summaryrefslogtreecommitdiff
path: root/libavcodec/mobiclip.c
Commit message (Collapse)AuthorAge
* avcodec/mobiclip: Use smaller type for codesAndreas Rheinhardt2020-10-26
| | | | | | | | | Even though the length of these codes is > 8, only the lowest seven bits are ever set (because the long codes are on the left of the tree), so one can use an uint8_t for them, saving space. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
* avcodec/mobiclip: Use static VLC tablesAndreas Rheinhardt2020-10-26
| | | | Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
* avcodec/mobiclip: Don't use too big max_depth, inline constantsAndreas Rheinhardt2020-10-26
| | | | | Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
* avcodec/mobiclip: Don't check for errors for complete VLCsAndreas Rheinhardt2020-10-26
| | | | | Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
* avcodec/mobiclip: Reduce size of VLCs, inline constantsAndreas Rheinhardt2020-10-26
| | | | | | | | | The longest motion vector VLC for mobiclip is six bits long, so using eight bits for the VLC table is wasteful. Furthermore, the length can be inlined. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
* avcodec/mobiclip: Avoid signed integer overflows in idct()Michael Niedermayer2020-10-20
| | | | | | | | Fixes: signed integer overflow: 536870912 + 1610612736 cannot be represented in type 'int' Fixes: 26288/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOBICLIP_fuzzer-6194364759670784 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mobiclip: Check that Motion vectors are within the input frameMichael Niedermayer2020-10-15
| | | | | | | | | | | | The MV checks did not consider the width and height of the block, also they had some off by 1 errors. This resulted in undefined behavior and crashes. This commit instead errors out on these Fixes: out of array read Fixes: 26080/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOBICLIP_fuzzer-5758146355920896 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mobiclip: set the bitstream size to the inputMichael Niedermayer2020-10-15
| | | | | | | | | Fixes: out of array read Fixes: 25453/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOBICLIP_fuzzer-5163575973511168 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mobiclip: Fix multiple integer overflowsMichael Niedermayer2020-10-11
| | | | | | | | | Fixes: signed integer overflow: 872415232 * 7 cannot be represented in type 'int' Fixes: signed integer overflow: -2013265888 + -1744830464 cannot be represented in type 'int' Fixes: 25834/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOBICLIP_fuzzer-5471406434025472 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mobiclip: Move quantizer check into setup_qtables()Michael Niedermayer2020-09-25
| | | | | | | | | Fixes: shift exponent -2 is negative Fixes: 25683/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOBICLIP_fuzzer-6434808492982272 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mobiclip: Fix heap-buffer-overflowAndreas Rheinhardt2020-09-15
| | | | | | | | | | | The MobiClip decoder uses adjacent pixels for prediction; yet when accessing the left pixel, it was forgotten to clip the x coordinate. This results in an heap-buffer-overflow. It can e.g. be reproduced with the sample from https://samples.ffmpeg.org/V-codecs/MOHD/crap.avi when forcing the video decoder to mobiclip. Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
* avcodec/mobiclip: Fix memleak upon init failureAndreas Rheinhardt2020-09-15
| | | | | | | | | If an error happens during init after an allocation has succeeded, the already allocated data leaked up until now. Fix this by setting the FF_CODEC_CAP_INIT_CLEANUP flag. Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
* avcodec/mobiclip: add missing flushPaul B Mahol2020-09-13
|
* avcodec/mobiclip: Check quantizer before table setupMichael Niedermayer2020-09-12
| | | | | | | | | | | | | Fixes: index -1 out of bounds for type 'const uint8_t [6][16]' Fixes: out of array read Fixes: shift exponent -21 is negative Fixes: 25422/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOBICLIP_fuzzer-5748258226569216 Fixes: shift exponent 8039082 is too large for 32-bit type 'int' Fixes: 25430/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOBICLIP_fuzzer-5698567770210304 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mobiclip: Fix mixed declarations and codeAndreas Rheinhardt2020-09-04
| | | | | Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
* avcodec: add MobiClip video decoderPaul B Mahol2020-09-03
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-30 10:50:56 +0000