summaryrefslogtreecommitdiff
path: root/libavcodec
Commit message (Collapse)AuthorAge
* avcodec/wmalosslessdec: Fixes undefined overflow in dequantization in ↵Michael Niedermayer2019-12-31
| | | | | | | | | | decode_subframe() Fixes: signed integer overflow: 47875596 * 45 cannot be represented in type 'int' Fixes: 19082/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5687766512041984 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/sonic: Check e in get_symbol()Michael Niedermayer2019-12-31
| | | | | | | | | Fixes: signed integer overflow: 1721520852 + 1721520852 cannot be represented in type 'int' Fixes: 18346/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5709623893426176 Fixes: 18753/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5663299131932672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/twinvqdec: Correct overflow in block align checkMichael Niedermayer2019-12-31
| | | | | | | | Fixes: signed integer overflow: 538976288 * 8 cannot be represented in type 'int' Fixes: 19126/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TWINVQ_fuzzer-5687464110325760 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/h264_ps: Provide more details with "Truncated VUI" MessageMichael Niedermayer2019-12-31
| | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/utils: remove access of AV_SAMPLE_FMT_NBZhao Zhili2019-12-31
| | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* lavc/qsv: remove the unused funtion ff_qsv_profile_to_mfx()Zhong Li2019-12-29
| | | | Signed-off-by: Zhong Li <zhongli_dev@126.com>
* lavc/qsvdec: disable gpu copy when not supportedZhong Li2019-12-29
| | | | Signed-off-by: Zhong Li <zhongli_dev@126.com>
* lavc/qsvdec: fix the error retrun code in ff_qsv_get_continuous_buffer()Zhong Li2019-12-29
| | | | Signed-off-by: Zhong Li <zhongli_dev@126.com>
* avcodec/vc1dec: Fix "return -1" casesMichael Niedermayer2019-12-28
| | | | | Reviewed-by: "mypopy@gmail.com" <mypopy@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vc1dec: Free sprite_output_frame on errorMichael Niedermayer2019-12-28
| | | | | | | | Fixes: memleaks Fixes: 19471/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5688035714269184 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/atrac9dec: Clamp band_ext_data to max that can be read if skipped.Michael Niedermayer2019-12-28
| | | | | | | | | Fixes: out of array read Fixes: 19327/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC9_fuzzer-5679823087468544 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Lynne <dev@lynne.ee> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/agm: Include block size in the MV check for flags == 3Michael Niedermayer2019-12-28
| | | | | | | | Fixes: out of array read Fixes: 19331/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AGM_fuzzer-5644115983466496 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wmadec: Keep track of exponent initialization per channelMichael Niedermayer2019-12-28
| | | | | | | | Fixes: division by 0 Fixes: 19123/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAV2_fuzzer-5655493121146880 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/iff: Check that video_size is large enough for the read parametersMichael Niedermayer2019-12-28
| | | | | | | | | | | video is allocated before parameters like bpp are read. Fixes: out of array access Fixes: 19084/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5718556033679360 Fixes: 19465/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5759908398235648 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/v4l2_m2m_enc: Check encoder pix_fmt matches pix_fmt on deviceAndriy Gelman2019-12-27
| | | | | | | | | | | | | | | | | | | Fixes #8079 During initialization of a v4l2m2m device, the configured pix_fmt can be different to the pix_fmt of the encoder (i.e. avctx->pix_fmt). For example on the Odroid XU4: ./ffmpeg -f lavfi -i yuvtestsrc -codec:v h264_v4l2m2m out.h264 will configure the v4l2 encoder to pix_fmt nv21, whereas the input frames will be yuv444p. This commit checks that the configured v4l2 pix_fmt on device is the same as avctx->pix_fmt. If they are different the initialization fails and an error is returned. Tested on RPI4 and Odroid XU4. Signed-off-by: Andriy Gelman <andriy.gelman@gmail.com>
