summaryrefslogtreecommitdiffstats
path: root/libavcodec
Commit message (Collapse)AuthorAgeFilesLines
* avcodec/msrle: Check that the input is large enough to contain a end of ↵Michael Niedermayer2018-11-031-0/+3
| | | | | | | | | | | | picture code Fixes: Timeout Fixes: 10625/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSRLE_fuzzer-5659651283091456 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 203ccb8746997777ce66beadd53b4631d217b9cd) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/libx264: remove FF_CODEC_CAP_INIT_THREADSAFE flagMarton Balint2018-11-011-4/+2
| | | | | | | | | | | | | | Libx264 uses strtok which is not thread safe. Strtok is used in x264_param_default_preset in param_apply_tune in x264/common/base.c. Therefore the flag must be removed. x264 fixed the issue, once the fix is pushed to stable, an #if can be added to re-enable the flag based on X264_BUILD number. Fixes ticket #7446. Signed-off-by: Marton Balint <[email protected]> (cherry picked from commit b02490a497009064b7f192802aa246aa0b6a4dad)
* avcodec/jpeg2000dec: Fix off by 1 error in JPEG2000_PGOD_CPRL handlingMichael Niedermayer2018-10-231-1/+1
| | | | | | | | | | Fixes: assertion failure Fixes: 10785/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5672160496975872 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 305e523105f6f59e7572050f19edc9f4671c036c) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/mpeg4videodec: Fix typo in sprite delta checkMichael Niedermayer2018-10-231-1/+1
| | | | | | | | | | Fixes: Integer overflow Fixes: 10890/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5636062181851136 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit b737317a8813e671c00b8ac7023c47e48ffeb1c8) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/h264_cavlc: Check mb_skip_runMichael Niedermayer2018-10-231-2/+8
| | | | | | | | | | Fixes: 10300/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-6292205497483264 Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit f72b9904fefa79d799d0f6ecc8bd97ce52658725) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/ra144: Fix integer overflow in add_wav()Michael Niedermayer2018-10-231-1/+1
| | | | | | | | | | Fixes: signed integer overflow: -2144033225 + -5208934 cannot be represented in type 'int' Fixes: 10633/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RA_144_fuzzer-5679133791617024 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit c6282141cba20934d9801f31134872fabbd6ba3e) Signed-off-by: Michael Niedermayer <[email protected]>
* Revert "avcodec/cbs_h264: silence errors about end_of_seq nalus"Aman Gupta2018-10-181-3/+0
| | | | | | This reverts commit aec3daa8b4b31235b61922642df06f0f26fef082. This is an incomplete fix, and did not quality for a backport.
* avcodec/cbs: ensure user_data is padded for GBC parsingAman Gupta2018-10-162-2/+2
| | | | | | | | | | | | | | | | | | | | | | Fixes crash noticed in the cbs_userdata patchset. ====ERROR: AddressSanitizer: heap-buffer-overflow on address 0x609000026c89 at pc 0x00010725d37b bp 0x7ffeea04e750 sp 0x7ffeea04e748 READ of size 4 at 0x609000026c89 thread T0 #0 0x10725d37a in ff_cbs_read_unsigned get_bits.h:274 #1 0x1072d2767 in ff_cbs_read_a53_user_data cbs_misc_syntax_template.c:119 #2 0x1078251a7 in h264_metadata_filter h264_metadata_bsf.c:595 #3 0x105c1321d in output_packet ffmpeg.c:853 0x609000026c89 is located 1 bytes to the right of 8-byte region [0x609000026c80,0x609000026c88) allocated by thread T0 here: #0 0x10aef08d7 in wrap_posix_memalign (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x578d7) #1 0x10aca95e6 in av_malloc mem.c:87 #2 0x10ac545fe in av_buffer_allocz buffer.c:72 #3 0x107263b27 in cbs_h264_read_nal_unit cbs_h264_syntax_template.c:722 #4 0x10725b688 in cbs_read_fragment_content cbs.c:155 Signed-off-by: Aman Gupta <[email protected]> (cherry picked from commit 41ed2c384993da0cbc69657f05bec3c9b21b78bf)
* avcodec/cbs: fix crash in sei_pic_timestampAman Gupta2018-10-161-0/+6
| | | | | Signed-off-by: Aman Gupta <[email protected]> (cherry picked from commit b6c3a02740871f4992ab7c34a95dfa53a56ba382)
* avcodec/cbs_h264: silence errors about end_of_seq nalusAman Gupta2018-10-161-0/+3
| | | | | | | [ffmpeg] AVBSFContext: Decomposition unimplemented for unit 4 (type 10). Signed-off-by: Aman Gupta <[email protected]> (cherry picked from commit 64c50c0e978cd556dc2da238dfe0bb367e7c1ab9)
* avcodec/cuviddec: properly take deinterlacing and display delay into account ↵Timo Rothenpieler2018-10-141-1/+5
| | | | | | for buffer_full check Signed-off-by: Timo Rothenpieler <[email protected]>
* avcodec/h2645_parse: skip NALUs with no content after stripping all the ↵James Almer2018-10-111-1/+1
| | | | | | | | | trailing zeros The GetBitContext is effectively empty in them. Signed-off-by: James Almer <[email protected]> (cherry picked from commit 9a09f4c54ab829811c2dd041cfb7196000590b78)
* avcodec/unary: Improve get_unary() docsMichael Niedermayer2018-10-071-1/+14
