1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00
Commit Graph

175 Commits

Author SHA1 Message Date
Michael Niedermayer
98a9d868d1 avcodec/shorten: Fix integer overflow with offset
Fixes: signed integer overflow: -1625810908 - 582229060 cannot be represented in type 'int'
Fixes: 10977/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5732602018267136

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2f888771cd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-01-21 07:53:25 +01:00
Michael Niedermayer
28b80c2d52 avcodec/shorten: Fix bitstream end check in read_header()
Fixes: Timeout
Fixes: 9961/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5687856176562176

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-09-15 20:00:45 +02:00
Michael Niedermayer
9b604e96a5 avcodec/shorten: Fix signed 32bit overflow in shift in shorten_decode_frame()
Fixes: runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
Fixes: 9480/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-6647324284551168 -rss_limit_mb=2000

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-08-16 00:55:39 +02:00
Michael Niedermayer
db7e9082e1 avcodec/shorten: Fix integer overflow in residual/LPC combination
Fixes: signed integer overflow: -540538872 + -2012739576 cannot be represented in type 'int'
Fixes: 9255/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5758630052757504

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-08-16 00:55:37 +02:00
Michael Niedermayer
7007dabec0 avcodec/shorten: Check verbatim length
Fixes: Timeout
Fixes: 9252/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5780720709533696

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-08-16 00:55:34 +02:00
Michael Niedermayer
3b10bb8772 avcodec/shorten: Fix undefined addition in shorten_decode_frame()
Fixes: signed integer overflow: 1139785606 + 1454196085 cannot be represented in type 'int'
Fixes: 8937/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-6202943597445120

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-07-04 01:10:28 +02:00
Michael Niedermayer
70832333bb avcodec/shorten: Fix undefined integer overflow
Fixes: signed integer overflow: 8454144 * 256 cannot be represented in type 'int'
Fixes: 8788/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5728205041303552

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-07-04 01:10:28 +02:00
Michael Niedermayer
f2abd36b38 avcodec/shorten: Fix multiple integer overflows
Fixes: signed integer overflow: 3 * 1006632960 cannot be represented in type 'int'
Fixes: 8278/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5692857166856192

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-06-07 19:52:57 +02:00
Michael Niedermayer
606c714823 avcodec/shorten: Fix undefined shift in fix_bitshift()
Fixes: left shift of negative value -9
Fixes: 8571/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5715966875926528

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-06-07 19:52:57 +02:00
Michael Niedermayer
a711efe922 avcodec/shorten: Fix a negative left shift in shorten_decode_frame()
Fixes: left shift of negative value -9057
Fixes: 8527/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5666853924896768

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-06-07 19:52:57 +02:00
Michael Niedermayer
d91a0b503d avcodec/shorten: Sanity check nmeans
Fixes: OOM
Fixes: 8195/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5179785826271232

The reference software appears to use longs for 32bits and it uses int for nmeans
hinting that the intended maximum size was not 32bit.

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-06-07 19:52:57 +02:00
Michael Niedermayer
424a81df10 avcodec/shorten: Check non COMM chunk len before skip in decode_aiff_header()
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 8024/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5109204648984576

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-06-06 16:58:08 +02:00
Michael Niedermayer
380659604f avcodec/shorten: Move buffer allocation and offset init to end of read_header()
They are time consuming operations, performing them after the other checks
improves the speed with damaged input dramatically.

Fixes: Timeout
Fixes: 2928/clusterfuzz-testcase-4992812120539136

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-09-12 01:52:14 +02:00
Michael Niedermayer
e77ddd31a8 avcodec/shorten: Sanity check maxnlpc
Fixes OOM
Fixes: 2131/clusterfuzz-testcase-minimized-4718045157130240

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-16 20:32:39 +02:00
Michael Niedermayer
df8575584d avcodec/shorten: Check residual size
Fixes assertion failure

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-06 19:53:25 +02:00
Michael Niedermayer
7b6a51f59c avcodec/shorten: Check k in get_uint()
Fixes: undefined shift
Fixes: 1371/clusterfuzz-testcase-minimized-5770822591447040