* avcodec/mvha: fix warning: variable 'size' set but not usedLimin Wang2019-12-27
| | | | | | Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Limin Wang <lance.lmwang@gmail.com> Signed-off-by: James Almer <jamrial@gmail.com>
* avcodec/vc1dec: remove the unneeded ()Limin Wang2019-12-26
| | | | | Signed-off-by: Limin Wang <lance.lmwang@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ass: remove the unneeded ()Limin Wang2019-12-26
| | | | | Signed-off-by: Limin Wang <lance.lmwang@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/cbs_vp9: Check data_sizeMichael Niedermayer2019-12-26
| | | | | | | | | Fixes: out of array access Fixes: 19542/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5659498341728256 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: James Almer <jamrial@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/cbs_vp9: Check index_sizeMichael Niedermayer2019-12-25
| | | | | | | | | Fixes: out of array read Fixes: 19300/clusterfuzz-testcase-minimized-ffmpeg_BSF_VP9_METADATA_fuzzer-5653911730126848 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: James Almer <jamrial@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* lavc/midivid: check return value of init_get_bits8()Zhong Li2019-12-23
| | | | | | Fix CID 1456088 Signed-off-by: Zhong Li <zhongli_dev@126.com>
* avcodec/noise_bsf: remove superfluous fail labelJames Almer2019-12-23
| | | | Signed-off-by: James Almer <jamrial@gmail.com>
* avcodec/hevcdec: keep closed captions in sync between multiple thread contextsJames Almer2019-12-21
| | | | | | | Based on h264 code. Reviewed-by: Limin Wang <lance.lmwang@gmail.com> Signed-off-by: James Almer <jamrial@gmail.com>
* avcodec/h264_sei: fix the size of user data unregisteredLimin Wang2019-12-20
| | | | | | | According to the specifications, the payloadSize includes the 16-byte size of UUID. Signed-off-by: Limin Wang <lance.lmwang@gmail.com> Signed-off-by: James Almer <jamrial@gmail.com>
* avcodec/hevc_sei: switch to AVBufferRef buffer for a53 captionLimin Wang2019-12-20
| | | | | Signed-off-by: Limin Wang <lance.lmwang@gmail.com> Signed-off-by: James Almer <jamrial@gmail.com>
* avcodec/cbs_av1: add missing valid range of values for num_cb_points and ↵James Almer2019-12-19
| | | | | | | | | num_cr_points It is a requirement of bitstream conformance that num_cr_points is less than or equal to 10. It is a requirement of bitstream conformance that num_cb_points is less than or equal to 10. Signed-off-by: James Almer <jamrial@gmail.com>
* lavc/h264dec.h: remove unused ff_h264_decode_slice_headerLinjie Fu2019-12-17
| | | | | | | | | Once removed in 4a9bab3db0d9ec449ebc8b5e823374d1d1df7761. Introduced again in b25cd7540e7. Signed-off-by: Linjie Fu <fulinjie@zju.edu.cn> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* lavc/hevc_cabac: fix cbf_cb and cbf_cr for transform depth 4Linjie Fu2019-12-17
| | | | | | | | | | | The max transform depth is 5(from 0 to 4), so we need 5 cabac states for cbf_cb and cbf_cr. See Table 9-4 for details. Signed-off-by: Xu Guangxin <guangxin.xu@intel.com> Signed-off-by: Linjie Fu <linjie.fu@intel.com> Signed-off-by: James Almer <jamrial@gmail.com>
* vc2enc: zero padding of the coefficient bufferLynne2019-12-17
| | | | | | | | | | Wavelet types with large amounts of overreading/writing like 9_7 would write into the padding at high wavelet depths, which would remain and be read by the next frame's transform and quickly cause artifacts to appear for subsequent frames. This fix affects all frames encoded with a non-power-of-two width, with the artifacts varying between non-observable to very noticeable, depending on encoder settings, so reencoding is advisable.
