aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* avformat/movenc: Check that frame_types other than ↵Michael Niedermayer2018-07-161-0/+6
| | | | | | | | | | | | EAC3_FRAME_TYPE_INDEPENDENT have a supported substream id Fixes: out of array access Fixes: ffmpeg_bof_1.avi Found-by: Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu with AFLSmart Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ed22dc22216f74c75ee7901f82649e1ff725ba50) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dpx: Check elements in 12bps planar pathMichael Niedermayer2018-07-161-4/+6
| | | | | | | | | | | Fixes: null pointer dereference Fixes: 8946/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DPX_fuzzer-5078915222601728 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Carl Eugen Hoyos <ceffmpeg@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 75a2db552423295b509546f3b0f8b2b46d3424b1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/escape124: Fix spelling errors in commentMichael Niedermayer2018-07-161-2/+2
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f59c4e43915ed0528e2789f27ddb1635b59779df) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ra144: Fix integer overflow in ff_eval_refl()Michael Niedermayer2018-07-161-2/+2
| | | | | | | | | | Fixes: signed integer overflow: -4096 * -524288 cannot be represented in type 'int' Fixes: 8650/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RA_144_fuzzer-5734816036159488 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b31189881a4cf54b0057ecf3eab917ad56eecfea) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/cscd: Check output buffer size for lzo.Michael Niedermayer2018-07-161-1/+1
| | | | | | | | | Fixes: Timeout Fixes: 8665/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CSCD_fuzzer-5768442610188288 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg (cherry picked from commit 78167b498f53c36c31105a2bf11e90b03637598f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/escape124: Check buf_size against num_superblocksMichael Niedermayer2018-07-161-1/+5
| | | | | | | | | | Fixes: Timeout Fixes: 8722/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ESCAPE124_fuzzer-4843268402577408 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6677c98626489edfdb4b49b4f66ca91867768a9f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/h264_parser: Reduce needed history for parsing mb indexMichael Niedermayer2018-07-161-8/+11
| | | | | | | | | | | | This fixes a bug/regression with very small packets Fixes: output_file Regression since: 0782fb6bcb32fe3ab956a99af4cc472ff81da0c2 Reported-by: Thierry Foucu <tfoucu@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d25c945247979a88fac6bb3b7a26370262b96ef1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/magicyuv: Check bits left in flags&1 branchMichael Niedermayer2018-07-161-0/+4
| | | | | | | | | | | Fixes: Timeout Fixes: 8690/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MAGICYUV_fuzzer-6542020913922048 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7719b8ccc790b6e1325af0afe2b65e2334a7173c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mjpegdec: Check for end of bitstream in ljpeg_decode_rgb_scan()Michael Niedermayer2018-07-161-0/+5
| | | | | | | | | | Fixes: Timeout Fixes: 8648/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5108395525799936 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 540e8c2d641bf90fc28e47e170f8c0b1962197e9) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* ffmpeg: fix -stream_loop with multiple inputsMarton Balint2018-07-081-1/+9
| | | | | | | | | | | The input thread needs to be properly cleaned up and re-initalized before we can start reading again in threaded mode. (Threaded input reading is used when there is mode than one input file). Fixes ticket #6121 and #7043. Signed-off-by: Marton Balint <cus@passwd.hu> (cherry picked from commit da36bcbeb78c78e493d18d3cd3ac92ea401e7031)
* ffmpeg: factorize input thread creation and destructionMarton Balint2018-07-081-26/+40
| | | | | Signed-off-by: Marton Balint <cus@passwd.hu> (cherry picked from commit b181cd359b872283d5fcaf7c553bbad88517c78b)
* avformat/mpegts: parse large PMTs with multiple tablesAman Gupta2018-06-181-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In 9152c1e4955, the mpegts parser was taught how to parse PMT sections which contained multiple tables. That commit fixed parsing of PMT packets from some cable providers, which included a special SCTE table (0xc0) before the standard program map table (0x2). Sometimes, however, the combined 0xc0 and 0x2 tables are larger than a single TS packet (188 bytes). The mpegts parser already attempts to parse sections which span multiple packets, but still assumed that the split section only contained one table. This patch fixes parsing of such a sample[1]. Before: Input #0, mpegts, from 'combined-pmt-tids-split.ts': Duration: 00:00:01.26, start: 39188.931756, bitrate: 597 kb/s Program 1 No Program Stream #0:0[0xeff]: Audio: ac3, 48000 Hz, mono, fltp, 64 kb/s Stream #0:1[0xefd]: Audio: mp3, 0 channels, fltp Stream #0:2[0xefe]: Unknown: none