Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bb04235d72)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The code works in steps of 2 lines and lacks support for odd height
Implementing odd height support is better but for now this fixes the
out of array access
Fixes: out of array access
Fixes: tickets/10702/poc6ffmpe
Found-by: Zeng Yunxiang
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e4d2666bdc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: out of array access
Fixes: Ticket8240
Fixes: CVE-2020-22021
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7971f62120)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bb08ee0c6fb7bdebd37cbf00aefed206909e8f78)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Found-by: Jeremy Leconte <jleconte@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1cf96ce269)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 1562273630 * 17 cannot be represented in type 'int'
Fixes: Ticket8323
Found-by: Suhwan
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0c0ca0f244)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
A score of 0 is possible
Fixes: Ticket8500
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit dfc4714886)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
score could be 1.0 which lead to uninitialized values
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6ff2474e02)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
With floats we cannot represent all 32bit integer dimensions
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c8813b1a98)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of array access
Fixes: poc.mp4
Found-by: GwanYeong Kim <gy741.kim@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c6939f65a1)
(cherry picked from commit 3f621455d6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
'threshhold' should be 'threshold'
Signed-off-by: Kelly Ledford <kelly.ledford@intel.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bc219082bb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Use perdefined micro __FUNCTION__ rather than hard coding function name
to fix wrong function name in error message.
Signed-off-by: Jun Zhao <jun.zhao@intel.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4280948702)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Found-by: Nicolas
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 942036e97c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes CID1397292
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5f2b360fc0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Moritz Barsnick <barsnick@gmx.net>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f4e4bde1f4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes Ticket5326
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit abc957e896)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Currently, if the movie source filter is used and a seek_point is
specified on a file that has a negative start time, ffmpeg will fail.
An easy way to reproduce this is as follows:
$ ffmpeg -vsync passthrough -filter_complex 'color=d=10,setpts=PTS-1/TB' test.mp4
$ ffmpeg -filter_complex 'movie=filename=test.mp4:seek_point=2' -f null -
The problem is caused by checking for int64_t overflow the wrong way.
In general, to check whether a + b overflows, it is not enough to do:
a > INT64_MAX - b
because b might be negative; the correct way is:
b > 0 && > a > INT64_MAX - b
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c1f9734f97)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Prevents that following scalers in the filter chain will do unintentional color range conversions.
Fixes Ticket #5096
Signed-off-by: Thomas Mundt <loudmax@yahoo.de>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 73ce8162f3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 997de2e810)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes potential division by zero
Fixes: CID1292295
Reviewed-by: Ganesh Ajjanagadde <gajjanag@mit.edu>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
