point
Fixes: CID1458152 Result is not floating-point
Fixes: CID1458154 Result is not floating-point
Fixes: CID1458155 Result is not floating-point
Fixes: CID1458156 Result is not floating-point
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer
(cherry picked from commit b98125e5a52c2f96dc02380f8f7e3bb16752765b)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a24f1e1f7a78719cba2c80ac107652f32088638d
---
libavfilter/vf_xfade.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/libavfilter/vf_xfade.c b/libavfilter/vf_xfade.c
index 1b5ebef9ed..a0a1369531 100644
--- a/libavfilter/vf_xfade.c
+++ b/libavfilter/vf_xfade.c
@@ -899,7 +899,7 @@ static void vertopen##name##_transition(AVFilterContext
*ctx,
{
\
XFadeContext *s = ctx->priv;
\
const int width = out->width;
\
-const float w2 = out->width / 2;
\
+const float w2 = out->width / 2.0;
\
\
for (int y = slice_start; y < slice_end; y++) {
\
for (int x = 0; x < width; x++) {
\
@@ -926,7 +926,7 @@ static void vertclose##name##_transition(AVFilterContext
*ctx,
{
\
XFadeContext *s = ctx->priv;
\
const int width = out->width;
\
-const float w2 = out->width / 2;
\
+const float w2 = out->width / 2.0;
\
\
for (int y = slice_start; y < slice_end; y++) {
\
for (int x = 0; x < width; x++) {
\
@@ -953,7 +953,7 @@ static void horzopen##name##_transition(AVFilterContext
*ctx,
{
\
XFadeContext *s = ctx->priv;
\
const int width = out->width;
\
-const float h2 = out->height / 2;
\
+const float h2 = out->height / 2.0;
\
\
for (int y = slice_start; y < slice_end; y++) {
\
const float smooth = 2.f - fabsf((y - h2) / h2) - progress * 2.f;
\
@@ -980,7 +980,7 @@ static void horzclose##name##_transition(AVFilterContext
*ctx,
{
\
XFadeContext *s = ctx->priv;
\
const int width = out->width;
\
-const float h2 = out->height / 2;
\
+const float h2 = out->height / 2.0;
\
\
for (int y = slice_start; y < slice_end; y++) {
\
const float smooth = 1.f + fabsf((y - h2) / h2) - progress * 2.f;
\
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/wtvdec: Check length of read mpeg2_descriptor
ffmpeg | branch: release/4.3 | Michael Niedermayer | Wed Aug 7 00:18:53 2024 +0200| [aea5aadc201aa0989a670b446f413f452279f9e6] | committer: Michael Niedermayer avformat/wtvdec: Check length of read mpeg2_descriptor Fixes: Use of uninitialized value Fixes: 70900/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-6286909377150976 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Peter Ross Signed-off-by: Michael Niedermayer (cherry picked from commit c390234da2e3c7a8884f5592f0b9b4928c482b3e) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=aea5aadc201aa0989a670b446f413f452279f9e6 --- libavformat/wtvdec.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/wtvdec.c b/libavformat/wtvdec.c index cd0a4545af..23cfcda570 100644 --- a/libavformat/wtvdec.c +++ b/libavformat/wtvdec.c @@ -862,7 +862,8 @@ static int parse_chunks(AVFormatContext *s, int mode, int64_t seekts, int *len_p } buf_size = FFMIN(len - consumed, sizeof(buf)); -avio_read(pb, buf, buf_size); +if (avio_read(pb, buf, buf_size) != buf_size) +return AVERROR_INVALIDDATA; consumed += buf_size; ff_parse_mpeg2_descriptor(s, st, 0, &pbuf, buf + buf_size, NULL, 0, 0, NULL); } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avfilter/bwdif: account for chroma sub-sampling in min size calculation
ffmpeg | branch: release/4.3 | Cosmin Stejerean | Wed Dec 6
18:39:32 2023 +0800| [23afb77b8ed5fd368c26292e927531b6470ff040] | committer:
Michael Niedermayer
avfilter/bwdif: account for chroma sub-sampling in min size calculation
The current logic for detecting frames that are too small for the
algorithm does not account for chroma sub-sampling, and so a sample
where the luma plane is large enough, but the chroma planes are not
will not be rejected. In that event, a heap overflow will occur.
This change adjusts the logic to consider the chroma planes and makes
the change to all three bwdif implementations.
Fixes #10688
Signed-off-by: Cosmin Stejerean
Reviewed-by: Thomas Mundt
Signed-off-by: Philip Langdale
(cherry picked from commit 737ede405b11a37fdd61d19cf25df296a0cb0b75)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=23afb77b8ed5fd368c26292e927531b6470ff040
---
libavfilter/vf_bwdif.c | 9 +
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/libavfilter/vf_bwdif.c b/libavfilter/vf_bwdif.c
index b6aed7a450..e4b4ec79b0 100644
--- a/libavfilter/vf_bwdif.c
+++ b/libavfilter/vf_bwdif.c
@@ -343,13 +343,14 @@ static int config_props(AVFilterLink *link)
if(yadif->mode&1)
link->frame_rate = av_mul_q(link->src->inputs[0]->frame_rate,
(AVRational){2,1});
-if (link->w < 3 || link->h < 4) {
-av_log(ctx, AV_LOG_ERROR, "Video of less than 3 columns or 4 lines is
not supported\n");
+yadif->csp = av_pix_fmt_desc_get(link->format);
+yadif->filter = filter;
+
+if (AV_CEIL_RSHIFT(link->w, yadif->csp->log2_chroma_w) < 3 ||
AV_CEIL_RSHIFT(link->h, yadif->csp->log2_chroma_h) < 4) {
+av_log(ctx, AV_LOG_ERROR, "Video with planes less than 3 columns or 4
lines is not supported\n");
return AVERROR(EINVAL);
}
-yadif->csp = av_pix_fmt_desc_get(link->format);
-yadif->filter = filter;
if (yadif->csp->comp[0].depth > 8) {
s->filter_intra = filter_intra_16bit;
s->filter_line = filter_line_c_16bit;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/h263dec: Check against previous dimensions instead of coded
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Thu Jan 30 02:28:32 2025 +0100| [fb358672d9b510cd2852037114f58f7049b9f5f9] |
committer: Michael Niedermayer
avcodec/h263dec: Check against previous dimensions instead of coded
Fixes: out of array access
Fixes: crash-a41ef3db699013f669b076f02f36942925f5a98c
Found-by: Kacper Michajlow
Reviewed-by: Kacper Michajlow
Signed-off-by: Michael Niedermayer
(cherry picked from commit 0fe33c99a26a06a6875c4abfb96362a65145264b)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fb358672d9b510cd2852037114f58f7049b9f5f9
---
libavcodec/h263dec.c | 14 ++
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/libavcodec/h263dec.c b/libavcodec/h263dec.c
index c7a5379d3b..9b10fb382d 100644
--- a/libavcodec/h263dec.c
+++ b/libavcodec/h263dec.c
@@ -426,7 +426,9 @@ int ff_h263_decode_frame(AVCodecContext *avctx, void *data,
int *got_frame,
MpegEncContext *s = avctx->priv_data;
int ret;
int slice_ret = 0;
+
AVFrame *pict = data;
+int bak_width, bak_height;
/* no supplementary picture */
if (buf_size == 0) {
@@ -490,6 +492,9 @@ retry:
// we need the idct permutation for reading a custom matrix
ff_mpv_idct_init(s);
+bak_width = s->width;
+bak_height = s->height;
+
/* let's go :-) */
if (CONFIG_WMV2_DECODER && s->msmpeg4_version == 5) {
ret = ff_wmv2_decode_picture_header(s);
@@ -512,11 +517,12 @@ retry:
}
if (ret < 0 || ret == FRAME_SKIPPED) {
-if ( s->width != avctx->coded_width
-|| s->height != avctx->coded_height) {
+if ( s->width != bak_width
+|| s->height != bak_height) {
av_log(s->avctx, AV_LOG_WARNING, "Reverting picture dimensions
change due to header decoding failure\n");
-s->width = avctx->coded_width;
-s->height= avctx->coded_height;
+s->width = bak_width;
+s->height= bak_height;
+
}
}
if (ret == FRAME_SKIPPED)
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] libavformat/hls: Be more restrictive on mpegts extensions
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Tue Jan 28 23:07:54 2025 +0100| [ffbb1058b77887114bc5a03edb3338b31d22c377] |
committer: Michael Niedermayer
libavformat/hls: Be more restrictive on mpegts extensions
Signed-off-by: Michael Niedermayer
(cherry picked from commit 0113e30806b205111344e266bc69ff9657a3ca02)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ffbb1058b77887114bc5a03edb3338b31d22c377
---
libavformat/hls.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/libavformat/hls.c b/libavformat/hls.c
index 203b086990..c1261a0662 100644
--- a/libavformat/hls.c
+++ b/libavformat/hls.c
@@ -739,8 +739,10 @@ static int test_segment(AVFormatContext *s, const
AVInputFormat *in_fmt, struct
matchF |= av_match_ext(seg->url, "ts")
+ 2*(ff_match_url_ext(seg->url, "ts") > 0);
}
-} else if (!strcmp(in_fmt->name, "mpegts"))
-matchF = 3;
+} else if (!strcmp(in_fmt->name, "mpegts")) {
+matchF = av_match_ext(seg->url,
"ts,m2t,m2ts,mts,mpg,m4s,mpeg,mpegts")
+ + 2*(ff_match_url_ext(seg->url,
"ts,m2t,m2ts,mts,mpg,m4s,mpeg,mpegts") > 0);
+}
if (!(matchA & matchF)) {
av_log(s, AV_LOG_ERROR, "detected format %s extension %s
mismatches allowed extensions in url %s\n", in_fmt->name, in_fmt->extensions ?
in_fmt->extensions : "none", seg->url);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/mxfdec: Check avio_read() success in mxf_decrypt_triplet()
ffmpeg | branch: release/4.3 | Michael Niedermayer | Mon Sep 23 20:05:37 2024 +0200| [e91a7c9ca6658c04f7b5d243cefbf6b3232c] | committer: Michael Niedermayer avformat/mxfdec: Check avio_read() success in mxf_decrypt_triplet() Fixes: Use of uninitialized memory Fixes: 71444/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-5448597561212928 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 6ecc96f4d08d74b0590ab03f39f93f386910c4c0) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e91a7c9ca6658c04f7b5d243cefbf6b3232c --- libavformat/mxfdec.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c index a731ef71ba..403053cdf7 100644 --- a/libavformat/mxfdec.c +++ b/libavformat/mxfdec.c @@ -612,7 +612,8 @@ static int mxf_decrypt_triplet(AVFormatContext *s, AVPacket *pkt, KLVPacket *klv if (size < 32 || size - 32 < orig_size || (int)orig_size != orig_size) return AVERROR_INVALIDDATA; avio_read(pb, ivec, 16); -avio_read(pb, tmpbuf, 16); +if (avio_read(pb, tmpbuf, 16) != 16) +return AVERROR_INVALIDDATA; if (mxf->aesc) av_aes_crypt(mxf->aesc, tmpbuf, tmpbuf, 1, ivec, 1); if (memcmp(tmpbuf, checkv, 16)) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/cbs_vp9: Initialize VP9RawSuperframeIndex
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Wed Jan 1 05:03:08 2025 +0100| [2f8015878121ef5b2f90c791377de70ee5bc69f3] |
committer: Michael Niedermayer
avcodec/cbs_vp9: Initialize VP9RawSuperframeIndex
Fixes: use-of-uninitialized-value
Fixes:
70907/clusterfuzz-testcase-minimized-ffmpeg_BSF_VP9_METADATA_fuzzer-6339363208757248
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit e81d410242ea604c4f667da4a415836c1575d72f)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2f8015878121ef5b2f90c791377de70ee5bc69f3
---
libavcodec/cbs_vp9.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/cbs_vp9.c b/libavcodec/cbs_vp9.c
index eef603bfb2..e6300a4843 100644
--- a/libavcodec/cbs_vp9.c
+++ b/libavcodec/cbs_vp9.c
@@ -422,7 +422,7 @@ static int cbs_vp9_split_fragment(CodedBitstreamContext
*ctx,
superframe_header = frag->data[frag->data_size - 1];
if ((superframe_header & 0xe0) == 0xc0) {
-VP9RawSuperframeIndex sfi;
+VP9RawSuperframeIndex sfi = {0};
GetBitContext gbc;
size_t index_size, pos;
int i;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/hls: Print input format in error message
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Tue Jan 28 12:51:58 2025 +0100| [486e46719e2ce8899b1d6c9d7acf9bab5470f05e] |
committer: Michael Niedermayer
avformat/hls: Print input format in error message
Signed-off-by: Michael Niedermayer
(cherry picked from commit d8455331302c72cde2f0b72f255004a91189dd93)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=486e46719e2ce8899b1d6c9d7acf9bab5470f05e
---
libavformat/hls.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/hls.c b/libavformat/hls.c
index e94c4f9ae3..5057f4867e 100644
--- a/libavformat/hls.c
+++ b/libavformat/hls.c
@@ -739,7 +739,7 @@ static int test_segment(AVFormatContext *s, const
AVInputFormat *in_fmt, struct
matchF = 3;
if (!(matchA & matchF)) {
-av_log(s, AV_LOG_ERROR, "detected format extension %s mismatches
allowed extensions in url %s\n", in_fmt->extensions ? in_fmt->extensions :
"none", seg->url);
+av_log(s, AV_LOG_ERROR, "detected format %s extension %s
mismatches allowed extensions in url %s\n", in_fmt->name, in_fmt->extensions ?
