summaryrefslogtreecommitdiff
path: root/libavcodec/apedec.c
Commit message (Collapse)AuthorAge
* avcodec/apedec: use proper macro and type for pivot variablePaul B Mahol2020-10-12
|
* avcodec/apedec: properly calculate and store absolute valuePaul B Mahol2020-10-12
|
* avcodec/apedec: fix decoding 24bit insane files with recent versionsPaul B Mahol2020-10-12
|
* avcodec/apedec: Fix undefined integer overflow with 24bitMichael Niedermayer2020-07-07
| | | | | | | | Fixes: signed integer overflow: 8683744 * 256 cannot be represented in type 'int' Fixes: 23527/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5679885932822528 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: remove FF_ALLOC_OR_GOTO and gotos lableLimin Wang2020-06-13
| | | | Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
* avcodec/apedec: add FF_CODEC_CAP_INIT_CLEANUPLimin Wang2020-06-13
| | | | Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
* apedec: add ability to check CRCLynne2020-05-26
| | | | | | | | The CRC flag is only signalled once every few minutes but CRC is still always present so the patch uses the file version instead. CRC on 24-bit files wants non-padded samples so skip such files. Some corrupt samples may have been output before the final check depending on the -max_samples setting.
* avcodec/apedec: fix decoding 3800 version with 2000 compression levelPaul B Mahol2020-02-22
|
* avcodec/apedec: Fix invalid shift with 24 bpsMichael Niedermayer2020-02-12
| | | | | | | | | Fixes: left shift of negative value -463 Fixes: 20542/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5688714435231744 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: Fix integer overflows in predictor_decode_mono_3950()Michael Niedermayer2020-02-03
| | | | | | | | Fixes: signed integer overflow: -2147407150 + -1871606 cannot be represented in type 'int' Fixes: 18702/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5679095417667584 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: Fix undefined integer overflow in decode_array_0000()Michael Niedermayer2020-01-30
| | | | | | | | Fixes: signed integer overflow: -2143289344 - 6246400 cannot be represented in type 'int' Fixes: 19239/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5173755680915456 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: Set error on error in ape_decode_value_3860()Michael Niedermayer2019-12-15
| | | | | | | | Fixes: Timeout (unknown -> 15sec) Fixes: 18808/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5677586072207360 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: Fix 2 integer overflowsMichael Niedermayer2019-12-10
| | | | | | | | Fixes: signed integer overflow: 2119056926 - -134217728 cannot be represented in type 'int' Fixes: 18728/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5747539563511808 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: Fixes integer overflow of res+*data in do_apply_filter()Michael Niedermayer2019-11-20
| | | | | | | | Fixes: signed integer overflow: 7400 + 2147482786 cannot be represented in type 'int' Fixes: 18405/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5708834760294400 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: Fix integer overflow in filter_3800()Michael Niedermayer2019-11-09
| | | | | | | | Fixes: signed integer overflow: 2117181180 + 60483298 cannot be represented in type 'int' Fixes: 18344/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5685327791915008 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: Fix undefined integer overflow in long_filter_ehigh_3830()Michael Niedermayer2019-11-09
| | | | | | | | Fixes: signed integer overflow: -1094995529 * 2 cannot be represented in type 'int' Fixes: 18281/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5692589180715008 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: Only clear the needed buffer space, instead of allMichael Niedermayer2019-10-29
| | | | | | | | | Fixes: Timeout (15sec -> 0.4sec) Fixes: 18396/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5730080487112704 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: Fix integer overflow in predictor_update_3930()Michael Niedermayer2019-10-16
| | | | | | | | Fixes: signed integer overflow: -69555262 * 31 cannot be represented in type 'int' Fixes: 17698/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5728970447781888 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: Check remaining space in decode_array_0000()Michael Niedermayer2019-10-16
| | | | | | | | | Fixes: Timeout (? -> 2sec) Fixes: 17886/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5728165124636672 Fixes: 18131/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5710803432374272 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: Check error flag after entropy_decode*Michael Niedermayer2019-10-16
| | | | | | | | Fixes: 17886/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5728165124636672 Fixes: 18131/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5710803432374272 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: Allocate decoded_buffer after successful ff_get_buffer()Michael Niedermayer2019-09-28
| | | | | | | | | | | | | We need to reset samples in this case to avoid being stuck with incorrect samples value. Fixes: OOM Fixes: Timeout Fixes: 16627/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5638059583864832 Fixes: 17089/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5672188463546368 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: Fix several integer overflows in predictor_update_filter() ↵Michael Niedermayer2019-09-28
| | | | | | | | | | | | | and do_apply_filter() Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself Fixes: signed integer overflow: -14527961 - 2147483425 cannot be represented in type 'int' Fixes: 16380/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5645957131141120 Fixes: 16968/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5716169901735936 Fixes: 17074/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5198710497083392 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: Fix 32bit int overflow in do_apply_filter()Michael Niedermayer2019-09-05