| | | | | | | Found-by: kierank Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit ad89e203bfedf25df00e2a6ed9196170d772f25b) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/gdv: Replace divisions by shifts in rescale()Michael Niedermayer2018-10-071-8/+8
| | | | | | | | | Divisions tend to be slower than shifts unless the compiler optimizes them out. And some of these are in inner loops. Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit b90d8cc7466386a166dd72107457498aa5a7c43d) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/ac3dec: Fix shift signedness in mask creationMichael Niedermayer2018-10-071-2/+2
| | | | | | | | | | Fixes: 9924/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EAC3_fuzzer-5473421772193792 Fixes: left shift of 1 by 63 places cannot be represented in type 'long long' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 148a21611d856609fc034147f4a27cfdb6d90ff4) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/eac3dec: Check that channel_map does not contain more than ↵Michael Niedermayer2018-10-074-25/+36
| | | | | | | | EAC3_MAX_CHANNELS Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit fe315feab59f2f99765547096357826bc9454d24) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/dvdsubdec: Sanity check len in decode_rle()Michael Niedermayer2018-10-071-0/+2
| | | | | | | | | | Fixes: Timeout Fixes: 9778/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DVDSUB_fuzzer-5186007132536832 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit e7b023e1db9fb13175929c02a02846d03510ec91) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/mpeg4videodec: Fix undefined shift in get_amv()Michael Niedermayer2018-10-071-1/+1
| | | | | | | | | | Fixes: runtime error: shift exponent -1 is negative Fixes: 9938/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5653783529914368 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit c88afa44c4823aba7b6f4a1b01fd6a4169643c57) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/zmbv: Check that the decompressed data size is correctMichael Niedermayer2018-10-071-0/+14
| | | | | | | | | | | | | | This checks the value exactly for intra frames and checks it against a minimum for inter frames as they can be variable. Fixes: Timeout Fixes: 10182/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ZMBV_fuzzer-6245951174344704 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit e33b28cc79d164fff22bfee750c9283587c00bc4) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/zmbv: Update decomp_len in raw framesMichael Niedermayer2018-10-071-0/+1
| | | | | | | | | decomp_len is used in raw frames, so it should not be left at the value from whatever was decoded previously (which may be any other frame) Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 3d201b83cda03fd9e866acafee82d7ce88260e66) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/shorten: Fix bitstream end check in read_header()Michael Niedermayer2018-10-071-1/+1
| | | | | | | | | | | Fixes: Timeout Fixes: 9961/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5687856176562176 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 28b80c2d52d82eb4f73af5f818dab60946bcf299) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/dvdsubdec: Avoid branch in decode_run_8bit()Michael Niedermayer2018-10-071-4/+1
| | | | | | | | | Speed improvment 35.5 sec -> 34.7sec Reviewed-by: Paul B Mahol <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 71bf0330505e2108935d05c5c018ec65eac4b946) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/h264_refs: Document last if() in ff_h264_execute_ref_pic_marking()Michael Niedermayer2018-10-071-0/+1
| | | | | | Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 697984b9db4d4d199680f43ac3eb662cd1d37eff) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/ra144: Fix undefined integer overflow in add_wav()Michael Niedermayer2018-10-071-1/+1
| | | | | | | | | | Fixes: signed integer overflow: -26884 * 91439 cannot be represented in type 'int' Fixes: 9687/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RA_144_fuzzer-4995588121690112 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 93a203662f6ff1bb9fd2e966bf7df27e9bdb1916) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/indeo4: Check dimensions in decode_pic_hdr()Michael Niedermayer2018-10-071-0/+8
| | | | | | | | | | Fixes: Timeout Fixes: 9654/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INDEO4_fuzzer-6289863463665664 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 7592e88bfe3d5bf9109a55acd025af9110618405) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/hq_hqa: Check remaining input bits in hqa_decode_mb()Michael Niedermayer2018-10-071-0/+3
| | | | | | | | | | Fixes: Timeout Fixes: 9634/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HQ_HQA_fuzzer-6267852259590144 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit c9222b972d6cbdaf6571cf7ae0a6513bffa5ff9f) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/vb: Check for end of bytestream before reading blocktypeMichael Niedermayer2018-10-071-0/+4