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-06 18:28:57 +02:00
Clément Bœsch
e3287077ec Merge commit '67deba8a416d818f3d95aef0aa916589090396e2'
* commit '67deba8a416d818f3d95aef0aa916589090396e2':
  Use avpriv_report_missing_feature() where appropriate

Merged-by: Clément Bœsch <cboesch@gopro.com>
2017-03-31 10:40:34 +02:00
Clément Bœsch
549045254c Fix all -Wformat warnings raised by DJGPP 2017-03-29 14:49:29 +02:00
Paul B Mahol
20789372da avcodec/shorten: support decoding AIFF-C variant
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2017-02-23 23:03:27 +01:00
Diego Biurrun
67deba8a41 Use avpriv_report_missing_feature() where appropriate 2016-11-08 17:54:34 +01:00
Paul B Mahol
1f62a6e780 avcodec/shorten: make max frame size bigger if custom block size was used
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2016-04-27 09:08:45 +02:00
Paul B Mahol
b62ed56e25 avcodec/shorten: properly handle bitshift > 31
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2016-04-11 13:14:55 +02:00
Paul B Mahol
571aa7d25e avcodec/shorten: mark as AV_CODEC_CAP_SUBFRAMES
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2016-04-10 19:54:43 +02:00
Paul B Mahol
0c90b2e013 avcodec/shorten: add support for AIFF packing, not bitexact
Also report unsupported packing.

Signed-off-by: Paul B Mahol <onemda@gmail.com>
2016-04-09 21:07:10 +02:00
Paul B Mahol
82ee37f1f3 avcodec/shorten: fix decoding of very large (>2048) block sizes
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2016-04-09 19:51:16 +02:00
Paul B Mahol
dee138624f avcodec/shorten: fix decoding of files with number of samples lower than max_frame_size
Note that support of very big block sizes is not currently supported at all due
too flawed logic in decoder.

Signed-off-by: Paul B Mahol <onemda@gmail.com>
2016-04-08 23:45:09 +02:00
Paul B Mahol
c18fdc8692 avcodec/shorten: remove useless if condition and comment, reindent
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2016-04-08 23:21:47 +02:00
Paul B Mahol
966d43d778 avcodec/shorten: fix decoding of last frame
Previously it would be always discarded.

Signed-off-by: Paul B Mahol <onemda@gmail.com>
2016-04-08 22:32:32 +02:00
Paul B Mahol
ae8a13c560 avcodec/shorten: if allocation fails reset max_frame_size
Otherwise crash happens.

Signed-off-by: Paul B Mahol <onemda@gmail.com>
2016-04-08 09:59:05 +02:00
Paul B Mahol
0c9490609d avformat: support shorten in nistshpere demuxer
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2016-04-07 22:15:41 +02:00
Derek Buitenhuis
1a12eb4a73 Merge commit '29c2d06d67724e994980045afa055c6c34611b30'
* commit '29c2d06d67724e994980045afa055c6c34611b30':
  cosmetics: Drop empty comment lines

Merged-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2016-02-24 17:31:44 +00:00
Diego Biurrun
29c2d06d67 cosmetics: Drop empty comment lines 2016-02-18 15:35:30 +01:00
Michael Niedermayer
29d147c94d Merge commit '059a934806d61f7af9ab3fd9f74994b838ea5eba'
* commit '059a934806d61f7af9ab3fd9f74994b838ea5eba':
  lavc: Consistently prefix input buffer defines

