| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
| |
Fixes: Timeout
Fixes: 10992/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DVDSUB_fuzzer-5657495410835456
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
|
|
|
|
|
|
| |
Fixes: Timeout
Fixes: 9778/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DVDSUB_fuzzer-5186007132536832
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
|
|
|
|
|
| |
Speed improvment 35.5 sec -> 34.7sec
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
|
|
|
|
|
|
|
|
| |
Testcase with large transparent rectangles changes from 67 sec to 3 sec decode time
Fixes: Timeout
Fixes: 8728/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DVDSUB_fuzzer-5190088756559872
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
|
|
|
|
|
|
|
| |
be represented in type 'int'
Fixes: 1080/clusterfuzz-testcase-5353236754071552
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
|
|
|
|
|
|
|
| |
cannot be represented in type 'int'
Fixes: 619/clusterfuzz-testcase-5803914534322176
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
| |
|
|
|
|
|
|
|
| |
Fixes out of array read
Found-by: Thomas Garnier using libFuzzer
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
|
|
|
|
|
| |
Fixes out of array access
Found-by: Thomas Garnier using libFuzzer
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
|
|
|
|
|
|
| |
Fixes #5825. If h == 1, second decode_rle() fails.
Regression since: 3f0a3e9e127d067c5cf65640a44765c1ddd01622.
Signed-off-by: Paul B Mahol <onemda@gmail.com>
|
|
|
|
|
|
|
|
|
| |
Likely accidental in 764900d6458a2f79166ff91df4f20ad39cd6acec.
Fixes: CID 1341578.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>
|
| |
|
|
|
|
| |
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit '5c30ae1a09b66179e16694f6137658023ed1fef3':
dvdsubdec: Validate the RLE offsets
Conflicts:
libavcodec/dvdsubdec.c
Merged-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
|
| |
| |
| |
| | |
CC: libav-stable@libav.org
|
| |
| |
| |
| |
| |
| |
| | |
If it is negative, it causes segmentation faults in decode_rle.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
|
|\|
| |
| |
| |
| |
| |
| | |
* commit 'a17a7661906ba295d67afd80ac0770422e1b02b3':
lavc: Add data and linesize to AVSubtitleRect
Merged-by: Hendrik Leppkes <h.leppkes@gmail.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Use the new fields directly instead of the ones from AVPicture.
This removes a layer of indirection which serves no pratical purpose
whatsoever, and will help in removing AVPicture structure completely
later.
Every subtitle encoder/decoder seamlessly points to the new arrays,
so it is possible to deprecate AVSubtitleRect.pict.
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If cmd_pos is broken, this would just keep accumulating packets in the
reassembly buffer, until it fails and flushes the buffer on overflow.
Since packets are usually rather small, this will take a lot of subtitle
packets. The perceived effect is that subtitles are not displayed
anymore after the faulty packet was passed to the decoder.
I'm not terribly sure about this, but on the other hand this code is
active only when fragmented packets need to be reassembled.
Fixes sample file in trac issue #4872.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Assuming the first and second packets are partial, this would append the
reassembly buffer (ctx->buf) to itself with the second
append_to_cached_buf() call, because buf is set to ctx->buf.
I do not know a valid sample file which triggers this, and do not know
if packets can be split into more than 2 sub-packets, but it triggered
with a (differently) broken sample file in trac issue #4872.
|
| | |
|
| |
| |
| |
| |
| |
| | |
This is needed for proper operation with seeking.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Otherwise it will never be reset, and remain "stuck" in this state
forever. Can happen when seeking: the decoder will receive fragments
from different file positions, which triggers the condition easily.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
|\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit '6a85dfc830f51f1f5c2d36d4182d265c1ea3ba25':
lavc: Replace av_dlog and tprintf with internal macros
Conflicts:
libavcodec/aacdec.c
libavcodec/audio_frame_queue.c
libavcodec/bitstream.c
libavcodec/dcadec.c
libavcodec/dnxhddec.c
libavcodec/dvbsubdec.c
libavcodec/dvdec.c
libavcodec/dvdsubdec.c
libavcodec/get_bits.h
libavcodec/gifdec.c
libavcodec/h264.h
libavcodec/h264_cabac.c
libavcodec/h264_cavlc.c
libavcodec/h264_loopfilter.c
libavcodec/h264_refs.c
libavcodec/imc.c
libavcodec/interplayvideo.c
libavcodec/jpeglsdec.c
libavcodec/libopencore-amr.c
libavcodec/mjpegdec.c
libavcodec/mpeg12dec.c
libavcodec/mpegvideo_enc.c
libavcodec/mpegvideo_parser.c
libavcodec/pngdec.c
libavcodec/ratecontrol.c
libavcodec/rv10.c
libavcodec/svq1dec.c
libavcodec/vqavideo.c
libavcodec/wmadec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
| | |
|
|\|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit 'ec17782e17de1e8501ca213e276dfe5412ff1d11':
dvdsubdec: Check memory allocations
Conflicts:
libavcodec/dvdsubdec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
dvdsub_decode() can call append_to_cached_buf() 2 times, the second time
with ctx->buf as argument. If the second append_to_cached_buf() reallocs
ctx->buf, the argument will be a pointer to the previous, freed block.