| | | | | | | | | | Fixes: Timeout Fixes: 9601/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VB_fuzzer-4550228702134272 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 1cbac9ce20d32806febf64cbd9f830e1485695ca) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/snowdec: Fix integer overflow with motion vector residualMichael Niedermayer2018-10-071-2/+2
| | | | | | | | | | Fixes: signed integer overflow: -19818 + -2147483648 cannot be represented in type 'int' Fixes: 9545/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-4928769537081344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit acba153a148782c08f9fd17f0c05b93468f3cbd0) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/mpeg4videodec: Fix slice end detection in mpeg4_decode_studio_mb()Michael Niedermayer2018-10-071-0/+8
| | | | | | Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 168d8d56bfb0c69684637f3d04889db647de6238) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/scpr: Check for min > max in decompress_p()Michael Niedermayer2018-10-071-0/+3
| | | | | | | | | | Fixes: Timeout Fixes: 9342/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-4795990841229312 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 3378194ce8e9a126a7cc6ed57bedde1221790469) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/shorten: Fix signed 32bit overflow in shift in shorten_decode_frame()Michael Niedermayer2018-10-071-1/+1
| | | | | | | | | | Fixes: runtime error: left shift of 1 by 31 places cannot be represented in type 'int' Fixes: 9480/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-6647324284551168 -rss_limit_mb=2000 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 9b604e96a51a1fca92bbabfe4f7ac53f0470ee41) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/shorten: Fix integer overflow in residual/LPC combinationMichael Niedermayer2018-10-071-1/+1
| | | | | | | | | | Fixes: signed integer overflow: -540538872 + -2012739576 cannot be represented in type 'int' Fixes: 9255/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5758630052757504 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit db7e9082e1a1479c6a8844f7adf77eae03cc2aa7) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/shorten: Check verbatim lengthMichael Niedermayer2018-10-071-0/+5
| | | | | | | | | | Fixes: Timeout Fixes: 9252/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5780720709533696 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 7007dabec08f2f9f81661e71ef482dde394e17a8) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/mpegaudio_parser: Initialize poutbuf*Michael Niedermayer2018-10-071-0/+2
| | | | | | | | | | | | Possibly fixes: null pointer dereference Possibly fixes: 9352/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MP3ADUFLOAT_fuzzer-5146068961460224 Fixes: Heap-use-after-free Fixes: 9453/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MP3ADUFLOAT_fuzzer-5137954375729152 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 0f4c3b0b8e5435d13fd3b64c91969b31c3c018dc) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/aacpsdsp_template: Fix integer overflow in ps_stereo_interpolate_c()Michael Niedermayer2018-10-071-4/+4
| | | | | | | | | | Fixes: signed integer overflow: -1813244069 + -1407981383 cannot be represented in type 'int' Fixes: 8823/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5643295618236416 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 47db5763e21c5e3b0ddde2430d15938f8d88480d) Signed-off-by: Michael Niedermayer <[email protected]>
* lavc/svq3: Fix regression decoding some files.Nikolas Bowe2018-10-071-5/+4
| | | | | | | | | | | | | Fixes some SVQ3 encoded files which fail to decode correctly after 6d6faa2a2d. These files exhibit lots of artifacts and logs show "Media key encryption is not implemented". However they decode without artifacts before 6d6faa2a2d. The attatched patch allows these files to successfully decode, but also reject media key files. Tested on the files in #6094 and http://samples.mplayerhq.hu/V-codecs/SVQ3/Vertical400kbit.sorenson3.mov Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 5aeb3b008080d8d4a38f245d557dbc9bd6c36dcf) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/mlp_parser: Check if synccode is within bufferMichael Niedermayer2018-10-071-1/+1
| | | | | | | | | | Fixes: undefined shift Fixes: 9216/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEHD_fuzzer-6281404575907840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 51ac3f43b8bf3b7f2af555af319cd240bb8b4ebf) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/qtrle: Check remaining bytestream in qtrle_decode_XYbpp()Michael Niedermayer2018-10-071-0/+10
| | | | | | | | | | Fixes: Timeout Fixes: 9213/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QTRLE_fuzzer-5649753332252672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 7dd836a3f9771e0e44df1b27e67d6866d91e06d7) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/diracdec: Check bytes count in else branch in decode_lowdelay() tooMichael Niedermayer2018-10-071-0/+4
