summaryrefslogtreecommitdiff
path: root/libavcodec
Commit message (Collapse)AuthorAge
* avcodec/dpcm: Fix integer overflow in AV_CODEC_ID_GREMLIN_DPCMMichael Niedermayer2020-02-09
| | | | | | | | Fixes: signed integer overflow: -2147479324 + -32568 cannot be represented in type 'int' Fixes: 20103/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_GREMLIN_DPCM_fuzzer-5667667579240448 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wmalosslessdec: Fix integer overflow with sliding in padding bitsMichael Niedermayer2020-02-09
| | | | | | | | Fixes: signed integer overflow: -53716100 * 256 cannot be represented in type 'int' Fixes: 20143/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5716604000403456 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wmalosslessdec: Fix loop in revert_acfilter()Michael Niedermayer2020-02-09
| | | | | | | | | | Fixes: out of array read Fixes: 20059/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5691776237305856 No testcase except the fuzzed one. Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mvha: Check remaining bits in VLC decode loopMichael Niedermayer2020-02-09
| | | | | | | | Fixes: timeout (252sec -> 170msec) Fixes: 20023/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MVHA_fuzzer-5681192565473280 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/agm: YUV420 without DCT needs even dimensionsMichael Niedermayer2020-02-09
| | | | | | | | Fixes: out of array access Fixes: 19892/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AGM_fuzzer-5707525924323328 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/agm: Test remaining data in decode_raw_intra_rgb()Michael Niedermayer2020-02-09
| | | | | | | | | Fixes: Timeout (270sec -> 25ms) Fixes: 20485/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AGM_fuzzer-5636954207289344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* libavcodec/mvha: Check height before applying median predictorMichael Niedermayer2020-02-09
| | | | | | | | | Fixes: out of array read Fixes: 20495/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MVHA_fuzzer-5711179129552896 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/midivid: Check vector indexMichael Niedermayer2020-02-09
| | | | | | | | | Fixes: out of array read Fixes: 20494/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MVDV_fuzzer-5681452423577600 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/cbs: Fix potential double-free when adding unit failsAndreas Rheinhardt2020-02-09
| | | | | | | | | | | | | | | | | | | | | | ff_cbs_insert_unit_data() has two modes of operation: It can insert a unit with a newly created reference to an already existing AVBuffer; or it can take a buffer and create an AVBuffer for it. Said buffer will then become owned by the unit lateron. A potential memleak/double-free exists in the second case, because if creating the AVBuffer fails, the function immediately returns, but when it fails lateron, the supplied buffer will be freed. The caller has no way to distinguish between these two outcomes. The only such caller (cbs_jpeg_split_fragment() in cbs_jpeg.c) opted for a potential double-free. This commit changes this by explicitly stating that a non-refcounted buffer will be freed on error. The aforementioned caller has been brought in line with this. Fixes CID 1452623. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
* lavc/vp9_raw_reorder_bsf: Fix operator orderingMark Thompson2020-02-09
| | | | Fixes CID 1413024.
* lavc/vaapi_encode: Fix leak in error caseMark Thompson2020-02-09
| | | | Fixes CID 1442564.
* lavc/h265_metadata_bsf: Fix parameter orderingMark Thompson2020-02-09
| | | | Fixes CID 1452433.
* lavc/cbs_h2645: Add missing newlines in log messagesMark Thompson2020-02-09
|
* libavcodec/amfenc_hevc.c: Fix Maximum Reference Frames option on AMF HEVC.Sitan Liu2020-02-09
|
* libavcodec/amfenc_hevc.c: Fix Profile level option on AMF HEVC.Sitan Liu2020-02-09
|
* avcodec/mlpdec: use get_bits_long for huff lsbsJai Luthra2020-02-08
| | | | | | | lsb bits may go beyond 25 bits, so to be safe use get_bits_long Signed-off-by: Jai Luthra <me@jailuthra.in> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* ac3enc: drop a global variableAnton Khirnov2020-02-07
| | | | | | | | Log the warning message once per encoder instance instead. Reviewed-by: Kieran Kunhya <kierank@obe.tv> Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: James Almer <jamrial@gmail.com>
* avcodec/cavsdsp: Fix undefined left shifts of negative numbersAndreas Rheinhardt2020-02-07
| | | | | | | | | | | | Affected the ffmpeg-filter_colorkey FATE-test (but only if the C version of idct8_add is used and not e.g. the x86 SSE2 version). Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Fixes: left shift of negative value -107 Fixes: 20398/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CAVS_fuzzer-5725389278412800 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec: add decoder for Simon & Schuster Interactive's ADPCM variantZane van Iperen2020-02-06
| | | | | | | | | Adds support for the ADPCM variant used by some Simon & Schuster Interactive games such as Real War, and Real War: Rogue States. Signed-off-by: Zane van Iperen <zane@zanevaniperen.com> Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevc: add support for Frame Duplication (Doubling/Tripling)Praveen Karadugattu2020-02-06
| | | | Parse picture_struct SEI value.