in_fmt->extensions : "none", seg->url);
return AVERROR_INVALIDDATA;
}
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/vividas: Check avio_read() for failure
ffmpeg | branch: release/4.3 | Michael Niedermayer | Sun Nov 3 20:54:29 2024 +0100| [33a45199aa5f8f96641e25f4eb0f6ac2049ef99f] | committer: Michael Niedermayer avformat/vividas: Check avio_read() for failure Fixes: use of uninitialized value (untested) Fixes: 42537627/clusterfuzz-testcase-minimized-fuzzer_loadfile_direct-5505802505355264 Found-by: ossfuzz Reported-by: Kacper Michajlow Signed-off-by: Michael Niedermayer (cherry picked from commit 96d45c3b212689f82bff2530c3637405df9e9369) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=33a45199aa5f8f96641e25f4eb0f6ac2049ef99f --- libavformat/vividas.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/vividas.c b/libavformat/vividas.c index 74d92aae77..1dfaaa7af6 100644 --- a/libavformat/vividas.c +++ b/libavformat/vividas.c @@ -561,7 +561,8 @@ static int viv_read_header(AVFormatContext *s) v = avio_r8(pb); avio_seek(pb, v, SEEK_CUR); -avio_read(pb, keybuffer, 187); +if (avio_read(pb, keybuffer, 187) != 187) +return AVERROR_INVALIDDATA; key = decode_key(keybuffer); viv->sb_key = key; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/iff: Check that we have a stream in read_dst_frame()
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Sun Feb 9 01:28:17 2025 +0100| [80ebfdb7ca88219d4e3cea146140cafc91052bb1] |
committer: Michael Niedermayer
avformat/iff: Check that we have a stream in read_dst_frame()
Fixes: null pointer dereference
Fixes:
385644864/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-4551049565765632
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross
Signed-off-by: Michael Niedermayer
(cherry picked from commit 8668957ef604bd2b99175310638bc5031ae0d991)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=80ebfdb7ca88219d4e3cea146140cafc91052bb1
---
libavformat/iff.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libavformat/iff.c b/libavformat/iff.c
index caa0ef882b..4a46b4b393 100644
--- a/libavformat/iff.c
+++ b/libavformat/iff.c
@@ -359,6 +359,9 @@ static int read_dst_frame(AVFormatContext *s, AVPacket *pkt)
uint64_t chunk_pos, data_pos, data_size;
int ret = AVERROR_EOF;
+if (s->nb_streams < 1)
+return AVERROR_INVALIDDATA;
+
while (!avio_feof(pb)) {
chunk_pos = avio_tell(pb);
if (chunk_pos >= iff->body_end)
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/vqf: Propagate errors from add_metadata()
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Tue Dec 31 04:13:25 2024 +0100| [3a12fc4309a1b2b2618e82378ef4b09ba473e775] |
committer: Michael Niedermayer
avformat/vqf: Propagate errors from add_metadata()
Suggested-by: Marton Balint
Reviewed-by: Alexander Strasser
Signed-off-by: Michael Niedermayer
(cherry picked from commit 49fa3f6c5ba6d43cc4b3ade4f8d9dc2fdbc71f0a)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3a12fc4309a1b2b2618e82378ef4b09ba473e775
---
libavformat/vqf.c | 21 ++---
1 file changed, 14 insertions(+), 7 deletions(-)
diff --git a/libavformat/vqf.c b/libavformat/vqf.c
index bb0ff85285..48942a2822 100644
--- a/libavformat/vqf.c
+++ b/libavformat/vqf.c
@@ -49,23 +49,28 @@ static int vqf_probe(const AVProbeData *probe_packet)
return AVPROBE_SCORE_EXTENSION;
}
-static void add_metadata(AVFormatContext *s, uint32_t tag,
+static int add_metadata(AVFormatContext *s, uint32_t tag,
unsigned int tag_len, unsigned int remaining)
{
int len = FFMIN(tag_len, remaining);
char *buf, key[5] = {0};
+int ret;
if (len == UINT_MAX)
-return;
+return AVERROR_INVALIDDATA;
buf = av_malloc(len+1);
if (!buf)
-return;
-if (len != avio_read(s->pb, buf, len))
-return;
+return AVERROR(ENOMEM);
+
+ret = avio_read(s->pb, buf, len);
+if (ret < 0)
+return ret;
+if (len != ret)
+return AVERROR_INVALIDDATA;
buf[len] = 0;
AV_WL32(key, tag);
-av_dict_set(&s->metadata, key, buf, AV_DICT_DONT_STRDUP_VAL);
+return av_dict_set(&s->metadata, key, buf, AV_DICT_DONT_STRDUP_VAL);
}
static const AVMetadataConv vqf_metadata_conv[] = {
@@ -163,7 +168,9 @@ static int vqf_read_header(AVFormatContext *s)
avio_skip(s->pb, FFMIN(len, header_size));
break;
default:
-add_metadata(s, chunk_tag, len, header_size);
+ret = add_metadata(s, chunk_tag, len, header_size);
+if (ret < 0)
+return ret;
break;
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/rangecoder: only perform renorm check/loop for callers that need it
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Wed Oct 16 14:39:20 2024 +0200| [d1ea5ab8248c6091dcb0b01764fe7ab5c98f2feb] |
committer: Michael Niedermayer
avcodec/rangecoder: only perform renorm check/loop for callers that need it
Signed-off-by: Michael Niedermayer
(cherry picked from commit d147b3d7ecba2bd40cb45284f920238da97a95ee)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d1ea5ab8248c6091dcb0b01764fe7ab5c98f2feb
---
libavcodec/rangecoder.h | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/libavcodec/rangecoder.h b/libavcodec/rangecoder.h
index 4d4ca4d526..b6f56b5737 100644
--- a/libavcodec/rangecoder.h
+++ b/libavcodec/rangecoder.h
@@ -71,7 +71,6 @@ void ff_build_rac_states(RangeCoder *c, int factor, int
max_p);
static inline void renorm_encoder(RangeCoder *c)
{
// FIXME: optimize
-while (c->range < 0x100) {
if (c->outstanding_byte < 0) {
c->outstanding_byte = c->low >> 8;
} else if (c->low <= 0xFF00) {
@@ -90,7 +89,6 @@ static inline void renorm_encoder(RangeCoder *c)
c->low = (c->low & 0xFF) << 8;
c->range <<= 8;
-}
}
static inline int get_rac_count(RangeCoder *c)
@@ -117,7 +115,8 @@ static inline void put_rac(RangeCoder *c, uint8_t *const
state, int bit)
*state = c->one_state[*state];
}
-renorm_encoder(c);
+while (c->range < 0x100)
+renorm_encoder(c);
}
static inline void refill(RangeCoder *c)
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/segafilm: Set keyframe
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Tue Aug 6 18:02:58 2024 +0200| [0e4eaa307f4ab0b575f6a96c60c2675f0b0b8ce1] |
committer: Michael Niedermayer
avformat/segafilm: Set keyframe
Fixes: use of uninitialized value
Fixes:
70871/clusterfuzz-testcase-minimized-ffmpeg_dem_SEGAFILM_fuzzer-5883617752973312
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 4dc7dfe65aaa21801a907c66592b92b05da921dc)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0e4eaa307f4ab0b575f6a96c60c2675f0b0b8ce1
---
libavformat/segafilm.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/libavformat/segafilm.c b/libavformat/segafilm.c
index 01422bdee6..b4f9af68da 100644
--- a/libavformat/segafilm.c
+++ b/libavformat/segafilm.c
@@ -239,6 +239,7 @@ static int film_read_header(AVFormatContext *s)
else if (film->audio_type != AV_CODEC_ID_NONE)
audio_frame_counter += (film->sample_table[i].sample_size /
(film->audio_channels * film->audio_bits / 8));
+film->sample_table[i].keyframe = 1;
} else {
film->sample_table[i].stream = film->video_stream_index;
film->sample_table[i].pts = AV_RB32(&scratch[8]) & 0x7FFF;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] swscale/output: Fix undefined integer overflow in yuv2rgba64_2_c_template()
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Thu Sep 12 22:51:53 2024 +0200| [795cec23b24759c63f413ee6777fe239a89803b2] |
committer: Michael Niedermayer
swscale/output: Fix undefined integer overflow in yuv2rgba64_2_c_template()
Fixes: signed integer overflow: -1082982400 + -1083218484 cannot be represented
in type 'int'
Fixes: 70657/clusterfuzz-testcase-minimized-ffmpeg_SWS_fuzzer-6707819712675840
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit bd80c97391969f9dbb312d6c498211ad85bb67cb)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=795cec23b24759c63f413ee6777fe239a89803b2
---
libswscale/output.c | 22 +++---
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/libswscale/output.c b/libswscale/output.c
index 94200fa26c..125f1d184e 100644
--- a/libswscale/output.c
+++ b/libswscale/output.c
@@ -1090,8 +1090,8 @@ yuv2rgba64_2_c_template(SwsContext *c, const int32_t
*buf[2],
av_assert2(uvalpha <= 4096U);
for (i = 0; i < ((dstW + 1) >> 1); i++) {
-int Y1 = (buf0[i * 2] * yalpha1 + buf1[i * 2] * yalpha) >> 14;
-int Y2 = (buf0[i * 2 + 1] * yalpha1 + buf1[i * 2 + 1] * yalpha) >> 14;
+unsigned Y1 = (buf0[i * 2] * yalpha1 + buf1[i * 2] * yalpha)
>> 14;
+unsigned Y2 = (buf0[i * 2 + 1] * yalpha1 + buf1[i * 2 + 1] * yalpha)
>> 14;
int U = (ubuf0[i]* uvalpha1 + ubuf1[i]* uvalpha -
(128 << 23)) >> 14;
int V = (vbuf0[i]* uvalpha1 + vbuf1[i]* uvalpha -
(128 << 23)) >> 14;
int R, G, B;
@@ -1115,20 +1115,20 @@ yuv2rgba64_2_c_template(SwsContext *c, const int32_t
*buf[2],
A2 += 1 << 13;
}
-output_pixel(&dest[0], av_clip_uintp2(((R_B + Y1) >> 14) + (1<<15),
16));
-output_pixel(&dest[1], av_clip_uintp2((( G + Y1) >> 14) + (1<<15),
16));
-output_pixel(&dest[2], av_clip_uintp2(((B_R + Y1) >> 14) + (1<<15),
16));
+output_pixel(&dest[0], av_clip_uintp2(((int)(R_B + Y1) >> 14) +
(1<<15), 16));
+output_pixel(&dest[1], av_clip_uintp2(((int)( G + Y1) >> 14) +
(1<<15), 16));
+output_pixel(&dest[2], av_clip_uintp2(((int)(B_R + Y1) >> 14) +
(1<<15), 16));
if (eightbytes) {
output_pixel(&dest[3], av_clip_uintp2(A1 , 30) >> 14);
-output_pixel(&dest[4], av_clip_uintp2(((R_B + Y2) >> 14) +
(1<<15), 16));
-output_pixel(&dest[5], av_clip_uintp2((( G + Y2) >> 14) +
(1<<15), 16));
-output_pixel(&dest[6], av_clip_uintp2(((B_R + Y2) >> 14) +
(1<<15), 16));
+output_pixel(&dest[4], av_clip_uintp2(((int)(R_B + Y2) >> 14) +
(1<<15), 16));
+output_pixel(&dest[5], av_clip_uintp2(((int)( G + Y2) >> 14) +
(1<<15), 16));
+output_pixel(&dest[6], av_clip_uintp2(((int)(B_R + Y2) >> 14) +
(1<<15), 16));
output_pixel(&dest[7], av_clip_uintp2(A2 , 30) >> 14);
dest += 8;
} else {
-output_pixel(&dest[3], av_clip_uintp2(((R_B + Y2) >> 14) +
(1<<15), 16));
-output_pixel(&dest[4], av_clip_uintp2((( G + Y2) >> 14) +
(1<<15), 16));
-output_pixel(&dest[5], av_clip_uintp2(((B_R + Y2) >> 14) +
(1<<15), 16));
+output_pixel(&dest[3], av_clip_uintp2(((int)(R_B + Y2) >> 14) +
(1<<15), 16));
+output_pixel(&dest[4], av_clip_uintp2(((int)( G + Y2) >> 14) +
(1<<15), 16));
+output_pixel(&dest[5], av_clip_uintp2(((int)(B_R + Y2) >> 14) +
(1<<15), 16));
dest += 6;
}
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/dashdec: Check whitelist
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Thu Jan 16 00:22:05 2025 +0100| [9e7278e832693613f4edb9a8371064cf869ad84a] |
committer: Michael Niedermayer
avformat/dashdec: Check whitelist
Fixes: CVE-2023-6602, V. DASH Playlist SSRF
Found-by: Harvey Phillips of Amazon Element55 (element55)
Signed-off-by: Michael Niedermayer
(cherry picked from commit 4c96d6bf75357ab13808efc9f08c1b41b1bf5bdf)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9e7278e832693613f4edb9a8371064cf869ad84a
---
libavformat/dashdec.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavformat/dashdec.c b/libavformat/dashdec.c
index a8a3b76987..23888bad63 100644
--- a/libavformat/dashdec.c
+++ b/libavformat/dashdec.c
@@ -439,7 +439,7 @@ static int open_url(AVFormatContext *s, AVIOContext **pb,
const char *url,
av_freep(pb);
av_dict_copy(&tmp, *opts, 0);
av_dict_copy(&tmp, opts2, 0);
-ret = avio_open2(pb, url, AVIO_FLAG_READ, c->interrupt_callback, &tmp);
+ret = ffio_open_whitelist(pb, url, AVIO_FLAG_READ, c->interrupt_callback,
&tmp, s->protocol_whitelist, s->protocol_blacklist);
if (ret >= 0) {
// update cookies on http response with setcookies.