| | | | | | | | | | Fixes: signed integer overflow: 8 * 340018243 cannot be represented in type 'int' Fixes: 9441/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5194665207791616 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit bed125b7108481574f36fdd6ee699b27354602e8) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/diracdec: Check slice numbers for overflows in relation to picture ↵Michael Niedermayer2018-10-071-1/+4
| | | | | | | | | | | | dimensions Fixes: signed integer overflow: 88 * 33685506 cannot be represented in type 'int' Fixes: 9433/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5725943535501312 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit f457c0ad7f73e31e99761f2ad3738cf3b3c24ca0) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/diracdec: Change frame_number to 64bit as its a 32bit from the ↵Michael Niedermayer2018-10-071-2/+2
| | | | | | | | | | | | bitstream and we also have a -1 special case Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 9291/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-6324345860259840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 462d1be6dec5ff4768be8c202f359cbf037db3c6) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/dirac_dwt_template: Fix several integer overflows in ↵Michael Niedermayer2018-10-071-4/+4
| | | | | | | | | | | | horizontal_compose_daub97i() Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 8926/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-6047609228623872 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 69cac9e130dc8c9d2a5b8012011df372974adf35) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/diracdec: Prevent integer overflow in intermediate in global_mv()Michael Niedermayer2018-10-071-2/+2
| | | | | | | | | | Fixes: signed integer overflow: -393471 * 5460 cannot be represented in type 'int' Fixes: 8890/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-6299775379963904 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 51290406461ed40b70e0e05b389a461a283f3367) Signed-off-by: Michael Niedermayer <[email protected]>
* lavc/videotoolboxenc: Fix compilation on osx 10.10.5 YosemiteThilo Borgmann2018-08-141-1/+1
| | | | | Signed-off-by: Aman Gupta <[email protected]> (cherry picked from commit 72d9b8f4c53ce3de48ba43ddeeccc62f6932b376)
* avcodec/mediacodecdec: fix SEGV on modern nvidia decodersAman Gupta2018-08-031-2/+3
| | | | | | | | | | | | | | | | | | | | | This code came originally from gstreamer, where it was added in [1] as a work-around for the Tegra 3. (The alignment was changed in [2] as a response to [3], from 32-bit to 16-bit). gstreamer only used this workaround in the case where the decoder didn't return a slice-height property, but when the code was copied into avcodec the conditional got lost. This commit restores the guard and prefers the slice-height from the decoder when it is available. This fixes segfaults decoding 1920x1080 h264 and mpeg2 videos on the NVidia SHIELD after upgrading to Android Oreo. [1] https://github.com/GStreamer/gst-plugins-bad/commit/a870e6a5c30dd85240fe75c7409cc1cf1b86541d [2] https://github.com/GStreamer/gst-plugins-bad/commit/21ff3ae0b0127bd82951d278ca24f2d54133b7cd [3] https://bugzilla.gnome.org/show_bug.cgi?id=748867 Signed-off-by: Aman Gupta <[email protected]> (cherry picked from commit 476fd6ba3a7d74ed8be9af10cb9f4d4b3fdaf3e1)
* avcodec/bitstream_filters: check the input argument of av_bsf_get_by_name() ↵James Almer2018-07-281-0/+3
| | | | | | | | | for NULL Fixes crashes like "ffmpeg -h bsf" caused by passing NULL to strcmp() Signed-off-by: James Almer <[email protected]> (cherry picked from commit 3258cc6507a2012d54889ce5f8efbde7e81d927d)
* avcodec/videotoolboxenc: fix undefined behavior with rc_max_rate=0Thomas Guillem2018-07-191-1/+4
| | | | | | | | | | | | On macOS, a zero rc_max_rate cause an error from VTSessionSetProperty(kVTCompressionPropertyKey_DataRateLimits). on iOS (depending on device/version), a zero rc_max_rate cause invalid arguments from the vtenc_output_callback after few frames and then a crash within the VideoToolbox library. Signed-off-by: Aman Gupta <[email protected]> (cherry picked from commit 93e157f40f415119ea0f94b35596965e9870f863)
* avcodec/dvdsub_parser: Allocate input paddingMichael Niedermayer2018-07-161-1/+5
| | | | | | | | | | Fixes: out of array read Fixes: 9350/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DVDSUB_fuzzer-5746777750765568 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit cd86b5cfe278af79d6b147e122d9a72c270a9fde) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/dvdsub_parser: Init output buf/sizeMichael Niedermayer2018-07-161-0/+3
| | | | | | | | No testcase Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 9e6c8437761661441d836876934314cb2b8fafe7) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/dirac_dwt_template: Fix signedness regression in interleave()Michael Niedermayer2018-07-161-2/+2
| | | | | | | | Found-by: <jdarnley> Tested-by: James Darnley <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 181435a4de6e38e0a15ddaf16de9a157ef41cb18) Signed-off-by: Michael Niedermayer <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-23 08:57:21 +0000