Conflicts:
	doc/examples/decoding_encoding.c
	libavcodec/4xm.c
	libavcodec/aac_adtstoasc_bsf.c
	libavcodec/aacdec.c
	libavcodec/aacenc.c
	libavcodec/ac3dec.h
	libavcodec/asvenc.c
	libavcodec/avcodec.h
	libavcodec/avpacket.c
	libavcodec/dvdec.c
	libavcodec/ffv1enc.c
	libavcodec/g2meet.c
	libavcodec/gif.c
	libavcodec/h264.c
	libavcodec/h264_mp4toannexb_bsf.c
	libavcodec/huffyuvdec.c
	libavcodec/huffyuvenc.c
	libavcodec/jpeglsenc.c
	libavcodec/libxvid.c
	libavcodec/mdec.c
	libavcodec/motionpixels.c
	libavcodec/mpeg4videodec.c
	libavcodec/mpegvideo.c
	libavcodec/noise_bsf.c
	libavcodec/nuv.c
	libavcodec/nvenc.c
	libavcodec/options.c
	libavcodec/parser.c
	libavcodec/pngenc.c
	libavcodec/proresenc_kostya.c
	libavcodec/qsvdec.c
	libavcodec/svq1enc.c
	libavcodec/tiffenc.c
	libavcodec/truemotion2.c
	libavcodec/utils.c
	libavcodec/utvideoenc.c
	libavcodec/vc1dec.c
	libavcodec/wmalosslessdec.c
	libavformat/adxdec.c
	libavformat/aiffdec.c
	libavformat/apc.c
	libavformat/apetag.c
	libavformat/avidec.c
	libavformat/bink.c
	libavformat/cafdec.c
	libavformat/flvdec.c
	libavformat/id3v2.c
	libavformat/isom.c
	libavformat/matroskadec.c
	libavformat/mov.c
	libavformat/mpc.c
	libavformat/mpc8.c
	libavformat/mpegts.c
	libavformat/mvi.c
	libavformat/mxfdec.c
	libavformat/mxg.c
	libavformat/nutdec.c
	libavformat/oggdec.c
	libavformat/oggparsecelt.c
	libavformat/oggparseflac.c
	libavformat/oggparseopus.c
	libavformat/oggparsespeex.c
	libavformat/omadec.c
	libavformat/rawdec.c
	libavformat/riffdec.c
	libavformat/rl2.c
	libavformat/rmdec.c
	libavformat/rtpdec_latm.c
	libavformat/rtpdec_mpeg4.c
	libavformat/rtpdec_qdm2.c
	libavformat/rtpdec_svq3.c
	libavformat/sierravmd.c
	libavformat/smacker.c
	libavformat/smush.c
	libavformat/spdifenc.c
	libavformat/takdec.c
	libavformat/tta.c
	libavformat/utils.c
	libavformat/vqf.c
	libavformat/westwood_vqa.c
	libavformat/xmv.c
	libavformat/xwma.c
	libavformat/yop.c

Merged-by: Michael Niedermayer <michael@niedermayer.cc>
2015-07-27 23:15:19 +02:00
Michael Niedermayer
444e9874a7 Merge commit 'def97856de6021965db86c25a732d78689bd6bb0'
* commit 'def97856de6021965db86c25a732d78689bd6bb0':
  lavc: AV-prefix all codec capabilities

Conflicts:
	cmdutils.c
	ffmpeg.c
	ffplay.c
	libavcodec/8svx.c
	libavcodec/aacenc.c
	libavcodec/ac3dec.c
	libavcodec/adpcm.c
	libavcodec/alac.c
	libavcodec/atrac3plusdec.c
	libavcodec/bink.c
	libavcodec/dnxhddec.c
	libavcodec/dvdec.c
	libavcodec/dvenc.c
	libavcodec/ffv1dec.c
	libavcodec/ffv1enc.c
	libavcodec/fic.c
	libavcodec/flacdec.c
	libavcodec/flacenc.c
	libavcodec/flvdec.c
	libavcodec/fraps.c
	libavcodec/frwu.c
	libavcodec/gifdec.c
	libavcodec/h261dec.c
	libavcodec/hevc.c
	libavcodec/iff.c
	libavcodec/imc.c
	libavcodec/libopenjpegdec.c
	libavcodec/libvo-aacenc.c
	libavcodec/libvorbisenc.c
	libavcodec/libvpxdec.c
	libavcodec/libvpxenc.c
	libavcodec/libx264.c
	libavcodec/mjpegbdec.c
	libavcodec/mjpegdec.c
	libavcodec/mpegaudiodec_float.c
	libavcodec/msmpeg4dec.c
	libavcodec/mxpegdec.c
	libavcodec/nvenc_h264.c
	libavcodec/nvenc_hevc.c
	libavcodec/pngdec.c
	libavcodec/qpeg.c
	libavcodec/ra288.c
	libavcodec/rv10.c
	libavcodec/s302m.c
	libavcodec/sp5xdec.c
	libavcodec/takdec.c
	libavcodec/tiff.c
	libavcodec/tta.c
	libavcodec/utils.c
	libavcodec/v210dec.c
	libavcodec/vp6.c
	libavcodec/vp9.c
	libavcodec/wavpack.c
	libavcodec/yop.c

