summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* lavc: Mark hw_config pointer arrays as constMark Thompson2020-11-08
| | | | They are read-only just like the HWConfig structures they point to.
* tools/target_dem_fuzzer: Consider it an EIO when reading position wraps ↵Michael Niedermayer2020-11-07
| | | | | | | | | | | | around 64bit Fixes: signed integer overflow: 9223372036854775807 + 564 cannot be represented in type 'long' Fixes: 26494/clusterfuzz-testcase-minimized-ffmpeg_dem_VOC_fuzzer-576754158849228 Fixes: 26549/clusterfuzz-testcase-minimized-ffmpeg_dem_AVS_fuzzer-4844306424397824 FIxes: 26875/clusterfuzz-testcase-minimized-ffmpeg_dem_C93_fuzzer-5996226782429184 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mpegts: Limit copied data to spaceMichael Niedermayer2020-11-07
| | | | | | | | | Fixes: out of array access Fixes: 26816/clusterfuzz-testcase-minimized-ffmpeg_dem_MPEGTSRAW_fuzzer-6282861159907328.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Marton Balint <cus@passwd.hu> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/adpcm_ima_swf: fix frame size to 4096Zane van Iperen2020-11-07
| | | | | | | | | SWF File Format Specification, Version 19 says this is 1 raw sample + 4095 nibbles. https://www.adobe.com/content/dam/acom/en/devnet/pdf/swf-file-format-spec.pdf Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
* Revert "avcodec/adpcm_swf: support decoding multiple fixed-sized blocks at once"Zane van Iperen2020-11-07
| | | | | | | | | | | | | | Is incorrect behaviour. Was covering for an encoder bug where it produced frames of the wrong size. This reverts commit e9dd73d30d09043446ac6dd7b8ad31e557873852. Fixes: out of array write Fixes: 26821/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_SWF_fuzzer-5764465137811456 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
* avdevice/xcbgrab: Add select_region optionOmar Emara2020-11-06
| | | | | | | | | | | | | | | | | | | | This patch adds a select_region option to the xcbgrab input device. If set to 1, the user will be prompted to select the grabbing area graphically by clicking and dragging. A rectangle will be drawn to mark the grabbing area. A single click with no dragging will select the whole screen. The option overwrites the video_size, grab_x, and grab_y options if set by the user. For testing, just set the select_region option as follows: ffmpeg -f x11grab -select_region 1 -i :0.0 output.mp4 The drawing happens directly on the root window using standard rubber banding techniques, so it is very efficient and doesn't depend on any X extensions or compositors. Reviewed-by: Andriy Gelman <andriy.gelman@gmail.com> Signed-off-by: Omar Emara <mail@OmarEmara.dev>
* avformat/rtsp: support infinite initial_timeout for rtsp optionLimin Wang2020-11-07
| | | | Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
* fate/filter-video: add 10bit test for unsharp filterLimin Wang2020-11-07
| | | | Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
* avfilter/vf_unsharp: add more pixel format supportLimin Wang2020-11-07
| | | | Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
* avfilter/vf_unsharp: add 10bit supportLimin Wang2020-11-07
| | | | Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
* avcodec/truemotion2: Allocate buffers togetherAndreas Rheinhardt2020-11-06
| | | | | | Reduces the number of allocations and frees. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
* avcodec/truemotion2: Cleanup generically on init failureAndreas Rheinhardt2020-11-06
| | | | Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
* avcodec/truemotion2: Remove redundant initializationsAndreas Rheinhardt2020-11-06
| | | | | | The codec's private context has already been zeroed generically. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
* avcodec/truemotion2: Replace av_free() by av_freep() in AVCodec.closeAndreas Rheinhardt2020-11-06
| | | | Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
* avcodec/sonic: Don't allocate a temporary buffer for every frameAndreas Rheinhardt2020-11-06
| | | | | | Instead allocate it together with the buffer that it mirrors. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
* avcodec/mss4: Fix memleaks upon allocation errorAndreas Rheinhardt2020-11-06
