summaryrefslogtreecommitdiff
path: root/libavcodec/pngdec.c
Commit message (Collapse)AuthorAge
* avcodec: Constify some AVPacketsAndreas Rheinhardt2021-03-09
| | | | | Reviewed-by: James Almer <jamrial@gmail.com> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
* pngdec: fix and simplify apng reference handlingAnton Khirnov2021-02-24
| | | | | | | | | Current code is very confused and confusing. It uses two different reference frames - "previous" and "last" - when only one is really necessary. It also confuses the two, leading to incorrect output with APNG_DISPOSE_OP_PREVIOUS mode. Fixes #9017.
* lavc: split LSCR decoder out of PNG decoderAnton Khirnov2021-02-24
| | | | | It shares very little code with pngdec, so keeping them together only makes the code harder to read.
* avcodec/pngdec: fix possible race condition with APNG decodingPaul B Mahol2021-02-13
| | | | Fixes #9017
* avcodec/lscr: stop returning error if size of packet is 2 bytesPaul B Mahol2020-09-16
|
* avcodec/pngdec: Check for fctl after idatMichael Niedermayer2020-07-01
| | | | | | | | Fixes: out of array access Fixes: 23554/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APNG_fuzzer-4796622520451072.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* pngdec: add ability to check chunk CRCLynne2020-05-26
| | | | | | | | By default now, if AV_EF_CRCCHECK or AV_EF_IGNORE_ERR are enabled the decoder will skip the chunk and carry on with the next one. This should make the decoder able to decode more corrupt files because the functions which decode individual chunks will very likely error out if fed invalid data and stop the decoding of the entire image.
* avcodec/pngdec: Check length in fdATMichael Niedermayer2020-05-10
| | | | | | | | Fixes: 21089/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APNG_fuzzer-5135981419429888 Fixes: out of array read Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/pngdec: remove the unnecessary type conversionLimin Wang2020-05-08
| | | | | Reviewed-by: Carl Eugen Hoyos <ceffmpeg@gmail.com> Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
* avcodec/pngdec: Pass ret from decode_iccp_chunk()Michael Niedermayer2020-04-20
| | | | | | | Found while reviewing a patch fixing a similar issue Reviewed-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/pngdec: set return value on av_stereo3d_create_side_data() failurePeter Ross2020-04-18
| | | | | Signed-off-by: Peter Ross <pross@xvid.org> Reviewed-by: Vittorio Giovara <vittorio.giovara@gmail.com>
* pthread_frame: merge the functionality for normal decoder init and ↵Anton Khirnov2020-04-10
| | | | | | | | | | | | | | | | init_thread_copy The current design, where - proper init is called for the first per-thread context - first thread's private data is copied into private data for all the other threads - a "fixup" function is called for all the other threads to e.g. allocate dynamically allocated data is very fragile and hard to follow, so it is abandoned. Instead, the same init function is used to init each per-thread context. Where necessary, AVCodecInternal.is_copy can be used to differentiate between the first thread and the other ones (e.g. for decoding the extradata just once).
* lavc: replace AVCodecInternal.allocate_progress with an internal capAnton Khirnov2020-04-10
| | | | This is a constant codec property, so a capability flag is more appropriate.