After: Input #0, mpegts, from 'combined-pmt-tids-split.ts': Duration: 00:00:01.27, start: 39188.931756, bitrate: 589 kb/s Program 1 Stream #0:0[0xefd]: Video: h264 ([27][0][0][0] / 0x001B), none, 59.94 fps, 59.94 tbr, 90k tbn, 180k tbc Stream #0:1[0xefe](eng): Audio: ac3 ([129][0][0][0] / 0x0081), 48000 Hz, stereo, fltp, 384 kb/s Stream #0:2[0xeff](spa): Audio: ac3 ([129][0][0][0] / 0x0081), 48000 Hz, mono, fltp, 64 kb/s Stream #0:3[0xf00]: Data: scte_35 Stream #0:4[0xf01]: Unknown: none (ETV1 / 0x31565445) Stream #0:5[0xf02]: Unknown: none (ETV1 / 0x31565445) Stream #0:6[0xf03]: Unknown: none ([192][0][0][0] / 0x00C0) With the patch, the PMT is parsed correctly so the streams are created in the correct order, are associated with "Program 1", and their codecs are set correctly. [1] https://s3.amazonaws.com/tmm1/combined-pmt-tids-split.ts Signed-off-by: Aman Gupta <aman@tmm1.net> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cd86c5dbcca5e79c979a6a04da25155ccf17f843)
* Revert "avcodec/mediacodecdec: wait on first frame after input buffers are full"Aman Gupta2018-06-182-1/+8
| | | | | | | | | | | | @xyz reported a regression on his Sony Xperia Z3 Tablet Compact where playback would intermittently fail to start, essentially deadlocking in the decoder. Bisecting narrowed down the issue to this commit, which was meant as an optimization but is not necessary. This reverts commit a75bb5496ac6e7e194f1c6fd3b87f02a52e74adb. Signed-off-by: Aman Gupta <aman@tmm1.net> (cherry picked from commit 37c2cb6a68a4cbd746b0a56e38f28f7ee84e925f)
* avcodec/videotoolboxenc: fix invalid session on iOSThomas Guillem2018-06-181-2/+21
| | | | | | | | Cf. comment. Restart the VT session when the APP goes from foreground to background and vice versa. Signed-off-by: Aman Gupta <aman@tmm1.net> (cherry picked from commit 513e6a30fb013ca34812ccaaf3d090680ac868c5)
* avcodec/videotoolboxenc: split initializationThomas Guillem2018-06-181-20/+28
| | | | | | | | | | Split vtenc_init() into vtenc_init() (VTEncContext initialization) and vtenc_configure_encoder() (creates the vt session). This commit will allow to restart the vt session while encoding. Signed-off-by: Aman Gupta <aman@tmm1.net> (cherry picked from commit 9e11d27c25bf9bbd53fa23e892946752096f378b)
* avcodec/videotoolboxenc: fix mutex/cond leak in error pathThomas Guillem2018-06-181-2/+3
| | | | | | | The leak could happen when the vtenc_create_encoder() function failed. Signed-off-by: Aman Gupta <aman@tmm1.net> (cherry picked from commit ce2330bdf896458131fcd00f9284c31617adcf01)
* Update for 4.0.1n4.0.1Michael Niedermayer2018-06-163-2/+111
| | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/aacdec_fixed: Fix undefined integer overflow in ↵Michael Niedermayer2018-06-151-1/+1
| | | | | | | | | | | | apply_independent_coupling_fixed() Fixes: signed integer overflow: 1195517 * 2048 cannot be represented in type 'int' Fixes: 8636/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-4695836326887424 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8bd514d9343746566b123275f8b6d0e9c11ec2b0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dirac_dwt_template: Fix undefined behavior in interleave()Michael Niedermayer2018-06-151-2/+2
| | | | | | | | | | Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 8697/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5197148130902016 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 575d8ca0260fabac29e5b3541154633569ce2b5d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avutil/common: Fix undefined behavior in av_clip_uintp2_c()Michael Niedermayer2018-06-151-1/+1
| | | | | | | | | | Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself Fixes: 8521/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5639024952737792 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit aa41d322be71106ce147445f2b42bb763f1eff86) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* fftools/ffmpeg: Fallback to duration if sample rate is unavailableMichael Niedermayer2018-06-151-2/+6
| | | | | | | | | | | Regression since: af1761f7 Fixes: Division by 0 Fixes: ffmpeg_crash_1 Found-by: Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu with AFLSmart Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 16d8b13b3b26c19d7f8856e039fe6662d96b4ff3) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: Only set pkt->duration to non negative valuesMichael Niedermayer2018-06-151-1/+3
| | | | | | | Reviewed-by: Sasi Inguva <isasi@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8176799f31b23849382623f0f9001acc5edf7c76) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpeg4videodec: Clear bits_per_raw_sample if it has originated from a ↵Michael Niedermayer2018-06-151-0/+6
| | | | | | | | | | | | previous instance Fixes: assertion failure Fixes: ffmpeg_crash_5.avi Found-by: Thuan Pham <thuanpv@comp.nus.edu.sg>, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu with AFLSmart Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2fc108f60f98cd00813418a8754a46476b404a3c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/movenc: fix recognization of cover image streamsTimo Teräs2018-06-151-18/+18