| | | | | | | | | Fixes: signed integer overflow: 2147480546 + 4096 cannot be represented in type 'int' Fixes: 16280/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5123442566758400 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* vcodec/apedec: Fix integer overflow in filter_3800()Michael Niedermayer2019-09-02
| | | | | | | | Fixes: signed integer overflow: 2021654528 + 2032575680 cannot be represented in type 'int' Fixes: 16270/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5732438816325632 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: Fix integer overflow in filter_fast_3320()Michael Niedermayer2019-09-02
| | | | | | | | Fixes: signed integer overflow: -1094994793 * 2 cannot be represented in type 'int' Fixes: 16139/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5663911036059648 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: Fix 2 signed overflowsMichael Niedermayer2019-08-05
| | | | | | | | | Fixes: left shift of 1073741824 by 1 places cannot be represented in type 'int' Fixes: signed integer overflow: 2049431315 + 262759074 cannot be represented in type 'int' Fixes: 16012/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5719016003338240 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: Do not partially clear data arrayMichael Niedermayer2019-08-05
| | | | | | | | Fixes: Assertion failure and memleak Fixes: 15709/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5182435093905408 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: Make coeffsA/B uint32_t, this avoids several cases of ↵Michael Niedermayer2019-07-31
| | | | | | | | | | | | | undefined behavior Changing the type to an unsigned one to avoid many casts was suggested This may be inadequate for fixing the UB on ILP64 Fixes: signed integer overflow: -1418162611 * 383 cannot be represented in type 'int' Fixes: 15547/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5691384901664768 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: make left/right unsigned to avoid undefined behaviorMichael Niedermayer2019-07-31
| | | | | | | | Fixes: signed integer overflow: 755176387 + 1515360583 cannot be represented in type 'int' Fixes: 15506/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5706859232624640 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: Fix multiple integer overflows and undefined behaviorin ↵Michael Niedermayer2019-07-31
| | | | | | | | | | | | | | filter_3800() Fixes: left shift of negative value -4 Fixes: signed integer overflow: -15091694 * 167 cannot be represented in type 'int' Fixes: signed integer overflow: 1898547155 + 453967445 cannot be represented in type 'int' Fixes: 15258/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5759095564402688 Fixes: signed integer overflow: 962196438 * 31 cannot be represented in type 'int' Fixes: 15364/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5718799845687296 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: Fix various integer overflowsMichael Niedermayer2019-07-21
| | | | | | | | | | Fixes: signed integer overflow: -538976267 * 31 cannot be represented in type 'int' Fixes: left shift of 65312 by 16 places cannot be represented in type 'int' Fixes: 15255/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5718831688843264 Fixes: 15547/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5691384901664768 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: Fix multiple integer overflows in predictor_update_filter()Michael Niedermayer2019-07-21
| | | | | | | | Fixes: signed integer overflow: -829262115 + -1410750414 cannot be represented in type 'int' Fixes: 15251/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5651742252859392 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: Add k < 24 check to the only k++ case which lacks such a checkMichael Niedermayer2019-06-30
| | | | | | | | Fixes: 15255/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5718831688843264 Fixes: left shift of 1 by 31 places cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: Fix integer overflowMichael Niedermayer2017-07-16
| | | | | | | | Fixes: out of array access Fixes: PoC.ape and others Found-by: Bingchang, Liu@VARAS of IIE Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* Fix all -Wformat warnings raised by DJGPPClément Bœsch2017-03-29
|
* Merge commit '41ed7ab45fc693f7d7fc35664c0233f4c32d69bb'Clément Bœsch2016-06-21
|\ | | | | | | | | | | | | * commit '41ed7ab45fc693f7d7fc35664c0233f4c32d69bb': cosmetics: Fix spelling mistakes Merged-by: Clément Bœsch <u@pkh.me>
| * cosmetics: Fix spelling mistakesVittorio Giovara2016-05-04
| | | | | | | | Signed-off-by: Diego Biurrun <diego@biurrun.de>
| * ape: Unbreak adaptcoeffs computationLuca Barbato2016-04-24
| | | | | | | | | | | | And simplify and explain the expression. Fault introduced in f3fdef108eb06b1e71b29152bf6822519e787efe
* | ape: Unbreak adaptcoeffs computationLuca Barbato2016-05-12
| | | | | | | | | | | | | | | | And simplify and explain the expression. Fault introduced in f3fdef108eb06b1e71b29152bf6822519e787efe Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
* | Merge commit 'f3fdef108eb06b1e71b29152bf6822519e787efe'Derek Buitenhuis2016-05-12
|\| | | | | | | | | | | | | * commit 'f3fdef108eb06b1e71b29152bf6822519e787efe': ape: Avoid undefined behaviour Merged-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
| * ape: Avoid undefined behaviourLuca Barbato2016-04-19
| | | | | | | | | | | | Avoid the clang warning "warning: shifting a negative signed value is undefined"
* | avcodec/apedec: fix decoding of stereo files with one channel full of silencePaul B Mahol2016-04-12
| | | | | | | | Signed-off-by: Paul B Mahol <onemda@gmail.com>
* | ape: Show more information for loglevel verbose.Carl Eugen Hoyos2016-01-19
| | | | | | | | Requested by Andy E, fixes bug 687.