* avcodec/pngdec: Check amount decodedMichael Niedermayer2020-02-03
| | | | | | | | | | | Fixes: Timeout (70sec -> 243ms) Fixes: 16097/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APNG_fuzzer-5664690889293824 Fixes: 16927/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APNG_fuzzer-5170612070252544 Fixes: 16927/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APNG_fuzzer-5706325622784000 Fixes: 18705/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APNG_fuzzer-5650989302677504 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/pngdec: add logging context to logSteven Liu2019-10-08
| | | | | Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
* avcodec/pngdec: Optimize has_trns codeMichael Niedermayer2019-09-02
| | | | | | | | | | | | | add inner loop specialisations for 2 bpp and 4 bpp These are all cases for which i found testsamples. 30M cycles -> 5M cycles Testcase: fate-rgbapng-4816 Testcase: 16097/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APNG_fuzzer-5664690889293824 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/pngdec: consider chunk size in minimal size checkMichael Niedermayer2019-08-11
| | | | | | | | | | assuming each block contains an empty chunk there has to be at least 8 bytes extra. Fixes: 15327/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LSCR_fuzzer-5676669303521280 Fixes: Timeout (11->5sec) Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/pngdec: Check that previous_picture has same w/h/formatMichael Niedermayer2019-07-13
| | | | | | | | | Fixes: out of array access Fixes: 15540/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APNG_fuzzer-5684905029140480 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/pngdec: Check input spaceMichael Niedermayer2019-06-25
| | | | | | | | Fixes: Timeout (33sec -> 78ms) Fixes: 14668/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LSCR_fuzzer-5767073352908800 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/pngdec: Check nb_blocksMichael Niedermayer2019-05-25
| | | | | | | | | Fixes: Timeout (23sec -> 0.5sec) Fixes: 14329/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LSCR_fuzzer-5679252923482112 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec: add LSCR decoderPaul B Mahol2019-04-13
| | | | Fixes #4711.
* avcodec/pngdec: Check compression methodMichael Niedermayer2018-11-16
| | | | | | | | | | method 0 (inflate/deflate) is the only specified in the specification and the only supported Fixes: Timeout Fixes: 10976/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PNG_fuzzer-5729372588736512 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* lavc/pngdec: Replace the number by macro for bprint initJun Zhao2018-06-17
| | | | | | Replace the number by macro for bprint init. Signed-off-by: Jun Zhao <mypopydev@gmail.com>
* Merge commit '9f5b77c16f4da6248b57f0601364d9c762c620c2'James Almer2017-11-11
|\ | | | | | | | | | | | | * commit '9f5b77c16f4da6248b57f0601364d9c762c620c2': png: Report more details regarding unsupported pixel formats Merged-by: James Almer <jamrial@gmail.com>
| * png: Report more details regarding unsupported pixel formatsLuca Barbato2017-08-21
| |
| * avcodec: Mark some codecs with threadsafe init as suchDerek Buitenhuis2017-02-09
| | | | | | | | | | Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com> Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
| * Use correct printf conversion specifiers for POSIX integer typesDiego Biurrun2016-12-23
| |
* | lavc/pngdec: fix av_bprint_finalize() usage.Nicolas George2017-11-09
| |
* | pngdec: expose gAMA and cHRM chunks as side/meta dataRostislav Pehlivanov2017-11-09
| | | | | | | | Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>
* | pngdec: check for bprint finalization sucess on icc data parsingRostislav Pehlivanov2017-11-09
| | | | | | | | | | | | It can fail in case of OOM. Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>
* | avcodec/pngdec: Clean up on av_frame_ref() failureMichael Niedermayer2017-09-20
| | | | | | | | | | | | | | | | | | Fixes: memleak Fixes: 3203/clusterfuzz-testcase-minimized-4514553595428864 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: James Almer <jamrial@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* | avcodec/pngdec: Fix () placementMichael Niedermayer2017-08-22
| | | | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* | pngdec: fix potential memory leakRostislav Pehlivanov2017-07-26
| | | | | | | | | | | | Fixes CID1412026. Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>
* | pngdec: decode and expose iCCP chunks as side dataRostislav Pehlivanov2017-07-25
| | | | | | | | Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>