* lavc/vaapi_encode: grow packet if vaMapBuffer returns multiple buffersLinjie Fu2019-12-17
| | | | | | | | | | | | Currently, assigning new buffer for pkt when multiple buffers were returned from vaMapBuffer will overwrite the previous encoded pkt data and lead to encode issues. Iterate through the buf_list first to find out the total buffer size needed for the pkt, allocate the whole pkt to avoid repeated reallocation and memcpy, then copy data from each buf to pkt. Signed-off-by: Linjie Fu <linjie.fu@intel.com>
* lavc/allcodecs: Add mpeg4 omx encoder, missed in 0e387232Carl Eugen Hoyos2019-12-16
|
* lavc/cbs_h2645_syntax_template: Fix memleakAndriy Gelman2019-12-16
| | | | | | | | | | | | | | | | | payload_count is used to track the number of SEI payloads. It is also used to free the SEIs in cbs_h264_free_sei()/cbs_h265_free_sei(). Currently, payload_count is set after for loop is completed. Hence if there is an error and the function exits, the payload remains zero causing a memleak. This commit keeps track of payload_count inside the for loop to fix the issue. Note that that the contents of current are initialized with av_mallocz() so there is no need to zero initialize payload_count. Found-by: libFuzzer Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Andriy Gelman <andriy.gelman@gmail.com>
* h264_mp4toannexb: Remove unnecessary checkAndreas Rheinhardt2019-12-15
| | | | | | | | | | | There can be at most 31 SPS and 255 PPS in the mp4/Matroska extradata. Given that each has a size of at most 2^16-1, the length of the output derived from these parameter sets can never overflow an ordinary 32 bit integer. So use a simple uint32_t instead of uint64_t and replace the unnecessary check with an av_assert1. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/adpcm: Clip predictor for APCMichael Niedermayer2019-12-15
| | | | | | | | Fixes: signed integer overflow: -2147483648 - 13 cannot be represented in type 'int' Fixes: 18893/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_IMA_APC_fuzzer-5630760442920960 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/targa: Check colors vs. available spaceMichael Niedermayer2019-12-15
| | | | | | | | Fixes: Timeout (37sec -> 52ms) Fixes: 18892/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TARGA_fuzzer-5739537854889984 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dstdec: Use get_ur_golomb_jpegls()Michael Niedermayer2019-12-15
| | | | | | | | | Fixes: shift exponent -4 is negative Fixes: 17793/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DST_fuzzer-5766088435957760 Fixes: 18989/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DST_fuzzer-5175008116867072 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wmavoice: Check remaining input in parse_packet_header()Michael Niedermayer2019-12-15
| | | | | | | | Fixes: Infinite loop Fixes: 18914/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAVOICE_fuzzer-5731902946541568 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wmalosslessdec: Fix 2 overflows in mclmsMichael Niedermayer2019-12-15
| | | | | | | | Fixes: signed integer overflow: 2038337026 + 109343477 cannot be represented in type 'int' Fixes: 18886/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5673660505653248 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/decode: Fix integer overflow in max_samples checkMichael Niedermayer2019-12-15
| | | | | | | | Fixes: signed integer overflow: 1677721600 * 32 cannot be represented in type 'int' Fixes: 18885/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5741242185154560 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wmaprodec: Fixes integer overflow with 32bit samplesMichael Niedermayer2019-12-15
| | | | | | | | Fixes: left shift of 1 by 31 places cannot be represented in type 'int' Fixes: 18860/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAPRO_fuzzer-5755223125786624 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/adpcm: Fix invalid shift in xa_decode()Michael Niedermayer2019-12-15
| | | | | | | | Fixes: left shift of negative value -1 Fixes: 18859/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_XA_fuzzer-5748474213040128 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wmavoice: Add FF_CODEC_CAP_INIT_CLEANUPMichael Niedermayer2019-12-15
| | | | | | | | Fixes: memleaks Fixes: 18855/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAVOICE_fuzzer-5687647317524480 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wmalosslessdec: Fix several integer issuesMichael Niedermayer2019-12-15
| | | | | | | | Fixes: shift exponent -1 is negative (and others) Fixes: 18852/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5660855295541248 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wmalosslessdec: Check that padding bits is not more than sample bitsMichael Niedermayer2019-12-15
| | | | | | | | Fixes: left shift of 1 by 31 places cannot be represented in type 'int' Fixes: 18817/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5713317180211200 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/iff: Skip overflowing runs in decode_delta_d()Michael Niedermayer2019-12-15
| | | | | | | | Fixes: Timeout (107sec - 75ms> Fixes: 18812/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-6295585225441280 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: Set error on error in ape_decode_value_3860()Michael Niedermayer2019-12-15
| | | | | | | | Fixes: Timeout (unknown -> 15sec) Fixes: 18808/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5677586072207360 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/pnm: Check that the header is not truncatedMichael Niedermayer2019-12-15
| | | | | | | Fixes: Ticket8430 Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mp3_header_decompress_bsf: Check sample_rate_indexMichael Niedermayer2019-12-15
| | | | | | | | | Fixes: out of array read Fixes: 19309/clusterfuzz-testcase-minimized-ffmpeg_BSF_MP3_HEADER_DECOMPRESS_fuzzer-5651002950942720 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* lavc/pnmdec: Fix 16bit decoding.Carl Eugen Hoyos2019-12-14
| | | | | Regression since cdb5479c Reported by irc user tTh from Mixart-Myrys
* avcodec/simple_idct_template: fix integer overflowPaul B Mahol2019-12-14
|
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-21 02:42:46 +0000