* avcodec/aptx: split decoder and encoder into separate filesJames Almer2020-02-05
| | | | Signed-off-by: James Almer <jamrial@gmail.com>
* avcodec/av1_parse: don't look for trailing bits in Tile List OBUsJames Almer2020-02-05
| | | | | | The spec states there aren't any. Signed-off-by: James Almer <jamrial@gmail.com>
* avcodec/Makefile: combine dvdsub dependencies into one entry per moduleJames Almer2020-02-05
| | | | Signed-off-by: James Almer <jamrial@gmail.com>
* lavc/dvdsubenc: accept palette from optionsMichael Kuron2020-02-04
| | | | | | | | Previously, the default palette would always be used. Now, we can accept a custom palette, just like dvdsubdec does. Signed-off-by: Michael Kuron <michael.kuron@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* lavc/dvdsubdec: Move palette parsing to new functionMichael Kuron2020-02-04
| | | | | Signed-off-by: Michael Kuron <michael.kuron@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mlpenc: fix small memory leakPaul B Mahol2020-02-04
|
* mlp: check huff_lsbs only when codebook is usedJai Luthra2020-02-04
| | | | | | | When no codebook is used, huff_lsbs can be more than 24 and still decode to original values once filters are applied. Signed-off-by: Jai Luthra <me@jailuthra.in>
* mlpenc: fix some -fsanitize=integer errorsJai Luthra2020-02-04
| | | | Signed-off-by: Jai Luthra <me@jailuthra.in>
* mlpenc: clean upJai Luthra2020-02-04
| | | | Signed-off-by: Jai Luthra <me@jailuthra.in>
* mlpenc: improve lpc filteringJai Luthra2020-02-04
| | | | | | | | | * fix a possible memory leak (apply_filter returned before freeing) * use apply_filters in process_major_frame * revert back to checking bounds with 24 bitdepth, as huff offset takes care of it Signed-off-by: Jai Luthra <me@jailuthra.in>
* mlpenc: prevent negative lsb_bits lshiftJai Luthra2020-02-04
| | | | | | Fixes Coverity CID 1396239. Signed-off-by: Jai Luthra <me@jailuthra.in>
* mlpenc: fix huff offset calculationJai Luthra2020-02-04
| | | | | | | huff offset wasn't always within the bounds before, which lead to corrupt encoding that didn't always trigger lossless check failures Signed-off-by: Jai Luthra <me@jailuthra.in>
* mlpenc: fix lossless check error in number_sbitsJai Luthra2020-02-04
| | | | | | we need two bits instead of one bit to represent -1 in bitstream Signed-off-by: Jai Luthra <me@jailuthra.in>
* avcodec/lagarith: Sanity check scaleMichael Niedermayer2020-02-03
| | | | | | | | | | A value of 24 and above can collaps the range to 0 which would not work. Fixes: Timeout (75sec -> 21sec) Fixes: 18707/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LAGARITH_fuzzer-5708950892969984 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/pngdec: Check amount decodedMichael Niedermayer2020-02-03
| | | | | | | | | | | Fixes: Timeout (70sec -> 243ms) Fixes: 16097/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APNG_fuzzer-5664690889293824 Fixes: 16927/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APNG_fuzzer-5170612070252544 Fixes: 16927/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APNG_fuzzer-5706325622784000 Fixes: 18705/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APNG_fuzzer-5650989302677504 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: Fix integer overflows in predictor_decode_mono_3950()Michael Niedermayer2020-02-03
| | | | | | | | Fixes: signed integer overflow: -2147407150 + -1871606 cannot be represented in type 'int' Fixes: 18702/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5679095417667584 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/libvpxenc: add VP9 temporal scalability encoding optionWonkap Jang2020-02-03
| | | | | | | | | This commit reuses the configuration options for VP8 that enables temporal scalability for VP9. It also adds a way to enable three preset temporal structures (refer to the documentation for more detail) that can be used in offline encoding. Signed-off-by: James Zern <jzern@google.com>
