aboutsummaryrefslogtreecommitdiffstats
path: root/libavcodec
Commit message (Collapse)AuthorAgeFilesLines
* avcodec/dstdec: Check for overflow in build_filter()Michael Niedermayer2022-09-241-3/+8
| | | | | | | | | | Fixes: signed integer overflow: 1917019860 + 265558963 cannot be represented in type 'int' Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DST_fuzzer-4833165046317056 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8008940da5aa43895fd4574114309c3324249eab) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mjpegdec: Check for unsupported bayer caseMichael Niedermayer2022-09-241-0/+2
| | | | | | | | | | Fixes: out of array access Fixes: 51462/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-662559341582745 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit dd81cc22b3dd5bd6badf012b4fe4c19e062650f4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: Fix integer overflow in filter_3800()Michael Niedermayer2022-09-241-1/+1
| | | | | | | | | | | Fixes: signed integer overflow: -2147448926 + -198321 cannot be represented in type 'int' Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5739619273015296 Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-6744428485672960 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f05247f6a4698c14f1cd523daa90188f50dcf6ad) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/tta: Check 24bit scaling for overflowMichael Niedermayer2022-09-241-2/+9
| | | | | | | | | | Fixes: signed integer overflow: -8427924 * 256 cannot be represented in type 'int' Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5409428670644224 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3993345f915bccceee315f44d412445346990e14) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mobiclip: Check quantizer for overflowMichael Niedermayer2022-09-241-2/+2
| | | | | | | | | | Fixes: signed integer overflow: 127 + 2147483536 cannot be represented in type 'int' Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOBICLIP_fuzzer-6014034970804224 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 677e27a9afa7305a918336699b377fd5b42cc299) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/exr: Check preview psizeMichael Niedermayer2022-09-241-2/+5
| | | | | | | | | | Fixes: signed integer overflow: 17121181824 * 538976288 cannot be represented in type 'long long' Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5915330316206080 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ac26712e35f5ebc726d1be14bb4a420949e66604) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/tiff: Fix loop detectionMichael Niedermayer2022-09-241-2/+2
| | | | | | | | | Fixes regression with tickets/4364/L1004220.DNG Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 43a4854510a3d596e114d899177a5b3b323ca9fb) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/fmvc: Move frame allocation to a later stageMichael Niedermayer2022-09-241-6/+15
| | | | | | | | This way more things are checked before allocation Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9783749c66bf6ca2ce7a6db4c74957fe77cbe803) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/speedhq: Check widthMichael Niedermayer2022-09-241-1/+1
| | | | | | | | | | | | Fixes: out of array access Fixes: 50014/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SPEEDHQ_fuzzer-4748914632294400 Alternatively the buffer size can be increased Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f0395f9ef6051315973f1fdded1804f81458566d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/bink: disallow odd positioned scaled blocksMichael Niedermayer2022-09-241-1/+1
| | | | | | | | | | | Fixes: out of array access Fixes: 47911/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-6194020855971840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b14104a6376cd774b08cbe5fda56b34320a41b2e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* lavc/videotoolbox: do not pass AVCodecContext to decoder output callbackAnton Khirnov2022-09-232-4/+8
| | | | | | | | | | | | | | | | | | | | | The opaque parameter for the callback is set in videotoolbox_start(), called when the hwaccel is initialized. When frame threading is used, avctx will be the context corresponding to the frame thread currently doing the decoding. Using this same codec context in all subsequent invocations of the decoder callback (even those triggered by a different frame thread) is unsafe, and broken after cc867f2c09d2b69cee8a0eccd62aff002cbbfe11, since each frame thread now cleans up its hwaccel state after decoding each frame. Fix this by passing hwaccel_priv_data as the opaque parameter, which exists in a single instance forwarded between all frame threads. The only other use of AVCodecContext in the decoder output callback is as a logging context. For this purpose, store a logging context in hwaccel_priv_data. (cherry picked from commit d7f4ad88a0df3c1339e142957bf2c40cd056b8ce) Signed-off-by: Anton Khirnov <anton@khirnov.net>
* lavc/pthread_frame: always transfer stashed hwaccel stateAnton Khirnov2022-09-231-6/+6
| | | | | | | | | Fixes assertion failures after avcodec_flush_buffers(), where stashed hwaccel state is present, but prev_thread is NULL. Found-by: Wang Bin <wbsecg1@gmail.com> (cherry picked from commit c504fb869264fbd8fba6e81c186b2f2848b62e26) Signed-off-by: Anton Khirnov <anton@khirnov.net>