char *new_cookies = NULL;
@@ -1217,7 +1217,7 @@ static int parse_manifest(AVFormatContext *s, const char
*url, AVIOContext *in)
close_in = 1;
av_dict_copy(&opts, c->avio_opts, 0);
-ret = avio_open2(&in, url, AVIO_FLAG_READ, c->interrupt_callback,
&opts);
+ret = ffio_open_whitelist(&in, url, AVIO_FLAG_READ,
c->interrupt_callback, &opts, s->protocol_whitelist, s->protocol_blacklist);
av_dict_free(&opts);
if (ret < 0)
return ret;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/apetag: Check APETAGEX
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Mon Aug 19 17:02:12 2024 +0200| [c84b6937038f963ba7821b721070be44c55128e0] |
committer: Michael Niedermayer
avformat/apetag: Check APETAGEX
Fixes: Use of uninitialized value
Fixes:
71074/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5697034877730816
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 796ff2d599449ed798b69ab798ebcbcc0a5853f5)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c84b6937038f963ba7821b721070be44c55128e0
---
libavformat/apetag.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libavformat/apetag.c b/libavformat/apetag.c
index 454c6c688b..a7dfe45df1 100644
--- a/libavformat/apetag.c
+++ b/libavformat/apetag.c
@@ -129,7 +129,8 @@ int64_t ff_ape_parse_tag(AVFormatContext *s)
avio_seek(pb, file_size - APE_TAG_FOOTER_BYTES, SEEK_SET);
-avio_read(pb, buf, 8); /* APETAGEX */
+if(avio_read(pb, buf, 8) != 8) /* APETAGEX */
+return 0;
if (strncmp(buf, APE_TAG_PREAMBLE, 8)) {
return 0;
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] swscale/output: used unsigned for bit accumulation
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Wed Oct 9 20:39:07 2024 +0200| [9bef02015e05acea0b18600fbbb619fadf2b788d] |
committer: Michael Niedermayer
swscale/output: used unsigned for bit accumulation
Fixes: Integer overflow
Fixes:
368725672/clusterfuzz-testcase-minimized-ffmpeg_SWS_fuzzer-5009093023563776
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 3fe3014405494503a03c2e6eff4743db91a21c00)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9bef02015e05acea0b18600fbbb619fadf2b788d
---
libswscale/output.c | 9 +
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/libswscale/output.c b/libswscale/output.c
index 125f1d184e..ff9cc02f40 100644
--- a/libswscale/output.c
+++ b/libswscale/output.c
@@ -609,7 +609,7 @@ yuv2mono_2_c_template(SwsContext *c, const int16_t *buf[2],
if (c->dither == SWS_DITHER_ED) {
int err = 0;
-int acc = 0;
+unsigned acc = 0;
for (i = 0; i < dstW; i +=2) {
int Y;
@@ -631,7 +631,8 @@ yuv2mono_2_c_template(SwsContext *c, const int16_t *buf[2],
c->dither_error[0][i] = err;
} else {
for (i = 0; i < dstW; i += 8) {
-int Y, acc = 0;
+int Y;
+unsigned acc = 0;
Y = (buf0[i + 0] * yalpha1 + buf1[i + 0] * yalpha) >> 19;
accumulate_bit(acc, Y + d128[0]);
@@ -666,7 +667,7 @@ yuv2mono_1_c_template(SwsContext *c, const int16_t *buf0,
if (c->dither == SWS_DITHER_ED) {
int err = 0;
-int acc = 0;
+unsigned acc = 0;
for (i = 0; i < dstW; i +=2) {
int Y;
@@ -688,7 +689,7 @@ yuv2mono_1_c_template(SwsContext *c, const int16_t *buf0,
c->dither_error[0][i] = err;
} else {
for (i = 0; i < dstW; i += 8) {
-int acc = 0;
+unsigned acc = 0;
accumulate_bit(acc, ((buf0[i + 0] + 64) >> 7) + d128[0]);
accumulate_bit(acc, ((buf0[i + 1] + 64) >> 7) + d128[1]);
accumulate_bit(acc, ((buf0[i + 2] + 64) >> 7) + d128[2]);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/ffv1enc: Fix >8bit context size
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Tue Sep 24 23:43:09 2024 +0200| [95b2b8393d8e08068fe36efc1b723625ac463dba] |
committer: Michael Niedermayer
avcodec/ffv1enc: Fix >8bit context size
Fixes: Ticket5405
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer
(cherry picked from commit a9c83e43f2fc9128e20851291b0270add1a6b95f)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=95b2b8393d8e08068fe36efc1b723625ac463dba
---
libavcodec/ffv1enc.c | 18 ++
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/libavcodec/ffv1enc.c b/libavcodec/ffv1enc.c
index 611b250e96..7c91be057a 100644
--- a/libavcodec/ffv1enc.c
+++ b/libavcodec/ffv1enc.c
@@ -735,19 +735,21 @@ FF_ENABLE_DEPRECATION_WARNINGS
s->quant_tables[1][2][i]= 11*11*quant5 [i];
s->quant_tables[1][3][i]= 5*11*11*quant5 [i];
s->quant_tables[1][4][i]= 5*5*11*11*quant5 [i];
+s->context_count[0] = (11 * 11 * 11+ 1) / 2;
+s->context_count[1] = (11 * 11 * 5 * 5 * 5 + 1) / 2;
} else {
s->quant_tables[0][0][i]= quant9_10bit[i];
-s->quant_tables[0][1][i]=11*quant9_10bit[i];
-s->quant_tables[0][2][i]= 11*11*quant9_10bit[i];
+s->quant_tables[0][1][i]= 9*quant9_10bit[i];
+s->quant_tables[0][2][i]= 9*9*quant9_10bit[i];
s->quant_tables[1][0][i]= quant9_10bit[i];
-s->quant_tables[1][1][i]=11*quant9_10bit[i];
-s->quant_tables[1][2][i]= 11*11*quant5_10bit[i];
-s->quant_tables[1][3][i]= 5*11*11*quant5_10bit[i];
-s->quant_tables[1][4][i]= 5*5*11*11*quant5_10bit[i];
+s->quant_tables[1][1][i]= 9*quant9_10bit[i];
+s->quant_tables[1][2][i]= 9*9*quant5_10bit[i];
+s->quant_tables[1][3][i]= 5*9*9*quant5_10bit[i];
+s->quant_tables[1][4][i]= 5*5*9*9*quant5_10bit[i];
+s->context_count[0] = (9 * 9 * 9 + 1) / 2;
+s->context_count[1] = (9 * 9 * 5 * 5 * 5 + 1) / 2;
}
}
-s->context_count[0] = (11 * 11 * 11+ 1) / 2;
-s->context_count[1] = (11 * 11 * 5 * 5 * 5 + 1) / 2;
memcpy(s->quant_table, s->quant_tables[s->context_model],
sizeof(s->quant_table));
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/ilbc: Check avio_read() for failure
ffmpeg | branch: release/4.3 | Michael Niedermayer | Sun Nov 3 20:47:07 2024 +0100| [503a3e4c38dde3e58c3cb1c5ddee5a315ffa9b58] | committer: Michael Niedermayer avformat/ilbc: Check avio_read() for failure Fixes: use of uninitialized value Fixes: 42537627/clusterfuzz-testcase-minimized-fuzzer_protocol_memory-6656646223298560-cut Found-by: ossfuzz Reported-by: Kacper Michajlow Signed-off-by: Michael Niedermayer (cherry picked from commit e30d957a9bacf7f7307c640aa0bd1e70cb3bbe7e) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=503a3e4c38dde3e58c3cb1c5ddee5a315ffa9b58 --- libavformat/ilbc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/ilbc.c b/libavformat/ilbc.c index 188c0f091a..723fd926bc 100644 --- a/libavformat/ilbc.c +++ b/libavformat/ilbc.c @@ -68,7 +68,8 @@ static int ilbc_read_header(AVFormatContext *s) AVStream *st; uint8_t header[9]; -avio_read(pb, header, 9); +if (avio_read(pb, header, 9) != 9) +return AVERROR_INVALIDDATA; st = avformat_new_stream(s, NULL); if (!st) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat: add ff_match_url_ext()
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Mon May 15 00:54:50 2023 +0200| [7acd31d09a78e43107094784f2cbea93deda1144] |
committer: Michael Niedermayer
avformat: add ff_match_url_ext()
Match url against a list of extensions similar to av_match_ext()
Signed-off-by: Michael Niedermayer
(cherry picked from commit a7b06bfc5d20b12ff0122702c09517cf359fbb66)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7acd31d09a78e43107094784f2cbea93deda1144
---
libavformat/format.c | 25 +
libavformat/internal.h | 9 +
2 files changed, 34 insertions(+)
diff --git a/libavformat/format.c b/libavformat/format.c
index 109aa4c92e..ed46773cca 100644
--- a/libavformat/format.c
+++ b/libavformat/format.c
@@ -48,6 +48,31 @@ int av_match_ext(const char *filename, const char
*extensions)
return 0;
}
+int ff_match_url_ext(const char *url, const char *extensions)
+{
+const char *ext;
+URLComponents uc;
+int ret;
+char scratchpad[128];
+
+if (!url)
+return 0;
+
+ret = ff_url_decompose(&uc, url, NULL);
+if (ret < 0 || !URL_COMPONENT_HAVE(uc, scheme))
+return ret;
+for (ext = uc.query; *ext != '.' && ext > uc.path; ext--)
+;
+
+if (*ext != '.')
+return 0;
+if (uc.query - ext > sizeof(scratchpad))
+return AVERROR(ENOMEM); //not enough memory in our scratchpad
+av_strlcpy(scratchpad, ext + 1, FFMIN(sizeof(scratchpad), uc.query - ext));
+
+return av_match_name(scratchpad, extensions);
+}
+
ff_const59 AVOutputFormat *av_guess_format(const char *short_name, const char
*filename,
const char *mime_type)
{
diff --git a/libavformat/internal.h b/libavformat/internal.h
index 17a6ab07d3..9929ce8de0 100644
--- a/libavformat/internal.h
+++ b/libavformat/internal.h
@@ -730,6 +730,15 @@ int ff_unlock_avformat(void);
*/
void ff_format_set_url(AVFormatContext *s, char *url);
+/**
+ * Return a positive value if the given url has one of the given
+ * extensions, negative AVERROR on error, 0 otherwise.