* | avcodec/apedec: Check length in long_filter_high_3800()Michael Niedermayer2015-12-02
| | | | | | | | | | | | | | | | Fixes out of array read Fixes: 0a7ff0c1d93da9cef28a315ec91b692a/asan_heap-oob_4a52e5_3604_9c56dbb20e308f4faeef7b35f688521a.ape Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* | avcodec/apedec: fix bug introduced in commit ↵Ganesh Ajjanagadde2015-10-03
| | | | | | | | | | | | | | d3e5fbb1406995e07fccbff3ca8c1e24f57a1f7b Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* | avcodec/apedec: fix undefined left shifts of negative numbersGanesh Ajjanagadde2015-09-29
| | | | | | | | | | | | | | | | | | | | This fixes -Wshift-negative-value reported with clang 3.7+, e.g http://fate.ffmpeg.org/log.cgi?time=20150919172459&log=compile&slot=x86_64-darwin-clang-polly-notiling-3.7. Note that the patch crucially depends on int >= 32 bits, an assumption made in many places in the codebase. Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* | Merge commit 'def97856de6021965db86c25a732d78689bd6bb0'Michael Niedermayer2015-07-27
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * commit 'def97856de6021965db86c25a732d78689bd6bb0': lavc: AV-prefix all codec capabilities Conflicts: cmdutils.c ffmpeg.c ffplay.c libavcodec/8svx.c libavcodec/aacenc.c libavcodec/ac3dec.c libavcodec/adpcm.c libavcodec/alac.c libavcodec/atrac3plusdec.c libavcodec/bink.c libavcodec/dnxhddec.c libavcodec/dvdec.c libavcodec/dvenc.c libavcodec/ffv1dec.c libavcodec/ffv1enc.c libavcodec/fic.c libavcodec/flacdec.c libavcodec/flacenc.c libavcodec/flvdec.c libavcodec/fraps.c libavcodec/frwu.c libavcodec/gifdec.c libavcodec/h261dec.c libavcodec/hevc.c libavcodec/iff.c libavcodec/imc.c libavcodec/libopenjpegdec.c libavcodec/libvo-aacenc.c libavcodec/libvorbisenc.c libavcodec/libvpxdec.c libavcodec/libvpxenc.c libavcodec/libx264.c libavcodec/mjpegbdec.c libavcodec/mjpegdec.c libavcodec/mpegaudiodec_float.c libavcodec/msmpeg4dec.c libavcodec/mxpegdec.c libavcodec/nvenc_h264.c libavcodec/nvenc_hevc.c libavcodec/pngdec.c libavcodec/qpeg.c libavcodec/ra288.c libavcodec/rv10.c libavcodec/s302m.c libavcodec/sp5xdec.c libavcodec/takdec.c libavcodec/tiff.c libavcodec/tta.c libavcodec/utils.c libavcodec/v210dec.c libavcodec/vp6.c libavcodec/vp9.c libavcodec/wavpack.c libavcodec/yop.c Merged-by: Michael Niedermayer <michael@niedermayer.cc>
| * lavc: AV-prefix all codec capabilitiesVittorio Giovara2015-07-27
| | | | | | | | | | | | Express bitfields more simply. Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
| * ape: Support _0000 files with nblock smaller than 64Andreas Cadhalpun2015-05-08
| | | | | | | | | | | | | | | | The decode_array_0000 assumed that 64 is the minimal block size while it is not. CC: libav-stable@libav.org Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
* | apedec: prevent out of array writes in decode_array_0000Andreas Cadhalpun2015-04-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | s->decoded_buffer is allocated with a min_size of: 2 * FFALIGN(blockstodecode, 8) * sizeof(*s->decoded_buffer) Then it is assigned to s->decoded[0] (and s->decoded_buffer + FFALIGN(blockstodecode, 8) to s->decoded[1]) and passed as out buffer to decode_array_0000. In this function 64 elements of the out buffer are written unconditionally and outside the array if blockstodecode is too small. This causes memory corruption, leading to segmentation faults or other crashes. Thus change decode_array_0000 to write at most blockstodecode elements of the out buffer. Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-30 06:32:59 +0000