* avcodec/arm/sbcenc: avoid callee preserved vfp registersJames Cowgill2022-09-201-110/+110
| | | | | | | | | | | | | | | | | | | | | | | | When compiling FFmpeg with GCC-9, some very random segfaults were observed in code which had previously called down into the SBC encoder NEON assembly routines. This was caused by these functions clobbering some of the vfp callee saved registers (d8 - d15 aka q4 - q7). GCC was using these registers to save local variables, but after these functions returned, they would contain garbage. Fix by reallocating the registers in the two affected functions in the following way: ff_sbc_analyze_4_neon: q2-q5 => q8-q11, then q1-q4 => q8-q11 ff_sbc_analyze_8_neon: q2-q9 => q8-q15 The reason for using these replacements is to keep closely related sets of registers consecutively numbered which hopefully makes the code more easy to follow. Since this commit only reallocates registers, it should have no performance impact. Signed-off-by: James Cowgill <jcowgill@debian.org> Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 50a4dff69f6477b06f00eae1cac2a53ae22fe9a5) Signed-off-by: Martin Storsjö <martin@martin.st>
* lavc/pthread_frame: avoid leaving stale hwaccel state in worker threadsAnton Khirnov2022-09-061-12/+35
| | | | | | | | | | | This state is not refcounted, so make sure it always has a well-defined owner. Remove the block added in 091341f2ab5bd35ca1a2aae90503adc74f8d3523, as this commit also solves that issue in a more general way. (cherry picked from commit cc867f2c09d2b69cee8a0eccd62aff002cbbfe11) Signed-off-by: Anton Khirnov <anton@khirnov.net>
* libavcodec/8bps: Check that line lengths fit within the bufferMichael Niedermayer2022-08-281-0/+3
| | | | | | | | | | | Fixes: Timeout Fixes: undefined pointer arithmetic Fixes: 50330/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EIGHTBPS_fuzzer-5436287485607936 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2316d5ec1a95b13ff9a0ce80409fa367a041966d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/midivid: Perform lzss_uncompress() before ff_reget_buffer()Michael Niedermayer2022-08-281-7/+6
| | | | | | | | This would avoid regeting the frame on lzss errors Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 628fb97efb0b6202e56fab89670406261bf86d85) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/h263dec: Sanity check against minimal I/P frame sizeMichael Niedermayer2022-08-281-0/+2
| | | | | | | | | | Fixes: Timeout Fixes: 49718/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-4874987894341632 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ca4ff9c21cb77e024fa4ff5889826a8bee4d0e0a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevcdec: Check s->ref in the md5 path similar to hwaccelMichael Niedermayer2022-08-281-1/+1
| | | | | | | | | | | | | This is somewhat redundant with the is_decoded check. Maybe there is a nicer solution Fixes: Null pointer dereference Fixes: 49584/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5297367351427072 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3b51e1992289383aa9f083c88e153e34b6412c89) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpegaudiodec_template: use unsigned shift in handle_crc()Michael Niedermayer2022-08-281-1/+1
| | | | | | | | | | Fixes: left shift of 192 by 24 places cannot be represented in type 'int' Fixes: 49577/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MP1FLOAT_fuzzer-5205996678545408 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7086491fa0eca4ad647b5c9fae6d07344cc44ec0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mjpegdec: bayer and rct are incompatibleMichael Niedermayer2022-08-281-0/+6
| | | | | | | | | | Fixes: out of array read Fixes: 49434/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5208501080686592 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a44f5a521227adc7be2f78b411f56da1a4d98704) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/pngdec: Fix APNG_DISPOSE_OP_BACKGROUNDAndreas Rheinhardt2022-08-261-50/+48
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | APNG works with a single reference frame and an output frame. According to the spec, decoding APNG works by decoding the current IDAT/fdAT chunks (which decodes to a rectangular subregion of the whole image region), followed by either overwriting the region of the output frame with the newly decoded data or by blending the newly decoded data with the data from the reference frame onto the current subregion of the output frame. The remainder of the output frame is just copied from the reference frame. Then the reference frame might be left untouched (APNG_DISPOSE_OP_PREVIOUS), it might be replaced by the output frame (APNG_DISPOSE_OP_NONE) or the rectangular subregion corresponding to the just decoded frame has to be reset to black (APNG_DISPOSE_OP_BACKGROUND). The latter case is not handled correctly by our decoder: It only performs resetting the rectangle in the reference frame when decoding the next frame; and since commit b593abda6c642cb0c3959752dd235c2faf66837f it does not reset the reference frame