+ *
+ * @param urlurl to check against the given extensions
+ * @param extensions a comma-separated list of filename extensions
+ */
+int ff_match_url_ext(const char *url, const char *extensions);
+
#define FF_PACKETLIST_FLAG_REF_PACKET (1 << 0) /**< Create a new reference for
the packet instead of
transferring the ownership
of the existing one to the
list. */
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/webp: Check ref_x/y
ffmpeg | branch: release/4.3 | Michael Niedermayer | Fri Aug 16 16:00:01 2024 +0200| [daa0d94cf9965f4137d2e3c0492c62849888f806] | committer: Michael Niedermayer avcodec/webp: Check ref_x/y Fixes: 70991/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WEBP_fuzzer-5544067620995072 Fixes: use of uninintailized value Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 7c1e732ad2e240af5afe9ffea443c91bb233aa65) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=daa0d94cf9965f4137d2e3c0492c62849888f806 --- libavcodec/webp.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/webp.c b/libavcodec/webp.c index ae16b85f46..3a9cedd47f 100644 --- a/libavcodec/webp.c +++ b/libavcodec/webp.c @@ -739,6 +739,9 @@ static int decode_entropy_coded_image(WebPContext *s, enum ImageRole role, ref_x = FFMAX(0, ref_x); ref_y = FFMAX(0, ref_y); +if (ref_y == y && ref_x >= x) +return AVERROR_INVALIDDATA; + /* copy pixels * source and dest regions can overlap and wrap lines, so just * copy per-pixel */ ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/rmdec: check that buf if completely filled
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Fri Aug 16 14:47:42 2024 +0200| [a8ea6f8465b4acd5febcf7bced15ee363f639a2a] |
committer: Michael Niedermayer
avformat/rmdec: check that buf if completely filled
Fixes: use of uninitialized value
Fixes:
70988/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-5298245077630976
Signed-off-by: Michael Niedermayer
(cherry picked from commit 9578c135d00dd9cc01491b8559d7fad5a387e90d)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a8ea6f8465b4acd5febcf7bced15ee363f639a2a
---
libavformat/rmdec.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c
index d66ee15040..c64accb956 100644
--- a/libavformat/rmdec.c
+++ b/libavformat/rmdec.c
@@ -189,7 +189,8 @@ static int rm_read_audio_stream_info(AVFormatContext *s,
AVIOContext *pb,
st->codecpar->channels = avio_rb16(pb);
if (version == 5) {
ast->deint_id = avio_rl32(pb);
-avio_read(pb, buf, 4);
+if (avio_read(pb, buf, 4) != 4)
+return AVERROR_INVALIDDATA;
buf[4] = 0;
} else {
AV_WL32(buf, 0);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/hls: Fix twitter
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Thu Feb 6 13:09:08 2025 +0100| [5a020f869076b771f694ea6a1a2b8cb0806fe55d] |
committer: Michael Niedermayer
avformat/hls: Fix twitter
Allow mp4 with all mpegts extensions
Fixes: Ticket11435
Reviewed-by: Steven Liu
Signed-off-by: Michael Niedermayer
(cherry picked from commit cef3422b4819e3b6f07086625fa7890eaa8d45e7)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5a020f869076b771f694ea6a1a2b8cb0806fe55d
---
libavformat/hls.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavformat/hls.c b/libavformat/hls.c
index c1261a0662..90a7a191d8 100644
--- a/libavformat/hls.c
+++ b/libavformat/hls.c
@@ -736,8 +736,8 @@ static int test_segment(AVFormatContext *s, const
AVInputFormat *in_fmt, struct
matchF = av_match_ext(seg->url, in_fmt->extensions)
+ 2*(ff_match_url_ext(seg->url, in_fmt->extensions) > 0);
if(av_match_name("mp4", in_fmt->name)) {
-matchF |= av_match_ext(seg->url, "ts")
- + 2*(ff_match_url_ext(seg->url, "ts") > 0);
+matchF |= av_match_ext(seg->url,
"ts,m2t,m2ts,mts,mpg,m4s,mpeg,mpegts")
+ + 2*(ff_match_url_ext(seg->url,
"ts,m2t,m2ts,mts,mpg,m4s,mpeg,mpegts") > 0);
}
} else if (!strcmp(in_fmt->name, "mpegts")) {
matchF = av_match_ext(seg->url,
"ts,m2t,m2ts,mts,mpg,m4s,mpeg,mpegts")
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/icodec: fix integer overflow with nb_pal
ffmpeg | branch: release/4.3 | Michael Niedermayer | Sun Nov 3 11:07:27 2024 +0100| [d8778cbccdea918c7b151d784322d64e8bf8a7f2] | committer: Michael Niedermayer avformat/icodec: fix integer overflow with nb_pal Fixes: runtime error: signed integer overflow Fixes: 42536949/clusterfuzz-testcase-minimized-fuzzer_loadfile-6199846684393472 Found-by: ossfuzz Reported-by: Kacper Michajlow Tested-by: Kacper Michajlow Reviewed-by: Peter Ross Signed-off-by: Michael Niedermayer (cherry picked from commit 84569b6c22cb4eda9c682aabeb5f658112126780) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d8778cbccdea918c7b151d784322d64e8bf8a7f2 --- libavformat/icodec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/icodec.c b/libavformat/icodec.c index b321ad6007..128a495948 100644 --- a/libavformat/icodec.c +++ b/libavformat/icodec.c @@ -203,7 +203,7 @@ static int read_packet(AVFormatContext *s, AVPacket *pkt) AV_WL32(buf + 32, image->nb_pal); } -if (image->nb_pal > INT_MAX / 4 - 14 - 40) +if (image->nb_pal > INT_MAX / 4 - 14 - 40U) return AVERROR_INVALIDDATA; AV_WL32(buf - 4, 14 + 40 + image->nb_pal * 4); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/aacsbr_template: Clear n_q on error
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Sun Dec 1 22:27:18 2024 +0100| [34eb233f072a91597445928da04478552eb6490a] |
committer: Michael Niedermayer
avcodec/aacsbr_template: Clear n_q on error
Fixes: index 5 out of bounds for type 'uint8_t [5]'
Fixes:
377748135/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_LATM_fuzzer-5167109774049280
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 3f029bfb7f9ca1c73fecb8d0eacf3c4e0550f771)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=34eb233f072a91597445928da04478552eb6490a
---
libavcodec/aacsbr_template.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/libavcodec/aacsbr_template.c b/libavcodec/aacsbr_template.c
index 821615f2ab..d9ee4efe6e 100644
--- a/libavcodec/aacsbr_template.c
+++ b/libavcodec/aacsbr_template.c
@@ -592,6 +592,7 @@ static int sbr_make_f_derived(AACContext *ac,
SpectralBandReplication *sbr)
if (sbr->n_q > 5) {
av_log(ac->avctx, AV_LOG_ERROR, "Too many noise floor scale factors:
%d\n", sbr->n_q);
+sbr->n_q = 1;
return -1;
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/utils: Fix block align overflow for ADPCM_IMA_WAV
ffmpeg | branch: release/4.3 | Michael Niedermayer | Wed Dec 11 22:37:07 2024 +0100| [a0ec70455caa3ffb86957769fdaac28d1c3d80bc] | committer: Michael Niedermayer avcodec/utils: Fix block align overflow for ADPCM_IMA_WAV Fixes: signed integer overflow: 529008646 * 8 cannot be represented in type 'int' Fixes: 383379145/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6674045107503104 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 93270930798da368d5b1954a73ef7ff9dfa48f73) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a0ec70455caa3ffb86957769fdaac28d1c3d80bc --- libavcodec/utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/utils.c b/libavcodec/utils.c index 05811dbc5d..b6f2673bb5 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -1748,7 +1748,7 @@ static int get_audio_frame_duration(enum AVCodecID id, int sr, int ch, int ba, case AV_CODEC_ID_ADPCM_IMA_WAV: if (bps < 2 || bps > 5) return 0; -tmp = blocks * (1LL + (ba - 4 * ch) / (bps * ch) * 8); +tmp = blocks * (1LL + (ba - 4 * ch) / (bps * ch) * 8LL); break; case AV_CODEC_ID_ADPCM_IMA_DK3: tmp = blocks * (((ba - 16LL) * 2 / 3 * 4) / ch); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/nistspheredec: Clear buffer
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Sun Nov 3 20:43:21 2024 +0100| [affeb1dde17c1d0350df726f7371a31ad4a66a1d] |
committer: Michael Niedermayer
avformat/nistspheredec: Clear buffer
Fixes: use-of-uninitialized-value
Fixes:
42537627/clusterfuzz-testcase-minimized-fuzzer_protocol_memory-6515855798632448-cut
Found-by: ossfuzz
Reported-by: Kacper Michajlow
Signed-off-by: Michael Niedermayer
(cherry picked from commit 898f6582eb51bf77b1f88e8f55eab67ee6ee13b8)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=affeb1dde17c1d0350df726f7371a31ad4a66a1d
---
libavformat/nistspheredec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/nistspheredec.c b/libavformat/nistspheredec.c
index 78e938da10..b2cbbfefaa 100644
--- a/libavformat/nistspheredec.c
+++ b/libavformat/nistspheredec.c
@@ -34,7 +34,7 @@ static int nist_probe(const AVProbeData *p)
static int nist_read_header(AVFormatContext *s)
{
-char buffer[256], coding[32] = "pcm", format[32] = "01";
+char buffer[256]= {0}, coding[32] = "pcm", format[32] = "01";
int bps = 0, be = 0;
int32_t header_size = -1;
AVStream *st;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/ffv1enc: Fix handling of 32bit unsigned symbols
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Thu Jan 9 21:35:06 2025 +0100| [f5d8b82891dfb0fc825f9c0c607926694fca87a6] |
committer: Michael Niedermayer
avcodec/ffv1enc: Fix handling of 32bit unsigned symbols
This may be needed for floats
Sponsored-by: Sovereign Tech Fund
Reviewed-by: Alexander Strasser
Signed-off-by: Michael Niedermayer
(cherry picked from commit 402824e9e99461f1c9e74a6730ced40894669560)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f5d8b82891dfb0fc825f9c0c607926694fca87a6
---
libavcodec/ffv1enc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/ffv1enc.c b/libavcodec/ffv1enc.c
index a489ce0dc0..7319dc602a 100644
--- a/libavcodec/ffv1enc.c
+++ b/libavcodec/ffv1enc.c
@@ -199,7 +199,7 @@ static av_always_inline av_flatten void
put_symbol_inline(RangeCoder *c,
} while (0)
if (v) {
-const int a = FFABS(v);
+const unsigned a = is_signed ? FFABS(v) : v;
const int e = av_log2(a);
put_rac(c, state + 0, 0);
if (e <= 9) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/vqf: Check avio_read() in add_metadata()
ffmpeg | branch: release/4.3 | Michael Niedermayer | Thu Dec 26 01:46:49 2024 +0100| [48118f2fae1f1eb50a0a4d6bc55bd91c5b5bf41d] | committer: Michael Niedermayer avformat/vqf: Check avio_read() in add_metadata() Fixes: use of uninitialized data Fixes: 383825642/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5380168801124352 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit c43dbecbdad152a91eadc7538b545852eee562ae) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=48118f2fae1f1eb50a0a4d6bc55bd91c5b5bf41d --- libavformat/vqf.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/vqf.c b/libavformat/vqf.c index 449f4061f7..bb0ff85285 100644 --- a/libavformat/vqf.c +++ b/libavformat/vqf.c @@ -61,7 +61,8 @@ static void add_metadata(AVFormatContext *s, uint32_t tag, buf = av_malloc(len+1); if (!buf) return; -avio_read(s->pb, buf, len); +if (len != avio_read(s->pb, buf, len)) +return; buf[len] = 0; AV_WL32(key, tag); av_dict_set(&s->metadata, key, buf, AV_DICT_DONT_STRDUP_VAL); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/mvha: Clear remaining space after inflate()
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Sat Aug 3 19:11:33 2024 +0200| [4eceda75288bca8902614c9bc651f7a4e3c55793] |
committer: Michael Niedermayer
avcodec/mvha: Clear remaining space after inflate()
Fixes: use-of-uninitialized-value
Fixes:
70838/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MVHA_fuzzer-4878509466517504
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit cba4e2e40dec1ff2ce534fec87c7e3e8bef7ff9b)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4eceda75288bca8902614c9bc651f7a4e3c55793
---
libavcodec/mvha.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavcodec/mvha.c b/libavcodec/mvha.c
index c603ef6975..9c7706aad7 100644
--- a/libavcodec/mvha.c