| | | | | | | | | | During init the mts2 decoder allocates several VLCs and then several buffers in a loop; if one of the latter allocations fails, only the VLCs are freed, not any buffers that might already have been successfully allocated. This commit fixes this by setting the FF_CODEC_CAP_INIT_CLEANUP flag. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
* avfilter: add adenorm filterPaul B Mahol2020-11-05
|
* Add support for playing Audible AAXC (.aaxc) files [PATCH v4]Vesselin Bontchev2020-11-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The AAXC container format is the same as the (already supported) Audible AAX format but it uses a different encryption scheme. Note: audible_key and audible_iv values are variable (per file) and are externally fed. It is possible to extend https://github.com/mkb79/Audible to derive the audible_key and audible_key values. Relevant code: def decrypt_voucher(deviceSerialNumber, customerId, deviceType, asin, voucher): buf = (deviceType + deviceSerialNumber + customerId + asin).encode("ascii") digest = hashlib.sha256(buf).digest() key = digest[0:16] iv = digest[16:] # decrypt "voucher" using AES in CBC mode with no padding cipher = AES.new(key, AES.MODE_CBC, iv) plaintext = cipher.decrypt(voucher).rstrip(b"\x00") # improve this! return json.loads(plaintext) The decrypted "voucher" has the required audible_key and audible_iv values. Update (Nov-2020): This patch has now been tested by multiple folks - details at the following URL: https://github.com/mkb79/Audible/issues/3 Signed-off-by: Vesselin Bontchev <vesselin.bontchev@yandex.com>
* tls: Hook up the url_get_short_seek function in the TLS backendsMartin Storsjö2020-11-05
| | | | | | | This makes sure that small seeks forward on https don't end up doing new requests. Signed-off-by: Martin Storsjö <martin@martin.st>
* avfilter/scale_cuda: fix pitch calculation for >8 bit formatsTimo Rothenpieler2020-11-05
|
* avformat/bintext: Check width in idf_read_header()Michael Niedermayer2020-11-04
| | | | | | | | Fixes: division by 0 Fixes: 26802/clusterfuzz-testcase-minimized-ffmpeg_dem_IDF_fuzzer-5180591554953216.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/iff: check size against INT64_MAXMichael Niedermayer2020-11-04
| | | | | | | | | Bigger sizes are misinterpreted as negative numbers by the API Fixes: infinite loop Fixes: 26611/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-4890614975692800 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/vividas: improve extradata packing checks in track_header()Michael Niedermayer2020-11-04
| | | | | | | | Fixes: out of array accesses Fixes: 26622/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-6581200338288640 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/paf: Check for EOF in read_table()Michael Niedermayer2020-11-04
| | | | | | | | | Fixes: OOM Fixes: 26528/clusterfuzz-testcase-minimized-ffmpeg_dem_PAF_fuzzer-5081929248145408 Fixes: 26584/clusterfuzz-testcase-minimized-ffmpeg_dem_PAF_fuzzer-5172661183053824 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/gxf: Check pkt_lenMichael Niedermayer2020-11-04
| | | | | | | | Fixes: Infinite loop Fixes: 26576/clusterfuzz-testcase-minimized-ffmpeg_dem_GXF_fuzzer-4823080360476672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/aiffdec: Check packet sizeMichael Niedermayer2020-11-04
| | | | | | | Fixes: Fixes infinite loop Fixes: 26575/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-5727522236661760 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* libavformat/aviobuf: Forward error from avio_read in ffio_read_size()Michael Niedermayer2020-11-04
| | | | | Suggested-by: Andreas Rheinhardt Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/rmdec: remove unneeded memset() on packet allocationMichael Niedermayer2020-11-04
| | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/argo_brp: remove block_align check for audioZane van Iperen2020-11-05
| | | | | | | | | | | | | | | | | Causes a divide-by-zero in the rare case where: - the file has an audio stream, - the first audio frame isn't within the first BRP_BASF_LOOKAHEAD frames, - an audio frame is encountered later, and - its chunk header (except num_blocks) contains all zeros (matching the uninitialised structure in the context) The decoder will discard any garbage data, so the check isn't really needed. Fixes: division by 0 Fixes: 26667/clusterfuzz-testcase-minimized-ffmpeg_dem_ARGO_BRP_fuzzer-5645146928185344.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
* avcodec/sonic: Don't hardcode sizeof(int) == 4Andreas Rheinhardt2020-11-04
| | | | | Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
* avcodec/sonic: Allocate several buffers togetherAndreas Rheinhardt2020-11-04
| | | | | | | It simplifies freeing them and reduces the amount of allocations. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
* avfilter/scale_cuda: simplify linesize calculationTimo Rothenpieler2020-11-04
|
* avfilter/scale_cuda: add support for RGB formatsTimo Rothenpieler2020-11-04
|
* avfilter/scale_cuda: expose optional algorithm parameterTimo Rothenpieler2020-11-04
|
* avfilter/scale_cuda: add lanczos algorithmTimo Rothenpieler2020-11-04
|
* avutil/hwcontext_cuda: fix edge case with non-even frame heightsTimo Rothenpieler2020-11-04
|
* avutil/hwcontext_cuda: query correct alignment from deviceTimo Rothenpieler2020-11-04
|
* vaapi_encode_mpeg2: Fix setting colour propertiesMark Thompson2020-11-03
| | | | | | | Follow the same pattern as the previous commits for H.264 and H.265. Reviewed-By: Jan Ekström <jeebjp@gmail.com> Tested-By: Xu, Yefeng <yefengx.xu@intel.com>
* vaapi_encode_h265: Fix setting colour propertiesMark Thompson2020-11-03
| | | | | | | Matching the previous commit for H.264. Reviewed-By: Jan Ekström <jeebjp@gmail.com> Tested-By: Xu, Yefeng <yefengx.xu@intel.com>
* vaapi_encode_h264: Fix setting colour propertiesMark Thompson2020-11-03
| | | | | | | | | | The properties should always be set; only the presence flags want to be conditional. Fixes #8959. Reviewed-By: Jan Ekström <jeebjp@gmail.com> Tested-By: Xu, Yefeng <yefengx.xu@intel.com>
* avfilter/scale_cuda: add nearest neighbour algorithmTimo Rothenpieler2020-11-03
|
* avfilter/scale_cuda: code cleanupTimo Rothenpieler2020-11-03
|
* avfilter/scale_cuda: add bicubic interpolationTimo Rothenpieler2020-11-03
|
* avutil/hwcontext_cuda: increase CUDA frame alignment to 512Timo Rothenpieler2020-11-03
| | | | | At least on Turing, a frame without 512 byte alignment cannot be passed to cuTexObjectCreate.
* avcodec/mpc8: Unobfuscate sign-extensionAndreas Rheinhardt2020-11-03
| | | | Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
* avcodec/mimic: Inline constantsAndreas Rheinhardt2020-11-03
| | | | Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
* avcodec/tscc2: Don't check for errors for complete VLCsAndreas Rheinhardt2020-11-03
| | | | Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
* avformat/apngdec: Remove goto fail that does nothingAndreas Rheinhardt2020-11-03
| | | | Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
* avformat/apngdec: Check fcTL chunk length when reading headerAndreas Rheinhardt2020-11-03
| | | | | | | | | | Reading the header terminates when an fcTL chunk is encountered in which case read_header returned success without checking the length of said chunk. Yet when read_packet processes this chunk, it checks for the length to be 26 and errors out otherwise. So do so when reading the header, too. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
* avformat/apngdec: Fix size/overflow checksAndreas Rheinhardt2020-11-03
| | | | | | | | | | | | | | | | | | | | | | | | | | apng data consists of parts containing a small header (including a four-byte size field) and a data part; the size field does not account for everything and is actually twelve bytes short of the actual size. In order to make sure that the size fits into an int, the size field is checked for being > INT_MAX; yet this does not account for the + 12 and upon conversion to int (which happens when calling append_extradata()), the size parameter can still wrap around. In this case the currently used check would lead to undefined signed integer overflow. Furthermore, append_extradata() appends the new data to the already existing extradata and therefore needs to make sure that the combined size of new and old data as well as padding fits into an int. The check used for this is "if (old_size > INT_MAX - AV_INPUT_BUFFER_PADDING_SIZE - new_size)". If new_size is > INT_MAX - AV_INPUT_BUFFER_PADDING_SIZE the right side becomes negative if the types are signed (as they are now); yet changing this to "if (new_size > INT_MAX - AV_INPUT_BUFFER_PADDING_SIZE - old_size)" is better as this also works for unsigned types (where it is of course presumed that INT_MAX is replaced by the corresponding maximum for the new type). Both of these issues have been fixed. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-14 19:06:10 +0000