permanently, but only temporarily (i.e. it only affects decoding the frame after the frame with APNG_DISPOSE_OP_BACKGROUND). This is a problem if the frame after the APNG_DISPOSE_OP_BACKGROUND frame uses APNG_DISPOSE_OP_PREVIOUS, because then the frame after the APNG_DISPOSE_OP_PREVIOUS frame has an incorrect reference frame. (If it is not followed by an APNG_DISPOSE_OP_PREVIOUS frame, the decoder only keeps a reference to the output frame, which is ok.) This commit fixes this by being much closer to the spec than the earlier code: Resetting the background is no longer postponed until the next frame; instead it is applied to the reference frame. Fixes ticket #9602. (For multithreaded decoding it was actually already broken since commit 5663301560d77486c7f7c03c1aa5f542fab23c24.) Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
* avcodec/libvpx: fix assembling vp9 packets with alpha channelJames Almer2022-08-241-43/+40
| | | | | | | | | | | | | | | There's no warranty that vpx_codec_encode() will generate a list with the same amount of packets for both the yuv planes encoder and the alpha plane encoder, so queueing packets based on what the main encoder returns will fail when the amount of packets in both lists differ. Queue all data packets for every vpx_codec_encode() call from both encoders before attempting to assemble output AVPackets out of them. Fixes ticket #9884 Reviewed-by: Vignesh Venkatasubramanian <vigneshv@google.com> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit 9c7a8a8546e0bea9a32174cb40cefda5ddc45001)
* avcodec/libsvtav1: properly initialize the flush EbBufferHeaderType structJames Almer2022-08-241-5/+2
| | | | | | | Should fix ticket #9834 Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit fb70e0611bd7b634c1bc08096072f68659cc0a55)
* avcodec/libspeexdec: Fix use of uninitialized valueAndreas Rheinhardt2022-08-101-1/+1
| | | | | | | | Regression since 97d9a3293854eda84f05c22e2eaefae7406ac969. Fixes Coverity issue #1503072. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com> (cherry picked from commit eb608fd0b00424eacb4dc85f23227e186289fb48)
* avcodec/alac: don't fail if channels aren't set during init() when extradata ↵James Almer2022-07-301-3/+5
| | | | | | | | | | | is valid The decoder is meant to use it as a fallback if the value in extradata is invalid. Regression since d199099be. Signed-off-by: James Almer <jamrial@gmail.com>
* avcodec/hevc_filter: copy_CTB() only within width&heightn5.1Michael Niedermayer2022-07-221-1/+12
| | | | | | | | | | Fixes: out of array access Fixes: 49271/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5424984922652672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 009ef35d384c3df22d8a8be7416dc9d532e91c52) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/tiff: Check tile_length and tile_widthMichael Niedermayer2022-07-221-0/+3
| | | | | | | | | | Fixes: Division by 0 Fixes: 49235/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5495613847896064 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 76112c2b4167bb3c40503b3334c8b38fd707a8d5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mss4: Check image size with av_image_check_size2()Michael Niedermayer2022-07-221-0/+4
| | | | | | | | | | Fixes: Timeout Fixes: 48418/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MTS2_fuzzer-4834851466903552 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4e145f1dcdcbe19e8f8e98940dab04e9332a8b5b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/exr: Check x/ysizeMichael Niedermayer2022-07-221-2/+4
| | | | | | | | | | Fixes: OOM Fixes: 48911/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-6352002510094336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 614a4d1476c6e3561ebab3977cb43b2b4b6406fd) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ffv1dec: Fix AC_GOLOMB_RICE min size checkMichael Niedermayer2022-07-221-2/+6
| | | | | | | | Found-by: mkver Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f7d510b33ff33d2f5cb096017ee1c00f624cc138) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ffv1dec: consider run increase in minimal golomb frame sizeMichael Niedermayer2022-07-201-1/+4
| | | | | | | | | | | Fixes: Timeout Fixes: 49160/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFV1_fuzzer-5672826144686080 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: James Almer <jamrial@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 15785e044ee1265464bb4f3ed727e2a8074f97b4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/lagarith: Check dst/src in zero run codeMichael Niedermayer2022-07-161-0/+3
| | | | | | | | | | | Fixes: out of array access Fixes: 48799/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LAGARITH_fuzzer-4764457825337344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9450f759748d02d1d284d2e4afd741cb0fe0c04a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* Bump Versions for 5.1 branchMichael Niedermayer2022-07-131-1/+1
| | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/h264dec: Skip late SEIMichael Niedermayer2022-07-121-0/+4