+++ b/libavcodec/mvha.c
@@ -187,6 +187,8 @@ static int decode_frame(AVCodecContext *avctx,
av_log(avctx, AV_LOG_ERROR, "Inflate error: %d\n", ret);
return AVERROR_EXTERNAL;
}
+if (zstream->avail_out > 0)
+memset(zstream->next_out, 0, zstream->avail_out);
}
}
} else if (type == MKTAG('H','U','F','Y')) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/ffv1enc: Slice combination is unsupported
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Fri Oct 6 22:23:33 2023 +0200| [c02c96b93df3090029b8b91bf6369a8486167cd9] |
committer: Michael Niedermayer
avcodec/ffv1enc: Slice combination is unsupported
We always write minimal slices, the size calculation is wrong in some
corner cases but as its always 1x1 (minus1) we can for now just hard-code it
This helps with ticket 5548
Signed-off-by: Michael Niedermayer
(cherry picked from commit 7d514655bfa47c6e5cc1b81fbba8e750e368036e)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c02c96b93df3090029b8b91bf6369a8486167cd9
---
libavcodec/ffv1enc.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/ffv1enc.c b/libavcodec/ffv1enc.c
index 82f21de8b3..92e2322cc8 100644
--- a/libavcodec/ffv1enc.c
+++ b/libavcodec/ffv1enc.c
@@ -940,8 +940,8 @@ static void encode_slice_header(FFV1Context *f, FFV1Context
*fs)
put_symbol(c, state, (fs->slice_x +1)*f->num_h_slices / f->width ,
0);
put_symbol(c, state, (fs->slice_y +1)*f->num_v_slices / f->height ,
0);
-put_symbol(c, state, (fs->slice_width +1)*f->num_h_slices / f->width -1,
0);
-put_symbol(c, state, (fs->slice_height+1)*f->num_v_slices / f->height-1,
0);
+put_symbol(c, state, 0, 0);
+put_symbol(c, state, 0, 0);
for (j=0; jplane_count; j++) {
put_symbol(c, state, f->plane[j].quant_table_index, 0);
av_assert0(f->plane[j].quant_table_index == f->context_model);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/hls: .ts is always ok even if its a mov/mp4
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Tue Jan 28 13:26:34 2025 +0100| [71274326b1375b07deee0fac3506901693689daf] |
committer: Michael Niedermayer
avformat/hls: .ts is always ok even if its a mov/mp4
Maybe fixes: 11435
Signed-off-by: Michael Niedermayer
(cherry picked from commit 9e12572933dc1c49e9b35d772ddcae896c2ba8a8)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=71274326b1375b07deee0fac3506901693689daf
---
libavformat/hls.c | 4
1 file changed, 4 insertions(+)
diff --git a/libavformat/hls.c b/libavformat/hls.c
index 5057f4867e..203b086990 100644
--- a/libavformat/hls.c
+++ b/libavformat/hls.c
@@ -735,6 +735,10 @@ static int test_segment(AVFormatContext *s, const
AVInputFormat *in_fmt, struct
if (in_fmt->extensions) {
matchF = av_match_ext(seg->url, in_fmt->extensions)
+ 2*(ff_match_url_ext(seg->url, in_fmt->extensions) > 0);
+if(av_match_name("mp4", in_fmt->name)) {
+matchF |= av_match_ext(seg->url, "ts")
+ + 2*(ff_match_url_ext(seg->url, "ts") > 0);
+}
} else if (!strcmp(in_fmt->name, "mpegts"))
matchF = 3;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/hls: Be more picky on extensions
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Thu Jan 16 01:28:46 2025 +0100| [c32e89653ab6bf3a73090411e00fa6089a751b02] |
committer: Michael Niedermayer
avformat/hls: Be more picky on extensions
This blocks disallowed extensions from probing
It also requires all available segments to have matching extensions to the
format
mpegts is treated independent of the extension
It is recommended to set the whitelists correctly
instead of depending on extensions, but this should help a bit,
and this is easier to backport
Fixes: CVE-2023-6602 II. HLS Force TTY Demuxer
Fixes: CVE-2023-6602 IV. HLS XBIN Demuxer DoS Amplification
The other parts of CVE-2023-6602 have been fixed by prior commits
Found-by: Harvey Phillips of Amazon Element55 (element55)
Signed-off-by: Michael Niedermayer
(cherry picked from commit 91d96dc8ddaebe0b6cb393f672085e6bfaf15a31)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c32e89653ab6bf3a73090411e00fa6089a751b02
---
doc/demuxers.texi | 7 +++
libavformat/hls.c | 50 ++
2 files changed, 57 insertions(+)
diff --git a/doc/demuxers.texi b/doc/demuxers.texi
index 3c15ab9eee..6c94863271 100644
--- a/doc/demuxers.texi
+++ b/doc/demuxers.texi
@@ -327,6 +327,13 @@ segment index to start live streams at (negative values
are from the end).
@item allowed_extensions
',' separated list of file extensions that hls is allowed to access.
+@item extension_picky
+This blocks disallowed extensions from probing
+It also requires all available segments to have matching extensions to the
format
+except mpegts, which is always allowed.
+It is recommended to set the whitelists correctly instead of depending on
extensions
+Enabled by default.
+
@item max_reload
Maximum number of times a insufficient list is attempted to be reloaded.
Default value is 1000.
diff --git a/libavformat/hls.c b/libavformat/hls.c
index 650c0dc863..e94c4f9ae3 100644
--- a/libavformat/hls.c
+++ b/libavformat/hls.c
@@ -208,6 +208,7 @@ typedef struct HLSContext {
AVIOInterruptCB *interrupt_callback;
AVDictionary *avio_opts;
char *allowed_extensions;
+int extension_picky;
int max_reload;
int http_persistent;
int http_multiple;
@@ -712,6 +713,40 @@ static int open_url(AVFormatContext *s, AVIOContext **pb,
const char *url,
return ret;
}
+static int test_segment(AVFormatContext *s, const AVInputFormat *in_fmt,
struct playlist *pls, struct segment *seg)
+{
+HLSContext *c = s->priv_data;
+int matchA = 3;
+int matchF = 0;
+
+if (!c->extension_picky)
+return 0;
+
+if (strcmp(c->allowed_extensions, "ALL"))
+matchA = av_match_ext(seg->url, c->allowed_extensions)
+ + 2*(ff_match_url_ext(seg->url, c->allowed_extensions) > 0);
+
+if (!matchA) {
+av_log(s, AV_LOG_ERROR, "URL %s is not in allowed_extensions\n",
seg->url);
+return AVERROR_INVALIDDATA;
+}
+
+if (in_fmt) {
+if (in_fmt->extensions) {
+matchF = av_match_ext(seg->url, in_fmt->extensions)
+ + 2*(ff_match_url_ext(seg->url, in_fmt->extensions) > 0);
+} else if (!strcmp(in_fmt->name, "mpegts"))
+matchF = 3;
+
+if (!(matchA & matchF)) {
+av_log(s, AV_LOG_ERROR, "detected format extension %s mismatches
allowed extensions in url %s\n", in_fmt->extensions ? in_fmt->extensions :
"none", seg->url);
+return AVERROR_INVALIDDATA;
+}
+}
+
+return 0;
+}
+
static int parse_playlist(HLSContext *c, const char *url,
struct playlist *pls, AVIOContext *in)
{
@@ -944,6 +979,14 @@ static int parse_playlist(HLSContext *c, const char *url,
goto fail;
}
+ret = test_segment(c->ctx, pls->ctx ? pls->ctx->iformat :
NULL, pls, seg);
+if (ret < 0) {
+av_free(seg->url);
+av_free(seg->key);
+av_free(seg);
+goto fail;
+}
+
if (duration < 0.001 * AV_TIME_BASE) {
av_log(c->ctx, AV_LOG_WARNING, "Cannot get correct #EXTINF
value of segment %s,"
" set to default value to 1ms.\n",
seg->url);
@@ -1981,6 +2024,11 @@ static int hls_read_header(AVFormatContext *s)
pls->ctx->max_analyze_duration = s->max_analyze_duration > 0 ?
s->max_analyze_duration : 4 * AV_TIME_BASE;
url = av_strdup(pls->segments[0]->url);
ret = av_probe_input_buffer(&pls->pb, &in_fmt, url, NULL, 0, 0);
+
+for (int n = 0; n < pls->n_segments; n++)
+if (ret >= 0)
+ret = test_segment(s, in_fmt, pls, pls->segments[n]);
+
av_free(url);
if (ret < 0) {
/* Free the ctx - it isn't initialized properly at this point,
@@ -2376,6 +2424,8 @@ sta
[FFmpeg-cvslog] avformat/wtvdec: Initialize buf
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Thu Dec 26 02:53:45 2024 +0100| [af336762bd712bb8656ecd0010f9041c4fe006f2] |
committer: Michael Niedermayer
avformat/wtvdec: Initialize buf
ff_parse_mpeg2_descriptor() reads over what is initialized
Fixes: use of uninitialized memory
Fixes:
383825645/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-5144130618982400
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 17b019c517af26c6d2f0c6266938c60d36db1fa3)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=af336762bd712bb8656ecd0010f9041c4fe006f2
---
libavformat/wtvdec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/wtvdec.c b/libavformat/wtvdec.c
index 23cfcda570..b5c88d6036 100644
--- a/libavformat/wtvdec.c
+++ b/libavformat/wtvdec.c
@@ -849,7 +849,7 @@ static int parse_chunks(AVFormatContext *s, int mode,
int64_t seekts, int *len_p
int stream_index = ff_find_stream_index(s, sid);
if (stream_index >= 0) {
AVStream *st = s->streams[stream_index];
-uint8_t buf[258];
+uint8_t buf[258] = {0};
const uint8_t *pbuf = buf;
int buf_size;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/vc1dec: Clear block_index in vc1_decode_reset()
ffmpeg | branch: release/4.3 | Michael Niedermayer | Sun Dec 1 23:30:55 2024 +0100| [719ebc4adb56efdd00edefa9bf7c0719dde717ba] | committer: Michael Niedermayer avcodec/vc1dec: Clear block_index in vc1_decode_reset() Fixes: 377965565/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1_fuzzer-4504434689769472 Fixes: out of array access Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 251de1791e645f16e80b09d82999d4a5e24b1ad1) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=719ebc4adb56efdd00edefa9bf7c0719dde717ba --- libavcodec/vc1dec.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/vc1dec.c b/libavcodec/vc1dec.c index a7f46a2246..492dccc1e1 100644 --- a/libavcodec/vc1dec.c +++ b/libavcodec/vc1dec.c @@ -608,6 +608,7 @@ av_cold int ff_vc1_decode_end(AVCodecContext *avctx) av_freep(&v->hrd_rate); av_freep(&v->hrd_buffer); ff_mpv_common_end(&v->s); +memset(v->s.block_index, 0, sizeof(v->s.block_index)); av_freep(&v->mv_type_mb_plane); av_freep(&v->direct_mb_plane); av_freep(&v->forward_mb_plane); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] ffv1enc_vulkan: disable autodetection of async_depth
ffmpeg | branch: master | Lynne | Fri Feb 21 22:34:14 2025
+| [bb87d19cd9720631d79e67a5ecca4659ae97734a] | committer: Lynne
ffv1enc_vulkan: disable autodetection of async_depth
The issue is that this could consume gigabytes of VRAM at higher
resolutions for not that much of a speedup.
Automatic detection was not a good idea as we can't know how much
VRAM is actually free.
Just remove it.
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bb87d19cd9720631d79e67a5ecca4659ae97734a
---
libavcodec/ffv1enc_vulkan.c | 7 +--
1 file changed, 1 insertion(+), 6 deletions(-)
diff --git a/libavcodec/ffv1enc_vulkan.c b/libavcodec/ffv1enc_vulkan.c
index 3d7ee073aa..6a12ee2055 100644
--- a/libavcodec/ffv1enc_vulkan.c
+++ b/libavcodec/ffv1enc_vulkan.c
@@ -1631,11 +1631,6 @@ static av_cold int
vulkan_encode_ffv1_init(AVCodecContext *avctx)
max_heap_size = max_heap_size - (max_heap_size >> 3);
}
-if (!fv->async_depth) {
-fv->async_depth = FFMIN(fv->qf->num, FFMAX(max_heap_size / maxsize,
1));
-fv->async_depth = FFMAX(fv->async_depth, 1);
-}
-
av_log(avctx, AV_LOG_INFO, "Async buffers: %zuMiB per context, %zuMiB
total, depth: %i\n",
maxsize / (1024*1024),
(fv->async_depth * maxsize) / (1024*1024),
@@ -1820,7 +1815,7 @@ static const AVOption vulkan_encode_ffv1_options[] = {
{ .i64 = 0 }, 0, 1, VE },
{ "async_depth", "Internal parallelization depth", OFFSET(async_depth),
AV_OPT_TYPE_INT,
-{ .i64 = 0 }, 0, INT_MAX, VE },
+{ .i64 = 1 }, 1, INT_MAX, VE },
{ NULL }
};
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avfilter/libplacebo: add deinterlacing options
ffmpeg | branch: master | Niklas Haas | Sun Feb 16 16:13:22
2025 +0100| [794cba812e74173b1598c7680a42e0f056d3d204] | committer: Niklas Haas
avfilter/libplacebo: add deinterlacing options
These were introduced in libplacebo API version 220. We actually already
map the field by default, but deinterlacing was never enabled unless the user
explicitly forced it using extra_ops.