* | avcodec/pngdec: Use ff_set_dimensions()Michael Niedermayer2017-05-04
| | | | | | | | | | | | | | | | Fixes OOM Fixes: 1314/clusterfuzz-testcase-minimized-4621997222920192 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* | avcodec: do not use AVFrame accessorMuhammad Faiz2017-04-23
| | | | | | | | | | Reviewed-by: wm4 <nfxjfg@googlemail.com> Signed-off-by: Muhammad Faiz <mfcc64@gmail.com>
* | png: set AVFrame flags/fields before calling setup_finished().Ronald S. Bultje2017-04-03
| | | | | | | | | | | | | | | | | | | | | | Fixes tsan warnings in fate-apng: WARNING: ThreadSanitizer: data race (pid=51230) Read of size 4 at 0x7d50000042fc by main thread (mutexes: write M1000): #0 frame_copy_props frame.c:302 (ffmpeg:x86_64+0x1019a35d6) [..] Previous write of size 4 at 0x7d50000042fc by thread T1 (mutexes: write M997): #0 decode_idat_chunk pngdec.c:708 (ffmpeg:x86_64+0x100f5562a)
* | png: split header state and data state in two separate variables.Ronald S. Bultje2017-04-03
| | | | | | | | | | | | | | | | | | | | | | Fixes a reported (but false) race condition in tsan for fate-apng: WARNING: ThreadSanitizer: data race (pid=6274) Read of size 4 at 0x7d680001ec78 by main thread (mutexes: write M1338): #0 update_thread_context src/libavcodec/pngdec.c:1456 (ffmpeg+0x000000dacf0c) [..] Previous write of size 4 at 0x7d680001ec78 by thread T1 (mutexes: write M1335): #0 decode_idat_chunk src/libavcodec/pngdec.c:737 (ffmpeg+0x000000dae951)
* | lavc: use av_fourcc2str() where appropriateClément Bœsch2017-03-29
| |
* | avcodec/pngdec: Fix runtime error: left shift of 152 by 24 places cannot be ↵Michael Niedermayer2017-02-25
| | | | | | | | | | | | | | | | | | represented in type 'int' Fixes: 666/clusterfuzz-testcase-6581447227867136 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* | avcodec/pngdec: Check bit depth for validityMichael Niedermayer2017-02-19
| | | | | | | | | | | | | | | | | | | | Fixes: runtime error: shift exponent 132 is too large for 32-bit type 'int' Fixes: 609/clusterfuzz-testcase-4825202619842560 See 11.2.2 IHDR Image header Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* | avcodec/pngdec: Store metadata directly into AVFrameMichael Niedermayer2017-02-19
| | | | | | | | | | | | | | | | Fixes memleak Fixes: 500/clusterfuzz-testcase-6315221727576064 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* | avcodec: Mark some codecs with threadsafe init as suchDerek Buitenhuis2017-02-07
| | | | | | | | | | Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* | avcodec/pngdec: Check trns more completelyMichael Niedermayer2017-02-04
| | | | | | | | | | | | | | | | Fixes out of array access Fixes: 546/clusterfuzz-testcase-4809433909559296 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* | avcodec/pngdec: Fix off by 1 size in decode_zbuf()Michael Niedermayer2017-01-23
| | | | | | | | | | | | | | | | Fixes out of array access Fixes: 444/fuzz-2-ffmpeg_VIDEO_AV_CODEC_ID_PNG_fuzzer Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* | pngdec: check if previous frame exists instead of trusting sequence_numberAndreas Cadhalpun2016-11-27
| | | | | | | | | | | | | | | | This fixes a segmentation fault caused by calling memcpy with NULL as second argument in handle_p_frame_apng. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
* | Revert "apngdec: use side data to pass extradata to the decoder"James Almer2016-11-18
| | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit e0c6b32046f4bab7d34be77dd2f03b2a80c86d39. Said commit changed the behavior of the demuxer and decoder in a non backwards compatible way. Demuxers should make extradata available at init if possible, and send new extradata as side data within a packet if needed. A better fix for the remuxing crash will follow. Signed-off-by: James Almer <jamrial@gmail.com>
* | apngdec: use side data to pass extradata to the decoderAndreas Cadhalpun2016-11-01
| | | | | | | | | | | | | | | | | | Fixes remuxing apng streams coming from the apng demuxer. This is a regression since 940b8908b94404a65f9f55e33efb4ccc6c81383c. Found-by: James Almer <jamrial@gmail.com> Reviewed-by: James Almer <jamrial@gmail.com> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
* | Merge commit '41ed7ab45fc693f7d7fc35664c0233f4c32d69bb'Clément Bœsch2016-06-21
|\| | | | | | | | | | | | | * commit '41ed7ab45fc693f7d7fc35664c0233f4c32d69bb': cosmetics: Fix spelling mistakes Merged-by: Clément Bœsch <u@pkh.me>
| * cosmetics: Fix spelling mistakesVittorio Giovara2016-05-04
| | | | | | | | Signed-off-by: Diego Biurrun <diego@biurrun.de>
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-21 23:27:42 +0000