| | | | | | | | | | | | For chapter images, the mov demux produces streams with disposition set to attached_pic+timed_thumbnails. This patch fixes to properly recognize streams that should be encoded as cover image (ones with only and only attached_pic disposition set). Signed-off-by: Timo Teräs <timo.teras@iki.fi> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2223811b015926fec68473a08016d40cea0989b2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/movenc: properly handle cover image codecsTimo Teräs2018-06-151-18/+12
| | | | | | | | | | | | | Find codec tag for attached images using appropriate list of supported image formats. This fixes writing the cover image to m4v/m4a and other container formats that do not allow these codecs as a track. Signed-off-by: Timo Teräs <timo.teras@iki.fi> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 12205d2c896b7edbc929d4886e7bfda4b53538e5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/h264_slice: Fix overflow in recovery_frame computationMichael Niedermayer2018-06-151-3/+9
| | | | | | | | | | Fixes: signed integer overflow: 15 + 2147483646 cannot be represented in type 'int' Fixes: 8381/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-6225533137321984 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8c20ea8ee0f3f0b27aca0204c6dfaa4ac137e34e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/h264_ps: Move MAX_LOG2_MAX_FRAME_NUM to header so it can be used in ↵Michael Niedermayer2018-06-152-1/+1
| | | | | | | | h264_sei Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b796c5ae9299c795cba0d16ce1d8eef05488953b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/h264_mc_template: Only prefetch motion if the list is used.Michael Niedermayer2018-06-151-1/+2
| | | | | | | | | | Fixes: index 59 out of bounds for type 'H264Ref [48]' Fixes: 8232/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5703295145345024 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8b55591757244d8244a2be369c2b54c9ae79b02a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/xwddec: Use ff_set_dimensions()Michael Niedermayer2018-06-151-2/+6
| | | | | | | | | | | Fixes: OOM Fixes: 8178/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XWD_fuzzer-4844793342459904 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c2852e4e00de4073ff7de82d41cb3368702686e8) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wavpack: Fix overflow in adding tailMichael Niedermayer2018-06-151-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 2146907204 + 26846088 cannot be represented in type 'int' Fixes: 8105/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVPACK_fuzzer-6233036682166272 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d13379fb79708f550460dd6d698023bf26f968d5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/shorten: Fix multiple integer overflowsMichael Niedermayer2018-06-151-2/+2
| | | | | | | | | | Fixes: signed integer overflow: 3 * 1006632960 cannot be represented in type 'int' Fixes: 8278/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5692857166856192 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f2abd36b3863188894fd21964c662b6c17268bfb) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/shorten: Fix undefined shift in fix_bitshift()Michael Niedermayer2018-06-151-1/+1
| | | | | | | | | | Fixes: left shift of negative value -9 Fixes: 8571/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5715966875926528 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 606c7148231404544005c0827b83c165dd6b39a8) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/shorten: Fix a negative left shift in shorten_decode_frame()Michael Niedermayer2018-06-151-1/+1
| | | | | | | | | | Fixes: left shift of negative value -9057 Fixes: 8527/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5666853924896768 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a711efe922b2bf1d363bdf7f8357656c3e35021e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/shorten: Sanity check nmeansMichael Niedermayer2018-06-151-0/+4
| | | | | | | | | | | | | Fixes: OOM Fixes: 8195/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5179785826271232 The reference software appears to use longs for 32bits and it uses int for nmeans hinting that the intended maximum size was not 32bit. Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d91a0b503d7a886587281bc1ee42476aa5e89f85) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/shorten: Check non COMM chunk len before skip in decode_aiff_header()Michael Niedermayer2018-06-151-2/+2
| | | | | | | | | | Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 8024/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5109204648984576 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 424a81df107b63a166894a4aee3d27702ae3f459) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mjpegdec: Fix integer overflow in ljpeg_decode_rgb_scan()Michael Niedermayer2018-06-151-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 32768 + 2147450880 cannot be represented in type 'int' Fixes: 7885/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THP_fuzzer-5298834394578944 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 936f4a2c2e14ec753e8835f2e820b4cd9aec9a56) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/truemotion2: Fix overflow in tm2_apply_deltas()Michael Niedermayer2018-06-151-1/+1