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=794cba812e74173b1598c7680a42e0f056d3d204
---
doc/filters.texi| 19 +++
libavfilter/vf_libplacebo.c | 17 +
2 files changed, 36 insertions(+)
diff --git a/doc/filters.texi b/doc/filters.texi
index f281053965..7000f598e8 100644
--- a/doc/filters.texi
+++ b/doc/filters.texi
@@ -16615,6 +16615,25 @@ Enable sigmoidal compression during upscaling. Reduces
ringing slightly.
Enabled by default.
@end table
+@subsubsection Deinterlacing
+Deinterlacing is automatically supported when frames are tagged as interlaced,
+however frames are not deinterlaced unless a deinterlacing algorithm is chosen.
+@table @option
+@item deinterlace
+The the deinterlacing algorithm to use.
+@table @samp
+@item weave
+No deinterlacing, weave fields together into a single frame. This is the
default.
+@item bob
+Naive bob deinterlacing, simply repeat each field line twice.
+@item yadif
+Yet another deinterlacing filter. See the @ref{yadif} filter for more details.
+@end table
+
+@item skip_spatial_check
+Skip the spatial deinterlacing check when using @code{yadif} deinterlacing.
+@end table
+
@subsubsection Debanding
Libplacebo comes with a built-in debanding filter that is good at counteracting
many common sources of banding and blocking. Turning this on is highly
diff --git a/libavfilter/vf_libplacebo.c b/libavfilter/vf_libplacebo.c
index 08041f6894..6330725134 100644
--- a/libavfilter/vf_libplacebo.c
+++ b/libavfilter/vf_libplacebo.c
@@ -49,6 +49,7 @@ static inline AVFrame *pl_get_mapped_avframe(const struct
pl_frame *frame)
typedef struct pl_options_t {
// Backwards compatibility shim of this struct
struct pl_render_params params;
+struct pl_deinterlace_params deinterlace_params;
struct pl_deband_params deband_params;
struct pl_sigmoid_params sigmoid_params;
struct pl_color_adjustment color_adjustment;
@@ -211,6 +212,10 @@ typedef struct LibplaceboContext {
int force_dither;
int disable_fbos;
+/* pl_deinterlace_params */
+int deinterlace;
+int skip_spatial_check;
+
/* pl_deband_params */
int deband;
int deband_iterations;
@@ -369,6 +374,11 @@ static int update_settings(AVFilterContext *ctx)
pl_options opts = s->opts;
int gamut_mode = s->gamut_mode;
+opts->deinterlace_params = *pl_deinterlace_params(
+.algo = s->deinterlace,
+.skip_spatial_check = s->skip_spatial_check,
+);
+
opts->deband_params = *pl_deband_params(
.iterations = s->deband_iterations,
.threshold = s->deband_threshold,
@@ -433,6 +443,7 @@ static int update_settings(AVFilterContext *ctx)
.corner_rounding = s->corner_rounding,
#endif
+.deinterlace_params = &opts->deinterlace_params,
.deband_params = s->deband ? &opts->deband_params : NULL,
.sigmoid_params = s->sigmoid ? &opts->sigmoid_params : NULL,
.color_adjustment = &opts->color_adjustment,
@@ -1355,6 +1366,12 @@ static const AVOption libplacebo_options[] = {
{ "apply_filmgrain", "Apply film grain metadata", OFFSET(apply_filmgrain),
AV_OPT_TYPE_BOOL, {.i64 = 1}, 0, 1, DYNAMIC },
{ "apply_dolbyvision", "Apply Dolby Vision metadata", OFFSET(apply_dovi),
AV_OPT_TYPE_BOOL, {.i64 = 1}, 0, 1, DYNAMIC },
+{ "deinterlace", "Deinterlacing mode", OFFSET(deinterlace),
AV_OPT_TYPE_INT, {.i64 = PL_DEINTERLACE_WEAVE}, 0,
PL_DEINTERLACE_ALGORITHM_COUNT - 1, DYNAMIC, .unit = "deinterlace" },
+{ "weave", "Weave fields together (no-op)",0, AV_OPT_TYPE_CONST,
{.i64 = PL_DEINTERLACE_WEAVE}, 0, 0, STATIC, .unit = "deinterlace" },
+{ "bob", "Naive bob deinterlacing", 0, AV_OPT_TYPE_CONST,
{.i64 = PL_DEINTERLACE_BOB}, 0, 0, STATIC, .unit = "deinterlace" },
+{ "yadif", "Yet another deinterlacing filter", 0, AV_OPT_TYPE_CONST,
{.i64 = PL_DEINTERLACE_YADIF}, 0, 0, STATIC, .unit = "deinterlace" },
+{ "skip_spatial_check", "Skip yadif spatial check",
OFFSET(skip_spatial_check), AV_OPT_TYPE_BOOL, {.i64 = 0}, 0, 1, DYNAMIC },
+
{ "deband", "Enable debanding", OFFSET(deband), AV_OPT_TYPE_BOOL, {.i64 =
0}, 0, 1, DYNAMIC },
{ "deband_iterations", "Deband iterations", OFFSET(deband_iterations),
AV_OPT_TYPE_INT, {.i64 = 1}, 0, 16, DYNAMIC },
{ "deband_threshold", "Deband threshold", OFFSET(deband_threshold),
AV_OPT_TYPE_FLOAT, {.dbl = 4.0}, 0.0, 1024.0, DYNAMIC },
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvs
[FFmpeg-cvslog] avfilter/libplacebo: only mark frame fields when deinterlacing
ffmpeg | branch: master | Niklas Haas | Sun Feb 16 16:22:07
2025 +0100| [123cccb62104e3cdbe992aa6c55643fcfbdf7993] | committer: Niklas Haas
avfilter/libplacebo: only mark frame fields when deinterlacing
Avoids an unnecessary copy of the frame in the frame queue when not
deinterlacing anyways.
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=123cccb62104e3cdbe992aa6c55643fcfbdf7993
---
libavfilter/vf_libplacebo.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavfilter/vf_libplacebo.c b/libavfilter/vf_libplacebo.c
index 6330725134..70351131a8 100644
--- a/libavfilter/vf_libplacebo.c
+++ b/libavfilter/vf_libplacebo.c
@@ -969,7 +969,7 @@ static int handle_input(AVFilterContext *ctx,
LibplaceboInput *input)
pl_queue_push(input->queue, &(struct pl_source_frame) {
.pts = in->pts * av_q2d(inlink->time_base),
.duration= in->duration * av_q2d(inlink->time_base),
-.first_field = pl_field_from_avframe(in),
+.first_field = s->deinterlace ? pl_field_from_avframe(in) :
PL_FIELD_NONE,
.frame_data = in,
.map = map_frame,
.unmap = unmap_frame,
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avfilter/libplacebo: strip interlaced flag when deinterlacing
ffmpeg | branch: master | Niklas Haas | Sun Feb 16 16:53:11
2025 +0100| [83c1b349648b7cabff7ea2f7ff77e08c16d5fa20] | committer: Niklas Haas
avfilter/libplacebo: strip interlaced flag when deinterlacing
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=83c1b349648b7cabff7ea2f7ff77e08c16d5fa20
---
libavfilter/vf_libplacebo.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavfilter/vf_libplacebo.c b/libavfilter/vf_libplacebo.c
index 70351131a8..d1a5ddb0d3 100644
--- a/libavfilter/vf_libplacebo.c
+++ b/libavfilter/vf_libplacebo.c
@@ -856,6 +856,8 @@ static int output_frame(AVFilterContext *ctx, int64_t pts)
out->color_range = outlink->color_range;
if (s->fps.num)
out->duration = 1;
+if (s->deinterlace)
+out->flags &= ~(AV_FRAME_FLAG_INTERLACED |
AV_FRAME_FLAG_TOP_FIELD_FIRST);
if (s->apply_dovi && av_frame_get_side_data(ref,
AV_FRAME_DATA_DOVI_METADATA)) {
/* Output of dovi reshaping is always BT.2020+PQ, so infer the correct
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avfilter/vf_libplacebo: remove deprecated options
ffmpeg | branch: master | Niklas Haas | Wed Feb 19 19:28:59
2025 +0100| [5944c4b20a32b4a127ca91f87ab13ca2dbfb5611] | committer: Niklas Haas
avfilter/vf_libplacebo: remove deprecated options
These were removed upstream and no longer have had any effect for
a while now.
Signed-off-by: Niklas Haas
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5944c4b20a32b4a127ca91f87ab13ca2dbfb5611
---
doc/filters.texi| 13 -
libavfilter/vf_libplacebo.c | 9 -
2 files changed, 22 deletions(-)
diff --git a/doc/filters.texi b/doc/filters.texi
index 512945b89b..0ba7d3035f 100644
--- a/doc/filters.texi
+++ b/doc/filters.texi
@@ -16600,11 +16600,6 @@ Linear blend/fade between frames. Especially useful
for constructing e.g.
slideshows.
@end table
-@item lut_entries
-Configures the size of scaler LUTs, ranging from @code{1} to @code{256}. The
-default of @code{0} will pick libplacebo's internal default, typically
-@code{64}.
-
@item antiringing
Enables anti-ringing (for non-EWA filters). The value (between @code{0.0} and
@code{1.0}) configures the strength of the anti-ringing algorithm. May increase
@@ -16726,10 +16721,6 @@ Peak detection smoothing period, between @code{0.0}
and @code{1000.0}. Higher
values result in peak detection becoming less responsive to changes in the
input. Defaults to @code{100.0}.
-@item minimum_peak
-Lower bound on the detected peak (relative to SDR white), between @code{0.0}
-and @code{100.0}. Defaults to @code{1.0}.
-
@item scene_threshold_low
@item scene_threshold_high
Lower and upper thresholds for scene change detection. Expressed in a
@@ -16934,10 +16925,6 @@ attempting to squeeze the maximum performance at the
cost of quality.
@item skip_aa
Disable anti-aliasing when downscaling.
-@item polar_cutoff
-Truncate polar (EWA) scaler kernels below this absolute magnitude, between
-@code{0.0} and @code{1.0}.
-
@item disable_linear
Disable linear light scaling.
