aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Bump minor versions again on master to keep 4.2 versions separate from mastern4.3-devMichael Niedermayer2019-07-218-8/+8
| | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* Bump minor versions to separate 4.2 from masterMichael Niedermayer2019-07-218-12/+12
| | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* Changelog: Add 4.2 cut markerMichael Niedermayer2019-07-211-1/+1
| | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* doc/APIchanges: Fill in missing Fields, add 4.2 cut markerMichael Niedermayer2019-07-211-4/+6
| | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/utils: Check close before calling itMichael Niedermayer2019-07-211-1/+1
| | | | | | | | | Fixes: NULL pointer dereference Fixes: 15733/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IDF_fuzzer-5658616977162240 Reviewed-by: Paul B Mahol <onemda@gmail.com> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* tools/target_dec_fuzzer: Free parser in case of avcodec_open2() failureMichael Niedermayer2019-07-211-0/+1
| | | | | | | | Fixes: memleak Fixes: part of 15529/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LIBVPX_VP8_fuzzer-5140143700180992 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vorbisdec: Check vlc for floor0 dec vector offsetMichael Niedermayer2019-07-211-2/+4
| | | | | | | | Fixes: out of array access Fixes: 15649/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VORBIS_fuzzer-5729191309344768 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vorbisdec: amplitude bits can be more than 25 bitsMichael Niedermayer2019-07-211-3/+4
| | | | | | | | Fixes: assertion failure, invalid shift Fixes: 15583/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VORBIS_fuzzer-5640157484548096 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avutil/softfloat_ieee754: Fix odd bit position for exponent and sign in ↵Michael Niedermayer2019-07-211-1/+1
| | | | | | av_bits2sf_ieee754() Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/alsdec: fix undefined shift in multiply()Michael Niedermayer2019-07-211-1/+1
| | | | | | | | Fixes: left shift of negative value -6 Fixes: 15564/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5701655938465792 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/alsdec: Fix 2 integer overflowsMichael Niedermayer2019-07-211-2/+2
| | | | | | | | Fixes: signed integer overflow: 1270564968 + 904828220 cannot be represented in type 'int' Fixes: 15402/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5755426823471104 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: Fix various integer overflowsMichael Niedermayer2019-07-211-4/+4
| | | | | | | | | | Fixes: signed integer overflow: -538976267 * 31 cannot be represented in type 'int' Fixes: left shift of 65312 by 16 places cannot be represented in type 'int' Fixes: 15255/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5718831688843264 Fixes: 15547/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5691384901664768 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: Fix multiple integer overflows in predictor_update_filter()Michael Niedermayer2019-07-211-1/+1
| | | | | | | | Fixes: signed integer overflow: -829262115 + -1410750414 cannot be represented in type 'int' Fixes: 15251/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5651742252859392 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/flicvideo: Make line_packets intMichael Niedermayer2019-07-211-6/+6
| | | | | | | | Fixes: signed integer overflow: -32768 * 196032 cannot be represented in type 'int' Fixes: 15300/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLIC_fuzzer-5733319519502336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* lavf/avio: remove ffio_open2_wrapper functionJun Zhao2019-07-212-9/+0
| | | | | | Remove the function ffio_open2_wrapper, it's not being used anymore. Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
* lavfi/showinfo: support regions of interest sidedataJun Zhao2019-07-211-0/+25
| | | | | | support regions of interest sidedata Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
* avformat/aacdec: resync to the next adts frame on invalid data instead of ↵James Almer2019-07-201-3/+3
| | | | | | | | aborting Should fix ticket #6634 Signed-off-by: James Almer <jamrial@gmail.com>
* avformat/aacdec: factorize the adts frame resync codeJames Almer2019-07-201-12/+25
| | | | Signed-off-by: James Almer <jamrial@gmail.com>
* avcodec/dvbsubdec: Use ff_set_dimensions()Michael Niedermayer2019-07-201-2/+3
| | | | | | | | | Fixes: signed integer overflow: 65313 * 65313 cannot be represented in type 'int' Fixes: 15740/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DVBSUB_fuzzer-5641749164195840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ffwavesynth: Check if there is enough extradata before allocationMichael Niedermayer2019-07-201-1/+1
| | | | | | | | | Fixes: OOM Fixes: 15750/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5702090367696896 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Nicolas George <george@nsup.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ffwavesynth: More correct cast in wavesynth_seek()Michael Niedermayer2019-07-201-1/+1
| | | | | | | | | Fixes: signed integer overflow: 553590816 - -9223372036315799520 cannot be represented in type 'long' Fixes: 15743/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5705835377852416 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Nicolas George <george@nsup.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ffwavesynth: Check sample rate before useMichael Niedermayer2019-07-201-1/+1