Merged-by: Michael Niedermayer <michael@niedermayer.cc>
2015-07-27 22:50:18 +02:00
Vittorio Giovara
059a934806 lavc: Consistently prefix input buffer defines
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
2015-07-27 15:24:59 +01:00
Vittorio Giovara
def97856de lavc: AV-prefix all codec capabilities
Express bitfields more simply.

Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
2015-07-27 15:24:58 +01:00
Paul B Mahol
94cfb6db7d avcodec/shorten: use init_get_bits8()
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2015-07-03 16:57:11 +00:00
Michael Niedermayer
294469416d avcodec/shorten: More complete pred_order check
Fixes CID1239055

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-05-15 17:02:28 +02:00
Michael Niedermayer
2d15588124 avcodec/shorten: Fix code depending on signed overflow behavior
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-05-15 16:58:51 +02:00
Michael Niedermayer
d201becfc0 avcodec/shorten: Check skip_bytes()
Fixes CID1210526

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-05-15 16:48:31 +02:00
Michael Niedermayer
fbe8672e15 avcodec/shorten: use av_reallocp_array()
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-01-12 23:46:50 +01:00
Michael Niedermayer
ecb748866e Merge commit '8e104619a627fcf5f4c2bd3c09d0c2d323aae745'
* commit '8e104619a627fcf5f4c2bd3c09d0c2d323aae745':
  shorten: check for return value

Conflicts:
	libavcodec/shorten.c

See: e20ebe491c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-11-13 14:21:58 +01:00
Vittorio Giovara
8e104619a6 shorten: check for return value
Avoid a possible negative bitshift.

CC: libav-stable@libav.org
Bug-Id: CID 1194400
2014-11-13 01:41:26 +01:00
Michael Niedermayer
e20ebe491c avcodec/shorten: check bitshift
Fixes invalid shift
Fixes CID1194400

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-04-27 13:03:28 +02:00
Anton Khirnov
1713eec29a shorten: pad the internal bitstream buffer
Fixes invalid reads.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
2014-02-04 21:59:57 +01:00
Michael Niedermayer
1486ed0815 avcodec/shorten: clear bitstream buffer
Fixes use of uninitialized memory
Fixes: msan_uninit-mem_7f3ca95606fb_6393_luckynight-partial.shn
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-12-26 01:35:00 +01:00
Michael Niedermayer
8c677a9f06 Merge commit '9b8d11a76ae7bca8bbb58abb822138f8b42c776c'
* commit '9b8d11a76ae7bca8bbb58abb822138f8b42c776c':
  avcodec: Use av_reallocp where suitable

Conflicts:
	libavcodec/bitstream.c
	libavcodec/eatgv.c
	libavcodec/flashsv.c
	libavcodec/libtheoraenc.c
	libavcodec/libvpxenc.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2013-12-09 20:31:29 +01:00
Alexandra Khirnova
9b8d11a76a avcodec: Use av_reallocp where suitable
Signed-off-by: Martin Storsjö <martin@martin.st>
2013-12-09 12:27:51 +02:00
Michael Niedermayer
bb8ce36dc2 Merge commit '5f5ada3dbf97e306a74250ba8dcf8619ad59b020'
* commit '5f5ada3dbf97e306a74250ba8dcf8619ad59b020':
  shorten: Fix out-of-array read

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2013-10-11 09:20:26 +02:00
Tim Walker
5f5ada3dbf shorten: Fix out-of-array read
pred_order == FF_ARRAY_ELEMS(fixed_coeffs) is invalid too.

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2013-10-10 17:52:14 +02:00