diff --git a/libavfilter/vf_libplacebo.c b/libavfilter/vf_libplacebo.c
index 0b91aba21b..e47c5f9c7d 100644
--- a/libavfilter/vf_libplacebo.c
+++ b/libavfilter/vf_libplacebo.c
@@ -202,11 +202,9 @@ typedef struct LibplaceboContext {
char *upscaler;
char *downscaler;
char *frame_mixer;
-int lut_entries;
float antiringing;
int sigmoid;
int skip_aa;
-float polar_cutoff;
int disable_linear;
int disable_builtin;
int force_dither;
@@ -234,7 +232,6 @@ typedef struct LibplaceboContext {
/* pl_peak_detect_params */
int peakdetect;
float smoothing;
-float min_peak;
float scene_low;
float scene_high;
float percentile;
@@ -399,7 +396,6 @@ static int update_settings(AVFilterContext *ctx)
opts->peak_detect_params = *pl_peak_detect_params(
.smoothing_period = s->smoothing,
-.minimum_peak = s->min_peak,
.scene_threshold_low = s->scene_low,
.scene_threshold_high = s->scene_high,
#if PL_API_VER >= 263
@@ -432,7 +428,6 @@ static int update_settings(AVFilterContext *ctx)
);
opts->params = *pl_render_params(
-.lut_entries = s->lut_entries,
.antiringing_strength = s->antiringing,
.background_transparency = 1.0f - (float) s->fillcolor[3] / UINT8_MAX,
.background_color = {
@@ -457,7 +452,6 @@ static int update_settings(AVFilterContext *ctx)
.num_hooks = s->num_hooks,
.skip_anti_aliasing = s->skip_aa,
-.polar_cutoff = s->polar_cutoff,
.disable_linear_scaling = s->disable_linear,
.disable_builtin_scalers = s->disable_builtin,
.force_dither = s->force_dither,
@@ -1378,7 +1372,6 @@ static const AVOption libplacebo_options[] = {
{ "upscaler", "Upscaler function", OFFSET(upscaler), AV_OPT_TYPE_STRING,
{.str = "spline36"}, .flags = DYNAMIC },
{ "downscaler", "Downscaler function", OFFSET(downscaler),
AV_OPT_TYPE_STRING, {.str = "mitchell"}, .flags = DYNAMIC },
{ "frame_mixer", "Frame mixing function", OFFSET(frame_mixer),
AV_OPT_TYPE_STRING, {.str = "none"}, .flags = DYNAMIC },
-{ "lut_entries", "Number of scaler LUT entries", OFFSET(lut_entries),
AV_OPT_TYPE_INT, {.i64 = 0}, 0, 256, DYNAMIC },
{ "antiringing", "Antiringing strength (for non-EWA filters)",
OFFSET(antiringing), AV_OPT_TYPE_FLOAT, {.dbl = 0.0}, 0.0, 1.0, DYNAMIC },
{ "sigmoid", "Enable sigmoid upscaling", OFFSET(sigmoid),
AV_OPT_TYPE_BOOL, {.i64 = 1}, 0, 1, DYNAMIC },
{ "apply_filmgrain", "Apply film grain metadata", OFFSET(apply_filmgrain),
AV_OPT_TYPE_BOOL, {.i64 = 1}, 0, 1, DYNAMIC },
@@ -1405,7 +1398,6 @@ static const AVOption libplacebo_options[] = {
{ "peak_detect", "Enable dynamic peak detection for HDR tone-mapping",
OFFSET(peakdetect), AV_OPT_TYPE_BOOL, {.i64 = 1}, 0, 1, DYNAMIC },
{ "smoothing_period", "Peak detection smoothing period",
OFFSET(smoothing), AV_OPT_TYPE_FLOAT, {.dbl = 100.0}, 0.0, 1000.0, DYNAMIC },
-{ "minimum_peak", "Peak det
[FFmpeg-cvslog] avfilter/vf_libplacebo: switch to AV_OPT_TYPE_COLOR
ffmpeg | branch: master | Niklas Haas | Wed Feb 19 18:39:43
2025 +0100| [e23c79ebfcda9bfe75dd03b4798268857af93377] | committer: Niklas Haas
avfilter/vf_libplacebo: switch to AV_OPT_TYPE_COLOR
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e23c79ebfcda9bfe75dd03b4798268857af93377
---
libavfilter/vf_libplacebo.c | 15 ++-
1 file changed, 6 insertions(+), 9 deletions(-)
diff --git a/libavfilter/vf_libplacebo.c b/libavfilter/vf_libplacebo.c
index cc07ccd8be..08041f6894 100644
--- a/libavfilter/vf_libplacebo.c
+++ b/libavfilter/vf_libplacebo.c
@@ -168,7 +168,7 @@ typedef struct LibplaceboContext {
/* settings */
char *out_format_string;
enum AVPixelFormat out_format;
-char *fillcolor;
+uint8_t fillcolor[4];
double var_values[VAR_VARS_NB];
char *w_expr;
char *h_expr;
@@ -368,9 +368,6 @@ static int update_settings(AVFilterContext *ctx)
AVDictionaryEntry *e = NULL;
pl_options opts = s->opts;
int gamut_mode = s->gamut_mode;
-uint8_t color_rgba[4];
-
-RET(av_parse_color(color_rgba, s->fillcolor, -1, s));
opts->deband_params = *pl_deband_params(
.iterations = s->deband_iterations,
@@ -426,11 +423,11 @@ static int update_settings(AVFilterContext *ctx)
opts->params = *pl_render_params(
.lut_entries = s->lut_entries,
.antiringing_strength = s->antiringing,
-.background_transparency = 1.0f - (float) color_rgba[3] / UINT8_MAX,
+.background_transparency = 1.0f - (float) s->fillcolor[3] / UINT8_MAX,
.background_color = {
-(float) color_rgba[0] / UINT8_MAX,
-(float) color_rgba[1] / UINT8_MAX,
-(float) color_rgba[2] / UINT8_MAX,
+(float) s->fillcolor[0] / UINT8_MAX,
+(float) s->fillcolor[1] / UINT8_MAX,
+(float) s->fillcolor[2] / UINT8_MAX,
},
#if PL_API_VER >= 277
.corner_rounding = s->corner_rounding,
@@ -1288,7 +1285,7 @@ static const AVOption libplacebo_options[] = {
{ "force_divisible_by", "enforce that the output resolution is divisible
by a defined integer when force_original_aspect_ratio is used",
OFFSET(force_divisible_by), AV_OPT_TYPE_INT, { .i64 = 1 }, 1, 256, STATIC },
{ "normalize_sar", "force SAR normalization to 1:1 by adjusting
pos_x/y/w/h", OFFSET(normalize_sar), AV_OPT_TYPE_BOOL, {.i64 = 0}, 0, 1, STATIC
},
{ "pad_crop_ratio", "ratio between padding and cropping when normalizing
SAR (0=pad, 1=crop)", OFFSET(pad_crop_ratio), AV_OPT_TYPE_FLOAT, {.dbl=0.0},
0.0, 1.0, DYNAMIC },
-{ "fillcolor", "Background fill color", OFFSET(fillcolor),
AV_OPT_TYPE_STRING, {.str = "black@0"}, .flags = DYNAMIC },
+{ "fillcolor", "Background fill color", OFFSET(fillcolor),
AV_OPT_TYPE_COLOR, {.str = "black@0"}, .flags = DYNAMIC },
{ "corner_rounding", "Corner rounding radius", OFFSET(corner_rounding),
AV_OPT_TYPE_FLOAT, {.dbl = 0.0}, 0.0, 1.0, .flags = DYNAMIC },
{ "extra_opts", "Pass extra libplacebo-specific options using a
:-separated list of key=value pairs", OFFSET(extra_opts), AV_OPT_TYPE_DICT,
.flags = DYNAMIC },
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avfilter/vf_libplacebo: allow differing formats per input
ffmpeg | branch: master | Niklas Haas | Wed Feb 19 18:21:53
2025 +0100| [d48745ba1cab3dbaf029e24aeef3c866b51cf6f9] | committer: Niklas Haas
avfilter/vf_libplacebo: allow differing formats per input
Each input is entirely independent and can have varying pixel formats,
color spaces, etc. To accomplish this, we need to make a full copy of the
format list for each subsequent input, rather than sharing the same ref.
Signed-off-by: Niklas Haas
Sponsored-by: nxtedition
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d48745ba1cab3dbaf029e24aeef3c866b51cf6f9
---
libavfilter/vf_libplacebo.c | 10 +-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/libavfilter/vf_libplacebo.c b/libavfilter/vf_libplacebo.c
index 6254951e0a..b53543299d 100644
--- a/libavfilter/vf_libplacebo.c
+++ b/libavfilter/vf_libplacebo.c
@@ -1159,8 +1159,16 @@ static int libplacebo_query_format(const AVFilterContext
*ctx,
goto fail;
}
-for (int i = 0; i < s->nb_inputs; i++)
+for (int i = 0; i < s->nb_inputs; i++) {
+if (i > 0) {
+/* Duplicate the format list for each subsequent input */
+infmts = NULL;
+for (int n = 0; n < cfg_in[0]->formats->nb_formats; n++)
+RET(ff_add_format(&infmts, cfg_in[0]->formats->formats[n]));
+}
RET(ff_formats_ref(infmts, &cfg_in[i]->formats));
+}
+
RET(ff_formats_ref(outfmts, &cfg_out[0]->formats));
/* Set colorspace properties */
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avfilter/vf_liplacebo: properly initialize variable
ffmpeg | branch: master | Niklas Haas | Wed Feb 19 19:30:29
2025 +0100| [05302767ac2b14f560f70d0a3e99de151b3e9539] | committer: Niklas Haas
avfilter/vf_liplacebo: properly initialize variable
Signed-off-by: Niklas Haas
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=05302767ac2b14f560f70d0a3e99de151b3e9539
---
libavfilter/vf_libplacebo.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavfilter/vf_libplacebo.c b/libavfilter/vf_libplacebo.c
index e47c5f9c7d..f457564afa 100644
--- a/libavfilter/vf_libplacebo.c
+++ b/libavfilter/vf_libplacebo.c
@@ -821,7 +821,7 @@ static void update_crops(AVFilterContext *ctx,
LibplaceboInput *in,
/* Construct and emit an output frame for a given timestamp */
static int output_frame(AVFilterContext *ctx, int64_t pts)
{
-int err = 0, ok, changed;
+int err = 0, ok, changed = 0;
LibplaceboContext *s = ctx->priv;
pl_options opts = s->opts;
AVFilterLink *outlink = ctx->outputs[0];
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] configure: align libplacebo version check with reality
ffmpeg | branch: master | Niklas Haas | Sun Feb 16 16:17:21
2025 +0100| [58875417afc63dd8ce801a05bcbd36b4fbc4c1ad] | committer: Niklas Haas
configure: align libplacebo version check with reality
This filter already failed to compile on older versions, because of an
unconditional use of an API introduced in API version 220. Nobody noticed
this, so I conclude that it's safe to bump the required version by now.
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=58875417afc63dd8ce801a05bcbd36b4fbc4c1ad
---
configure | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure b/configure
index f76f946dfe..2c08901adc 100755
--- a/configure
+++ b/configure
@@ -7018,7 +7018,7 @@ enabled libopus && {
require_pkg_config libopus opus opus_multistream.h
opus_multistream_surround_encoder_create
}
}
-enabled libplacebo&& require_pkg_config libplacebo "libplacebo >=
4.192.0" libplacebo/vulkan.h pl_vulkan_create
+enabled libplacebo&& require_pkg_config libplacebo "libplacebo >=
5.229.0" libplacebo/vulkan.h pl_vulkan_create
enabled libpulse && require_pkg_config libpulse libpulse
pulse/pulseaudio.h pa_context_new
enabled libqrencode && require_pkg_config libqrencode libqrencode
qrencode.h QRcode_encodeString
enabled libquirc && require libquirc quirc.h quirc_decode -lquirc
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avfilter/vf_libplacebo: switch to new background API
ffmpeg | branch: master | Niklas Haas | Wed Feb 19 18:20:11
2025 +0100| [6602b88df688a0697f93517028cdbec3e7c4d7c9] | committer: Niklas Haas
avfilter/vf_libplacebo: switch to new background API
Fixes a deprecation warning, and also fixes a bug where the depredated
skip_target_clearing option was not correctly mapped to the new API inside
libplacebo upstream.
Signed-off-by: Niklas Haas
Sponsored-by: nxtedition
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6602b88df688a0697f93517028cdbec3e7c4d7c9
---
libavfilter/vf_libplacebo.c | 12 ++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/libavfilter/vf_libplacebo.c b/libavfilter/vf_libplacebo.c
index f457564afa..6254951e0a 100644
--- a/libavfilter/vf_libplacebo.c
+++ b/libavfilter/vf_libplacebo.c
@@ -892,8 +892,12 @@ static int output_frame(AVFilterContext *ctx, int64_t pts)
}
/* Draw first frame opaque, others with blending */
-opts->params.skip_target_clearing = false;
opts->params.blend_params = NULL;
+#if PL_API_VER >= 346
+opts->params.background = opts->params.border = PL_CLEAR_COLOR;
+#else
+opts->params.skip_target_clearing = false;
+#endif
for (int i = 0; i < s->nb_inputs; i++) {
LibplaceboInput *in = &s->inputs[i];
FilterLink *il = ff_filter_link(ctx->inputs[in->idx]);
@@ -904,8 +908,12 @@ static int output_frame(AVFilterContext *ctx, int64_t pts)
opts->params.skip_caching_single_frame = high_fps;
update_crops(ctx, in, &target, out->pts * av_q2d(outlink->time_base));
pl_render_image_mix(in->renderer, &in->mix, &target, &opts->params);
-opts->params.skip_target_clearing = true;
opts->params.blend_params = &pl_alpha_overlay;
+#if PL_API_VER >= 346
+opts->params.background = opts->params.border = PL_CLEAR_SKIP;
+#else
+opts->params.skip_target_clearing = true;
+#endif
}
if (outdesc->flags & AV_PIX_FMT_FLAG_HWACCEL) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avfilter/libplacebo: add option for outputting separate fields
ffmpeg | branch: master | Niklas Haas | Sun Feb 16 16:56:18
2025 +0100| [27814dc3b639917e38dd6913acebbdfbb25d056f] | committer: Niklas Haas
avfilter/libplacebo: add option for outputting separate fields
cf. the other deinterlacing-aware filters.
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=27814dc3b639917e38dd6913acebbdfbb25d056f
---
doc/filters.texi| 5 +
libavfilter/vf_libplacebo.c | 23 ---
2 files changed, 25 insertions(+), 3 deletions(-)
diff --git a/doc/filters.texi b/doc/filters.texi
index 7000f598e8..512945b89b 100644
--- a/doc/filters.texi
+++ b/doc/filters.texi
@@ -16632,6 +16632,11 @@ Yet another deinterlacing filter. See the @ref{yadif}
filter for more details.
@item skip_spatial_check
Skip the spatial deinterlacing check when using @code{yadif} deinterlacing.
+
+@item send_fields
+Output a frame for each field, rather than for each frame. Note that this will
+always double the tagged output frame rate, even if the input does not contain
+any interlaced frames. Disabled by default.