| | | | | | | | | Fixes: division by zero Fixes: 15725/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5641231956180992 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Nicolas George <george@nsup.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/tak_parser: don't return error valuesJames Almer2019-07-201-8/+12
| | | | | | | | | The API does not allow it. Also set poutbuf and poutbuf_size to NULL/0 on error. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: James Almer <jamrial@gmail.com>
* avcodec/cbs_h265: add support for Alpha Channel Info SEI messagesJames Almer2019-07-204-0/+43
| | | | | | | As defined in sections F.14.2.8 and F.14.3.8 Reviewed-by: Mark Thompson <sw@jkqxz.net> Signed-off-by: James Almer <jamrial@gmail.com>
* cbs_h2645: Fix infinite loop in more_rbsp_dataAndreas Rheinhardt2019-07-201-2/+4
| | | | | | | | | | | | | | | | | | | | | | cbs_h2645_read_more_rbsp_data does not handle malformed input very well: 1. If there were <= 8 bits left in the bitreader, these bits were read via show_bits. But show_bits requires the number of bits to be read to be > 0 (internally it shifts by 32 - number of bits to be read which is undefined behaviour if said number is zero; there is also an assert for this, but it is only an av_assert2). Furthermore, in this case a shift by -1 was performed which is of course undefined behaviour, too. 2. If there were > 0 and <= 8 bits left and all of them were zero (this can only happen for defective input), it was reported that there was further RBSP data. This can lead to an infinite loop in H.265's cbs_h265_read_extension_data corresponding to the [vsp]ps_extension_data_flag syntax elements. If the relevant flag indicates the (potential) occurence of these syntax elements, while all bits after this flag are zero, cbs_h2645_read_more_rbsp_data always returns 1 on x86. Given that a checked bitstream reader is used, we are also not "saved" by an overflow in the bitstream reader's index. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
* avformat/mux: correct error msg for when BSF filtering failsGyan Doshi2019-07-201-1/+1
|
* avcodec/flashsv: add FF_CODEC_CAP_INIT_CLEANUP to flashsv2Michael Niedermayer2019-07-191-0/+1
| | | | | | | | Fixes: memleaks on error paths during init Fixes: 15548/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLASHSV2_fuzzer-6324019382452224 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/flashsv: add FF_CODEC_CAP_INIT_CLEANUP to flashsv1Michael Niedermayer2019-07-191-1/+1
| | | | | | | | Fixes: memleaks on error paths during init Fixes: 15533/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLASHSV_fuzzer-5647977168764928 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/utils: Check rfps_duration_sum for overflowMichael Niedermayer2019-07-191-2/+4
| | | | | | | | Fixes: signed integer overflow: 9151595917793558550 + 297519050751678697 cannot be represented in type 'long' Fixes: 15496/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5722866475073536 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/agm: Fix overflow of signed shiftMichael Niedermayer2019-07-191-1/+1
| | | | | | | | Fixes: left shift of 1 by 31 places cannot be represented in type 'int' Fixes: 15328/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AGM_fuzzer-5637545171353600 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/h264_refs: Also check reference in ff_h264_build_ref_list()Michael Niedermayer2019-07-191-2/+4
| | | | | | | | Fixes: out of array read Fixes: 15409/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5758846959616000 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/h264_cavlc: Fix integer overflows with motion vector residual additionMichael Niedermayer2019-07-191-8/+8
| | | | | | | | Fixes: signed integer overflow: 14 + 2147483647 cannot be represented in type 'int' Fixes: 14794/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5677380695228416 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/atrac9dec: Check conditions before apply_band_extension() to avoid ↵Michael Niedermayer2019-07-191-4/+3
| | | | | | | | | | out of array read in initialization of unused variables Fixes: global-buffer-overflow Fixes: 15247/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC9_fuzzer-5671602181636096 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* tools/target_dem_fuzzer: ignore avformat_find_stream_info() failureMichael Niedermayer2019-07-191-2/+0
| | | | | | Such a failure should not be fatal and its worth testing this path too Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avutil/mips: refactor msa load and store macros.Shiyou Yin2019-07-1924-1151/+991
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Replace STnxm_UB and LDnxm_SH with new macros ST_{H/W/D}{1/2/4/8}. The old macros are difficult to use because they don't follow the same parameter passing rules. Changing details as following: 1. remove LD4x4_SH. 2. replace ST2x4_UB with ST_H4. 3. replace ST4x2_UB with ST_W2. 4. replace ST4x4_UB with ST_W4. 5. replace ST4x8_UB with ST_W8. 6. replace ST6x4_UB with ST_W2 and ST_H2. 7. replace ST8x1_UB with ST_D1. 8. replace ST8x2_UB with ST_D2. 9. replace ST8x4_UB with ST_D4. 10. replace ST8x8_UB with ST_D8. 11. replace ST12x4_UB with ST_D4 and ST_W4. Examples of new macro: ST_H4(in, idx0, idx1, idx2, idx3, pdst, stride) ST_H4 store four half-word elements in vector 'in' to pdst with stride. About the macro name: 1) 'ST' means store operation. 2) 'H/W/D' means type of vector element is 'half-word/word/double-word'. 3) Number '1/2/4/8' means how many elements will be stored. About the macro parameter: 1) 'in0, in1...' 128-bits vector. 2) 'idx0, idx1...' elements index. 3) 'pdst' destination pointer to store to 4) 'stride' stride of each store operation. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/ifv: Check for EOF in read_index()Michael Niedermayer2019-07-191-0/+2