* avcodec/ralf: Fix integer overflow in apply_lpc()Michael Niedermayer2020-02-03
| | | | | | | | | Fixes: signed integer overflow: 2147482897 + 2048 cannot be represented in type 'int' Fixes: 19240/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5743240326414336 Fixes: 19869/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5150136636538880 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dca_lbr: Fix some error codes and error passingMichael Niedermayer2020-02-03
| | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/8svx: Use av_assert1(0) instead of error message in unreachable codeMichael Niedermayer2020-02-03
| | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wmavoice: Fix rounding and integer anomalies in calc_input_response()Michael Niedermayer2020-02-03
| | | | | | | | | | Fixes: out of array access Fixes: inf is outside the range of representable values of type 'int' Fixes: signed integer overflow: -9223372036854775808 - 1 cannot be represented in type 'long' Fixes: 19316/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAVOICE_fuzzer-5677369365102592 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wmavoice: sanity check block_alignMichael Niedermayer2020-02-03
| | | | | | | | | | | This limit is roughly based on the bitreader limit, its likely a much tighter limit could be used Fixes: left shift of 1965039647 by 1 places cannot be represented in type 'int' Fixes: 19545/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAVOICE_fuzzer-5695391899320320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/pcm: Fix invalid shift in pcm_decode_frame for LXFMichael Niedermayer2020-02-03
| | | | | | | | Fixes: left shift of 32 by 28 places cannot be represented in type 'int' Fixes: 19472/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PCM_LXF_fuzzer-5704364320096256 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/snappy: Sanity check bytestream2_get_levarint()Michael Niedermayer2020-02-03
| | | | | | | | | | Fixes: left shift of 79 by 28 places cannot be represented in type 'int' Fixes: 20202/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HAP_fuzzer-5719004081815552 Fixes: 20219/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HAP_fuzzer-5641738677125120 Fixes: 20389/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HAP_fuzzer-5680721517871104 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mlpdsp: Fix a invalid shift in ff_mlp_rematrix_channel()Michael Niedermayer2020-02-02
| | | | | | | | | Fixes: left shift of negative value -2 Fixes: 20305/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEHD_fuzzer-5677196618498048 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Jai Luthra <me@jailuthra.in> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/adpcm_argo: simplify and move duplicated logic into a functionZane van Iperen2020-02-02
| | | | | Signed-off-by: Zane van Iperen <zane@zanevaniperen.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/v4l2_m2m: CosmeticsAndriy Gelman2020-02-01
| | | | | | Change pointer symbol position. Signed-off-by: Andriy Gelman <andriy.gelman@gmail.com>
* avcodec/v4l2_m2m: Use consistent logging contextAndriy Gelman2020-02-01
| | | | | | | Before this commit v4l2_m2m used two different logging contexts (from V4L2m2mPriv and AVCodecContext). For consistency always use AVCodecContext. Signed-off-by: Andriy Gelman <andriy.gelman@gmail.com>
* avcodec/v4l2_m2m: Simplify capture buffer init checkAndriy Gelman2020-02-01
| | | | | | | | Before this commit s->avctx == NULL was used to infer that an encoder is being initialzed. Code readability has been improved by directly using !av_codec_is_decoder() instead. Signed-off-by: Andriy Gelman <andriy.gelman@gmail.com>
* avcodec:v4l2_context: Remove NULL initializationAndriy Gelman2020-02-01
| | | | Signed-off-by: Andriy Gelman <andriy.gelman@gmail.com>
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-16 10:54:17 +0000