@end table
@subsubsection Debanding
diff --git a/libavfilter/vf_libplacebo.c b/libavfilter/vf_libplacebo.c
index d1a5ddb0d3..0b91aba21b 100644
--- a/libavfilter/vf_libplacebo.c
+++ b/libavfilter/vf_libplacebo.c
@@ -215,6 +215,7 @@ typedef struct LibplaceboContext {
/* pl_deinterlace_params */
int deinterlace;
int skip_spatial_check;
+int send_fields;
/* pl_deband_params */
int deband;
@@ -967,8 +968,7 @@ static int handle_input(AVFilterContext *ctx,
LibplaceboInput *input)
int64_t pts;
while ((ret = ff_inlink_consume_frame(inlink, &in)) > 0) {
-in->opaque = s;
-pl_queue_push(input->queue, &(struct pl_source_frame) {
+struct pl_source_frame src = {
.pts = in->pts * av_q2d(inlink->time_base),
.duration= in->duration * av_q2d(inlink->time_base),
.first_field = s->deinterlace ? pl_field_from_avframe(in) :
PL_FIELD_NONE,
@@ -976,12 +976,21 @@ static int handle_input(AVFilterContext *ctx,
LibplaceboInput *input)
.map = map_frame,
.unmap = unmap_frame,
.discard = discard_frame,
-});
+};
+
+in->opaque = s;
+pl_queue_push(input->queue, &src);
if (!s->fps.num) {
/* Internally queue an output frame for the same PTS */
pts = av_rescale_q(in->pts, inlink->time_base, outlink->time_base);
av_fifo_write(input->out_pts, &pts, 1);
+
+if (s->send_fields && src.first_field != PL_FIELD_NONE) {
+/* Queue the second field for interlaced content */
+pts += av_rescale_q(in->duration, inlink->time_base,
outlink->time_base) / 2;
+av_fifo_write(input->out_pts, &pts, 1);
+}
}
}
@@ -1239,6 +1248,13 @@ static int libplacebo_config_output(AVFilterLink
*outlink)
avctx->inputs[i]->time_base,
AV_TIME_BASE / 2, AV_TIME_BASE_Q);
}
+
+if (s->deinterlace && s->send_fields) {
+const AVRational q2 = { 2, 1 };
+ol->frame_rate = av_mul_q(ol->frame_rate, q2);
+/* Ensure output frame timestamps are divisible by two */
+outlink->time_base = av_div_q(outlink->time_base, q2);
+}
}
/* Static variables */
@@ -1373,6 +1389,7 @@ static const AVOption libplacebo_options[] = {
{ "bob", "Naive bob deinterlacing", 0, AV_OPT_TYPE_CONST,
{.i64 = PL_DEINTERLACE_BOB}, 0, 0, STATIC, .unit = "deinterlace" },
{ "yadif", "Yet another deinterlacing filter", 0, AV_OPT_TYPE_CONST,
{.i64 = PL_DEINTERLACE_YADIF}, 0, 0, STATIC, .unit = "deinterlace" },
{ "skip_spatial_check", "Skip yadif spatial check",
OFFSET(skip_spatial_check), AV_OPT_TYPE_BOOL, {.i64 = 0}, 0, 1, DYNAMIC },
+{ "send_fields", "Output a frame for each field", OFFSET(send_fields),
AV_OPT_TYPE_BOOL, {.i64 = 0}, 0, 1, DYNAMIC },
{ "deband", "Enable debanding", OFFSET(deband), AV_OPT_TYPE_BOOL, {.i64 =
0}, 0, 1, DYNAMIC },
{ "deband_iterations", "Deband iterations", OFFSET(deband_iterations),
AV_OPT_TYPE_INT, {.i64 = 1}, 0, 16, DYNAMIC },
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avfilter/vf_libplacebo: set colorspace properties on all inputs
ffmpeg | branch: master | Niklas Haas | Wed Feb 19 18:26:05 2025 +0100| [c85879c6012232e94c8be937ac90f96d0c66176d] | committer: Niklas Haas avfilter/vf_libplacebo: set colorspace properties on all inputs There is no reason to only do this on the first input. It doesn't actually matter for now given that we don't constrain the color space list, but it may matter when that changes. Signed-off-by: Niklas Haas > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c85879c6012232e94c8be937ac90f96d0c66176d --- libavfilter/vf_libplacebo.c | 6 ++ 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/libavfilter/vf_libplacebo.c b/libavfilter/vf_libplacebo.c index b53543299d..1c494fdc09 100644 --- a/libavfilter/vf_libplacebo.c +++ b/libavfilter/vf_libplacebo.c @@ -1167,14 +1167,12 @@ static int libplacebo_query_format(const AVFilterContext *ctx, RET(ff_add_format(&infmts, cfg_in[0]->formats->formats[n])); } RET(ff_formats_ref(infmts, &cfg_in[i]->formats)); +RET(ff_formats_ref(ff_all_color_spaces(), &cfg_in[i]->color_spaces)); +RET(ff_formats_ref(ff_all_color_ranges(), &cfg_in[i]->color_ranges)); } RET(ff_formats_ref(outfmts, &cfg_out[0]->formats)); -/* Set colorspace properties */ -RET(ff_formats_ref(ff_all_color_spaces(), &cfg_in[0]->color_spaces)); -RET(ff_formats_ref(ff_all_color_ranges(), &cfg_in[0]->color_ranges)); - outfmts = s->colorspace > 0 ? ff_make_formats_list_singleton(s->colorspace) : ff_all_color_spaces(); RET(ff_formats_ref(outfmts, &cfg_out[0]->color_spaces)); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avfilter/vf_libplacebo: set correct alpha mode before blending
ffmpeg | branch: master | Niklas Haas | Wed Feb 19 22:08:30 2025 +0100| [651bfd0dad07b9eb6de6bc810f665f32c4d01865] | committer: Niklas Haas avfilter/vf_libplacebo: set correct alpha mode before blending &pl_alpha_overlay expects straight alpha, but the alpha output may be premultiplied as a result of the target alpha mode (or in the absence of an alpha channel). Fix it by requesting independent alpha explicitly when blending. > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=651bfd0dad07b9eb6de6bc810f665f32c4d01865 --- libavfilter/vf_libplacebo.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavfilter/vf_libplacebo.c b/libavfilter/vf_libplacebo.c index 1c494fdc09..0c245cda7f 100644 --- a/libavfilter/vf_libplacebo.c +++ b/libavfilter/vf_libplacebo.c @@ -908,6 +908,9 @@ static int output_frame(AVFilterContext *ctx, int64_t pts) opts->params.skip_caching_single_frame = high_fps; update_crops(ctx, in, &target, out->pts * av_q2d(outlink->time_base)); pl_render_image_mix(in->renderer, &in->mix, &target, &opts->params); + +/* Force straight output and set correct blend mode */ +target.repr.alpha = PL_ALPHA_INDEPENDENT; opts->params.blend_params = &pl_alpha_overlay; #if PL_API_VER >= 346 opts->params.background = opts->params.border = PL_CLEAR_SKIP; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] hwcontext_vulkan: enable read/write without storage
ffmpeg | branch: master | Lynne | Sat Feb 22 19:55:34 2025 +| [85d81dcfd6f9548ce89a9cdcc5e3e7547a1b2736] | committer: Lynne hwcontext_vulkan: enable read/write without storage BGR formats in Vulkan cannot be used in storage images, as the pixel labels on storage images are always ordered as RGB, and swizzling is not an option due to old hardware limitations. This means that you must always use an RGB format and manually swizzle when reading or writing to BGR images, or simply not use a format in the shader itself. This adds support for the latter. > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=85d81dcfd6f9548ce89a9cdcc5e3e7547a1b2736 --- libavutil/hwcontext_vulkan.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavutil/hwcontext_vulkan.c b/libavutil/hwcontext_vulkan.c index ec6459712b..11d9e987b0 100644 --- a/libavutil/hwcontext_vulkan.c +++ b/libavutil/hwcontext_vulkan.c @@ -244,6 +244,8 @@ static void device_features_copy_needed(VulkanDeviceFeatures *dst, VulkanDeviceF COPY_VAL(device.features.shaderInt64); COPY_VAL(device.features.shaderInt16); COPY_VAL(device.features.shaderFloat64); +COPY_VAL(device.features.shaderStorageImageReadWithoutFormat); +COPY_VAL(device.features.shaderStorageImageWriteWithoutFormat); COPY_VAL(vulkan_1_1.samplerYcbcrConversion); COPY_VAL(vulkan_1_1.storagePushConstant16); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/lmlm4: Eliminate some AVERROR(EIO)
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Sat Jul 13 09:16:48 2024 +0200| [b583dd4e4485011c1a53280ef8d92a5606ea3e04] |
committer: Michael Niedermayer
avformat/lmlm4: Eliminate some AVERROR(EIO)
Found by code review related to CID732224 Overflowed constant
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer
(cherry picked from commit 191a685010319cb0d248771574c7c61d76e4eb95)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b583dd4e4485011c1a53280ef8d92a5606ea3e04
---
libavformat/lmlm4.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/libavformat/lmlm4.c b/libavformat/lmlm4.c
index 79d703a8fc..186bffba3a 100644
--- a/libavformat/lmlm4.c
+++ b/libavformat/lmlm4.c
@@ -94,15 +94,15 @@ static int lmlm4_read_packet(AVFormatContext *s, AVPacket
*pkt)
if (frame_type > LMLM4_MPEG1L2 || frame_type == LMLM4_INVALID) {
av_log(s, AV_LOG_ERROR, "invalid or unsupported frame_type\n");
-return AVERROR(EIO);
+return AVERROR_INVALIDDATA;
}
if (packet_size > LMLM4_MAX_PACKET_SIZE || packet_size<=8) {
av_log(s, AV_LOG_ERROR, "packet size %d is invalid\n", packet_size);
-return AVERROR(EIO);
+return AVERROR_INVALIDDATA;
}
if ((ret = av_get_packet(pb, pkt, frame_size)) <= 0)
-return AVERROR(EIO);
+return ret < 0 ? ret : AVERROR(EIO);
avio_skip(pb, padding);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/ffv1enc: 2Pass mode is not possible with golomb coding
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Mon Sep 30 23:42:50 2024 +0200| [50a5c2f75d948faeaeb601bc25d86cb21bd2cd5d] |
committer: Michael Niedermayer
avcodec/ffv1enc: 2Pass mode is not possible with golomb coding
"Fixes" Ticket7063
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer
(cherry picked from commit 417b163c00555ccda201a963e797bfa663a26ff5)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=50a5c2f75d948faeaeb601bc25d86cb21bd2cd5d
---
libavcodec/ffv1enc.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/libavcodec/ffv1enc.c b/libavcodec/ffv1enc.c
index 7c91be057a..82f21de8b3 100644
--- a/libavcodec/ffv1enc.c
+++ b/libavcodec/ffv1enc.c
@@ -526,6 +526,11 @@ static av_cold int encode_init(AVCodecContext *avctx)
avctx->slices > 1)
s->version = FFMAX(s->version, 2);
+if ((avctx->flags & (AV_CODEC_FLAG_PASS1 | AV_CODEC_FLAG_PASS2)) && s->ac
== AC_GOLOMB_RICE) {
+av_log(avctx, AV_LOG_ERROR, "2 Pass mode is not possible with golomb
coding\n");
+return AVERROR(EINVAL);
+}
+
// Unspecified level & slices, we choose version 1.2+ to ensure
multithreaded decodability
if (avctx->slices == 0 && avctx->level < 0 && avctx->width * avctx->height
> 720*576)
s->version = FFMAX(s->version, 2);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/mpegts: Initialize predefined_SLConfigDescriptor_seen
ffmpeg | branch: release/4.3 | Michael Niedermayer | Wed Oct 9 23:44:00 2024 +0200| [b612d3634c514c4d70fe84c262b38be8a8374d4e] | committer: Michael Niedermayer avformat/mpegts: Initialize predefined_SLConfigDescriptor_seen Fixes: use of uninitialized variable Fixes: 368729566/clusterfuzz-testcase-minimized-ffmpeg_dem_MPEGTS_fuzzer-6044501804646400 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit db7b4fc89fb18d5ff0a1426bd433c234555a3fff) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b612d3634c514c4d70fe84c262b38be8a8374d4e --- libavformat/mpegts.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/mpegts.c b/libavformat/mpegts.c index 7b1be3b5e2..0093db70f1 100644 --- a/libavformat/mpegts.c +++ b/libavformat/mpegts.c @@ -1639,6 +1639,8 @@ static int mp4_read_iods(AVFormatContext *s, const uint8_t *buf, unsigned size, MP4DescrParseContext d; int ret; +d.predefined_SLConfigDescriptor_seen = 0; + ret = init_MP4DescrParseContext(&d, s, buf, size, descr, max_descr_count); if (ret < 0) return ret; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