| | | | | | | | | Fixes: Timeout Fixes: 15567/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5758451487080448 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* matroskadec: Remove redundant constAndreas Rheinhardt2019-07-181-46/+46
| | | | | | | | | | The typedef used to define EbmlSyntax already includes a const qualifier so that it is unnecessary to include another const qualifier in future definitions and declarations. Given that MSVC warns about this, this commit removes these redundant const qualifiers. Suggested-by: Hendrik Leppkes <h.leppkes@gmail.com> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
* matroskadec: Add sizes to forward declarationsAndreas Rheinhardt2019-07-181-6/+10
| | | | | | | | | | | | | | | | Unknown-length elements end when an element not allowed in them, but allowed at a higher level is encountered. In order to check for this, c1abd95a added a pointer to every syntax level's parent to each EbmlSyntax. Given that the parent must of course also reference the child in order to be able to enter said child level, one needs to use forward declarations. These forward declarations constitute tentative definitions and tentative definitions with internal linkage (like our syntaxes) must not be an incomplete type. Yet they were an incomplete type and while GCC and Clang did not even warn about this (on default warning levels), it broke compilation with MSVC. Therefore this commit adds the sizes. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
* avcodec/dnxhd_parser: Fix parser when input does not have nicely sized packetsMichael Niedermayer2019-07-171-1/+2
| | | | | | | | Fixes: out of array access Fixes: 15522/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DNXHD_fuzzer-5747756078989312 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/rawdec: Make the raw packet size configurableMichael Niedermayer2019-07-1713-5/+69
| | | | | | | | This allows testing parsers with a wider range of input packet sizes. Which is important and usefull for regression testing, some of our parsers in fact to not work if the packet size is changed from 1024 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dnxhd_parser: Optimize insufficient buf size caseMichael Niedermayer2019-07-171-0/+4
| | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dnxhd_parser: remove unneeded codeMichael Niedermayer2019-07-171-2/+0
| | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/parser: Check next index validity in ff_combine_frame()Michael Niedermayer2019-07-171-0/+3
| | | | | | | | Fixes: out of array access Fixes: 15522/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DNXHD_fuzzer-5747756078989312 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/takdec: Check for multiple streaminfoMichael Niedermayer2019-07-171-0/+2
| | | | | | | | Fixes: memleak Fixes: 15446/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5662875831500800 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/takdec: Free buffer on error pathesMichael Niedermayer2019-07-171-3/+8
| | | | | | | | Fixes: memleak Fixes: 15446/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5662875831500800 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ivi: Ask for samples with odd tilesMichael Niedermayer2019-07-171-0/+4
| | | | | | | | Fixes: Assertion failure Fixes: 15422/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INDEO5_fuzzer-5676625481433088 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec: clarify the allocation requirements for intra_matrix and ↵James Almer2019-07-171-4/+8
| | | | | | | inter_matrix fields Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: James Almer <jamrial@gmail.com>
* avformat/matroskadec: Improve check for level 1 duplicatesAndreas Rheinhardt2019-07-161-1/+4
| | | | | | | | | | | | | | | | If a file uses unknown-length level 1 elements besides clusters and such elements are after the first cluster, then these elements will usually be parsed twice: Once during parsing of the file header and once when reading the file reaches the position where these elements are located. The second time the element is parsed leads to a "Duplicate element" error message. Known-length elements are not affected by this as they are skipped except during parsing the header. This commit fixes this by explicitly adding a check for whether the position of the element to be parsed is the same as the position of the already known level 1 element. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
* avformat/matroskadec: Use file offsets for level 1 elementsAndreas Rheinhardt2019-07-161-7/+5
| | | | | | | | | | | | This commit converts the MatroskaLevel1Element struct to use file-based offsets, as opposed to the current practice of using offsets relative to the beginning of the segment in it. This also includes a change from uint64_t to int64_t. This is in preparation to another patch that improves the check for duplicate level 1 elements. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
* avformat/matroskadec: Reindent after previous commitAndreas Rheinhardt2019-07-161-38/+38
| | | | | | Also use the smallest scope possible for a loop variable. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-13 01:26:34 +0000