| | | | | | | | | | Fixes: signed integer overflow: 1077952576 + 1077952576 cannot be represented in type 'int' Fixes: 7712/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5056281753681920 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 79c6047c3668c639f717b3a7001a34dddba0ede2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/opus_silk: Change silk_lsf2lpc() slightly toward silk/NLSF2A.cMichael Niedermayer2018-06-151-2/+4
| | | | | | | | | | Fixes: runtime error: signed integer overflow: -1440457022 - 785819492 cannot be represented in type 'int' Fixes: 7700/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_OPUS_fuzzer-6595838684954624 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e7dda51150b73e5fbdccf4c2d3a72e356980fba3) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/amrwbdec: Fix division by 0 in find_hb_gain()Michael Niedermayer2018-06-151-3/+8
| | | | | | | | | | | This restructures the code slightly toward D_UTIL_dec_synthesis() Fixes: 7420/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AMRWB_fuzzer-6577305112543232 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit dce80a4b47efaba97707bda781a9ee57f5a26974) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/h263dec: Reinitialize idct context if it has not been setup for the ↵Michael Niedermayer2018-06-151-0/+2
| | | | | | | | | | active profile The profile after reading headers can be different from when the context was initialized Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 44a2415a6d94f841f2026bb70b8b3c19ba68aa72) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/idctdsp: Clear idct/idct_add for studio profileMichael Niedermayer2018-06-151-2/+4
| | | | | | | | This does not leave them "as before" which may be a value from a previous profile Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8c50d0cccfe4c9f25a8494f76da55dcdc2275058) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: replace a value error by clipping into valid range in ↵Michael Niedermayer2018-06-151-3/+11
| | | | | | | | | | mov_read_stsc() Fixes: #7165 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit fe84f70819d6f5aab3c4823290e0d32b99d6de78) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/bintext: Reduce detection for random .bin files as it more likely ↵Michael Niedermayer2018-06-151-1/+1
| | | | | | | | is not a multimedia related file Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 919e37377a76f63d030d680fcb9506a3f8cc2d62) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mov: Break out early if chunk_count is 0 in mov_build_index()Michael Niedermayer2018-06-151-0/+3
| | | | | | | | | | | Without this some operations might overflow (undefined behavior) even though the index adding loop would never execute No testcase known Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 56e76bd0579cc7f7b28860885d9e569a39daf41b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/fic: Avoid some magic numbers related to cursorsMichael Niedermayer2018-06-151-1/+2
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c6a11714c4b1227be62cbc36651ccfc415e8e623) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpeg4video: Detect reference studio streams as studio streamsMichael Niedermayer2018-06-152-9/+25
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ba97d75ac6254db90c64d3c7aacdd0548dca7b24) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpeg4videodec: Do not corrupt bits_per_raw_sampleMichael Niedermayer2018-06-151-3/+5
| | | | | | | Reviewed-by: Kieran Kunhya <kierank@obe.tv> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9e5d0860c043ba5d1e48c0f8c42b0fe3b6cbeba4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpeg4videode: Eliminate out of loop VOP startcode reading for studio ↵Michael Niedermayer2018-06-151-4/+0
| | | | | | | | profile Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9f73ae31e075104c7613d481a09a8b102e6449e9) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/g2meet: ask for sample with overflowing RGBMichael Niedermayer2018-06-151-1/+1
| | | | | | | | Suggested-by: Tomas Härdin <tjoppen@acc.umu.se> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ab834b8f36c8157b7015e849405cbf6ae21e672f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/idctdsp: Transmit studio_profile to init instead of using ↵Michael Niedermayer2018-06-153-1/+5
| | | | | | | | | | | | | | | AVCodecContext profile These 2 fields are not always the same, it is simpler to always use the same field for detecting studio profile Fixes: null pointer dereference Fixes: ffmpeg_crash_3.avi Found-by: Thuan Pham <thuanpv@comp.nus.edu.sg>, Marcel Böhme, Andrew Santosa and Alexandru RazvanCaciulescu with AFLSmart Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b3332a182f8ba33a34542e4a0370f38b914ccf7d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 04:57:36 +0000