| | | | | | | | | Fixes: Race condition Fixes: clusterfuzz-testcase-minimized-mediasource_MP2T_AVC_pipeline_integration_fuzzer-6282675434094592 Found-by: google ClusterFuzz Tested-by: Dan Sanders <sandersd@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/sbrdsp_fixed: Fix integer overflows in sbr_qmf_deint_neg_c()Michael Niedermayer2022-07-121-2/+2
| | | | | | | | Fixes: signed integer overflow: 2147483645 + 16 cannot be represented in type 'int' Fixes: 46993/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-4759025234870272 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/pixlet: consider minimum plane header in the minimal packet sizeMichael Niedermayer2022-07-121-1/+1
| | | | | | | | Fixes: Timeout Fixes: 46956/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PIXLET_fuzzer-5698161106092032 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevcdsp_template: stay within tables in sao_band_filter()Michael Niedermayer2022-07-121-1/+1
| | | | | | | | Fixes: out of array read Fixes: 47875/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5719393113341952 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/tiff: Check pixel format types for dngMichael Niedermayer2022-07-121-0/+3
| | | | | | | | Fixes: out of array access Fixes: 48271/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-6149705769287680 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/qpeldsp: copy less for the mc0x casesMichael Niedermayer2022-07-121-6/+6
| | | | | | | | Fixes: out of array access Fixes: 47936/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5745039940124672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ffv1dec: Check for min packet sizeMichael Niedermayer2022-07-121-0/+8
| | | | | | | | Fixes: Timeout Fixes: 48619/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFV1_fuzzer-5793597923917824 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ffv1dec: Limit golomb rice coded slices to width 8MMichael Niedermayer2022-07-121-0/+3
| | | | | | | This limit is possibly not reachable due to other restrictions on buffers but the decoder run table is too small beyond this, so explicitly check for it. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wnv1: Check for width =1Michael Niedermayer2022-07-121-0/+3
| | | | | | | | | | The decoder only outputs pixels for width >1 images, fail early Fixes: Timeout Fixes: 48298/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WNV1_fuzzer-6198626319204352 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ffv1dec_template: fix indentionMichael Niedermayer2022-07-121-5/+5
| | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* lavc/aarch64: Hook up the existing ff_pix_abs16_neon to the sad[0] function ↵Hubert Mazur2022-07-111-0/+2
| | | | | | | pointer Signed-off-by: Hubert Mazur <hum@semihalf.com> Signed-off-by: Martin Storsjö <martin@martin.st>
* avcodec/pcm-dvdenc: Fix encoding 24bit samplesAndreas Rheinhardt2022-07-101-6/+6
| | | | | | | | The earlier code ignored the lower 16 bits and instead used the highest 8 bits twice. Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
* avcodec/pcm-dvdenc: Remove unused extra_sample(s|_count)Andreas Rheinhardt2022-07-101-2/+0
| | | | | Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
* avcodec/mpegvideo_enc: Unify the code styleWenbin Chen2022-07-091-6/+9
| | | | | | | Change whitespace and add newline to unify the code style. Signed-off-by: Wenbin Chen <wenbin.chen@intel.com> Signed-off-by: Marton Balint <cus@passwd.hu>
* avcodec/mpegvideo_enc: Fix a chroma mb size error in sse_mb()Wenbin Chen2022-07-091-6/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | For 422 frames we should not use hard coded 8 to calculate mb size for uv plane. Chroma shift should be taken into consideration to be compatiple with different sampling format. The error is reported by fate test when av_cpu_max_align() return 64 on the platform supporting AVX512. This is a hidden error and it is exposed after commit 17a59a634c39b00a680c6ebbaea58db95594d13d. mpeg2enc has a mechanism to reuse frames. When it computes SSE (sum of squared error) on current mb, reconstructed mb will be wrote to the previous mb space, so that the memory can be saved. However if the align is 64, the frame is shared in somewhere else, so the frame cannot be reused and a new frame to store reconstrued data is created. Because the height of mb is wrong when compute sse on 422 frame, starting from the second line of macro block, changed data is read when frame is reused (we need to read row 16 rather than row 8 if frame is 422), and unchanged data is read when frame is not reused (a new frame is created so the original frame will not be changed). That is why commit 17a59a634c39b00a680c6ebbaea58db95594d13d exposes this issue, because it add av_cpu_max_align() and this function return 64 on platform supporting AVX512 which lead to creating a frame in mpeg2enc, and this lead to the different outputs. Signed-off-by: Wenbin Chen <wenbin.chen@intel.com> Signed-off-by: Marton Balint <cus@passwd.hu>
* avcodec/hevc_cabac: Don't cast const away unnecessarilyAndreas Rheinhardt2022-07-091-3/+3
| | | | Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
* avcodec/hevc_refs: Constify ff_hevc_get_ref_list()Andreas Rheinhardt2022-07-094-17/+18
| | | | Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 07:43:47 +0000