This can cause invalid reads at least with some fuzzed files - and
possibly with valid files.
Since packets can apparently not be larger than 64K (even if packets are
combined), just use a fixed size buffer. It will be allocated as part of
the DVDSubContext, and although some memory is "wasted", it's relatively
minimal by modern standards and should be acceptable.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
| |
| |
| |
| |
| |
| |
| | |
Attemtping to decode them could lead to invalid writes with some fuzzed
samples.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
| |
| |
| |
| |
| |
| |
| |
| | |
The code blindly trusted buffer offsets read from the file in the RLE
decoder. Explicitly check the offset. Also error out on other RLE
decoding errors.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
| |
| |
| |
| | |
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
|\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit 'd466d82faaf6e0e57a3a4be5e38e3902ef251ac3':
dvdsubdec: Do not leak on failure path
Conflicts:
libavcodec/dvdsubdec.c
See: 7fa9f7ef1c2f0cee81ec6ea6a4ff10af4c4fc62c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
| |
| |
| |
| |
| | |
CC: libav-stable@libav.org
Bug-Id: CID 1198262
|
| |
| |
| |
| | |
Signed-off-by: Diego Biurrun <diego@biurrun.de>
|
| |
| |
| |
| |
| |
| | |
Fixes CID1254660
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
| |
| |
| |
| |
| |
| |
| | |
(experimental)
Suggested-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
| |
| |
| |
| |
| |
| |
| | |
subtitle frames.
Signed-off-by: Nicholas Robbins <nickrobbins@yahoo.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
| |
| |
| |
| |
| | |
Found-by: Nicholas Robbins <nickrobbins-at-yahoo.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
| |
| |
| |
| |
| | |
Reviewed-by: James Darnley <james.darnley@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
|\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit 'f929ab0569ff31ed5a59b0b0adb7ce09df3fca39':
cosmetics: Write NULL pointer equality checks more compactly
Conflicts:
cmdutils.c
ffmpeg_opt.c
ffplay.c
libavcodec/dvbsub.c
libavcodec/dvdsubdec.c
libavcodec/dvdsubenc.c
libavcodec/dxa.c
libavcodec/libxvid_rc.c
libavcodec/mpegvideo.c
libavcodec/mpegvideo_enc.c
libavcodec/rv10.c
libavcodec/tiffenc.c
libavcodec/utils.c
libavcodec/vc1dec.c
libavcodec/zmbv.c
libavdevice/v4l2.c
libavformat/matroskadec.c
libavformat/movenc.c
libavformat/sdp.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
| |
| |
| |
| | |
Signed-off-by: Diego Biurrun <diego@biurrun.de>
|
| |
| |
| |
| |
| | |
Fixes assertion failure
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
| |
| |
| |
| |
| |
| |
| | |
improve the debugging function for saving subtitles
to PPM files: Actually use the alpha channel.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Fix an off-by-one error that causes the height of decoded
subtitles to be too small, thus cutting off the lowest row
of pixels.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
|\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit '3dc6272bed7890a49080e18eacf3c7a4a6594b0d':
Remove a number of unnecessary dsputil.h #includes
Conflicts:
libavcodec/h264pred.c
libavcodec/vc1dsp.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
| | |
|
|\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit '05563ccacc98fd185affdbf8cbaf094caf36b852':
dsputil: cosmetics: Lose camelCase on ff_cropTbl and ff_squareTbl names
Conflicts:
libavcodec/bit_depth_template.c
libavcodec/motionpixels_tablegen.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
| |
| |
| |
| | |
Also switch from "tbl" to "tab" name suffixes.
|
| |
| |
| |
| |
| | |
Fixes CID1135765
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|