1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-12 19:18:44 +02:00
Commit Graph

162 Commits

Author SHA1 Message Date
Michael Niedermayer
51225dee0a avcodec/iff: Fix off by x error
Fixes: out of array access
Fixes: 23245/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5723121327013888.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-14 18:20:37 +02:00
Michael Niedermayer
a035fd88ae avcodec/iff: Test video_size being non zero
Fixes: Out of array access
Fixes: 20659/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5658548592967680
Fixes: 20659/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5723561177382912

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-05-12 21:39:13 +02:00
Michael Niedermayer
7a92147f87 avcodec/iff: Fix several integer overflows
Fixes: negation of -2147483648 cannot be represented in type 'int32_t' (aka 'int'); cast to an unsigned type to negate this value to itself
Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int32_t' (aka 'int')
Fixes: 20492/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5764066459254784

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-05-11 00:45:09 +02:00
Michael Niedermayer
b4a33387cb avcodec/iff: Check length before memcpy() in decode_deep_rle32()
Fixes: out of array read
Fixes: 20796/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5111364702175232.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-04-22 22:57:38 +02:00
Michael Niedermayer
bc41a29a5a avcodec/iff: Fix invalid pointer intermediates in decode_deep_rle32()
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-04-22 22:57:38 +02:00
Michael Niedermayer
8652f4e7a1 avcodec/iff: Over-allocate ham_palbuf for HAM6 IFF-PBM
IFF-PBM-HAM6 can read out of array without this overallocation
Fixes: Out of array read
Fixes: 19752/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5675331403120640

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-01-30 19:56:25 +01:00
Michael Niedermayer
e7af64178a avcodec/iff: Check input space before loop in decode_delta_d()
Fixes: Timeout (114sec ->108ms)
Fixes: 19290/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5740598116220928

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-01-18 18:35:57 +01:00
Michael Niedermayer
f1b97f62f8 avcodec/iff: Check that video_size is large enough for the read parameters
video is allocated before parameters like bpp are read.

Fixes: out of array access
Fixes: 19084/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5718556033679360
Fixes: 19465/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5759908398235648

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-28 11:20:48 +01:00
Michael Niedermayer
185f441ba2 avcodec/iff: Skip overflowing runs in decode_delta_d()
Fixes: Timeout (107sec - 75ms>
Fixes: 18812/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-6295585225441280

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-15 01:01:22 +01:00
Michael Niedermayer
a1f8b36cc4 avcodec/iff: Move index use after check in decodeplane8()
Fixes: index 9 out of bounds for type 'const uint64_t [8][256]'
Fixes: 18409/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5767030560522240
Fixes: 18720/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5651995784642560

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-11-20 15:50:15 +01:00
Michael Niedermayer
32b3c8ce7d avcodec/iff: Check available space before entering loop in decode_long_vertical_delta2() / decode_long_vertical_delta()
Fixes: Timeout (31sec -> 41ms)
Fixes: 18380/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5645210121404416

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-11-09 17:26:28 +01:00
Michael Niedermayer
dfa5d1a366 avcodec/iff: Check for overlap in cmap_read_palette()
Fixes: undefined memcpy() use
Fixes: 16302/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5678750575886336

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-09-05 19:45:53 +02:00
Andreas Rheinhardt
f12e662a3d libavcodec/iff: Use unsigned to avoid undefined behaviour
The initialization of the uint32_t plane32_lut matrix uses left shifts
of the form 1 << plane; plane can be as big as 31 which means that this
is undefined behaviour as 1 will be simply an int. So make it unsigned
to avoid this.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-08-05 17:54:24 +02:00
Michael Niedermayer
84669b1872 avcodec/iff: Add "else" to make code look prettier
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-07-14 22:17:43 +02:00
Michael Niedermayer
f76d7352e0 avcodec/iff: Check ham vs bpp
This checks the ham value much stricter and avoids hitting cases which cannot be reached
with data from the libavformat demuxer.

Fixes: out of array access
Fixes: 15320/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5080476840099840
Fixes: 15423/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5630765833912320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-07-08 09:00:21 +02:00
Michael Niedermayer
0f9789c8e3 avcodec/iff: finetune the palette size check in the mask case
Fixes: out of array access
Fixes: 15381/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5668057826983936

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-06-23 10:51:16 +02:00
Michael Niedermayer
92e8db532c avcodec/iff: Fix mask_buf / mask_palbuf leak
Fixes: 15372/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5708881759567872

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-06-23 10:46:49 +02:00
Michael Niedermayer
9a6503f496 avcodec/iff: Cleanup on init failure
Fixes: memleak
Fixes: 2272/clusterfuzz-testcase-minimized-5059103858622464

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-18 14:05:57 +02:00
Clément Bœsch
549045254c Fix all -Wformat warnings raised by DJGPP 2017-03-29 14:49:29 +02:00
Paul B Mahol
5979fb0b1e avcodec/iff: support for byterun1 ACBM compression
This is apparently same as no compression.

Signed-off-by: Paul B Mahol <onemda@gmail.com>
2017-02-12 13:28:25 +01:00
Paul B Mahol
49633f9f74 avcodec/iff: add support for vertical word compression in ILBM
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2017-01-06 21:45:52 +01:00
Paul B Mahol
0ea03dbbf9 avcodec/iff: remove palette swapping for anim
It appears it is wrong.
2016-08-15 13:21:47 +02:00
Michael Niedermayer
a2550e7d2e avcodec/iff: Check that there are enough bytes in dgb before reading
Fixes CID1361959

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-07-11 14:48:57 +02:00
Michael Niedermayer
9585c50942 avcodec/iff: remove useless ()
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-07-11 14:44:27 +02:00
Michael Niedermayer
55ef890b29 avcodec/iff: Print error for cols/bpp/bytes being bad in decode_delta_j()
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-07-06 11:20:41 +02:00
Michael Niedermayer
fcdbbbd85a avcodec/iff: decode_delta_j: Check that the number of bytes that will be read are available
This should avoid long loops
related to CID1361958

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-07-06 11:19:41 +02:00
Clément Bœsch
9204a84998 Merge commit '5c31eaa9998b2185e0aa04d11adff128498dc14a'
* commit '5c31eaa9998b2185e0aa04d11adff128498dc14a':
  Remove unnecessary get_bits.h #includes and add missing headers where needed.

Merged-by: Clément Bœsch <clement@stupeflix.com>
2016-06-21 15:42:49 +02:00
Michael Niedermayer
c3ad63c6a3 avcodec/iff: Fix bytestream advance
Fixes Ticket5585

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-06-12 20:26:32 +02:00
Piotr Bandurski
854c405dab avcodec/iff: mention RGB8/RGBN decoder
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-05-22 23:04:37 +02:00
Paul B Mahol
a5c5ae5ed8 avcodec/iff: add support for ANBR files
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2016-05-19 16:52:30 +02:00
Paul B Mahol
810a8ba5b6 avcodec/iff: add forgotten checks for end of input buffer
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2016-05-18 12:46:43 +02:00
Paul B Mahol
eef2f64294 avcodec/iff: scala anim32 & anim16 decompression
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2016-05-18 12:32:41 +02:00
Paul B Mahol
95b20ad7b2 avcodec/iff: fix artifacts with uncompressed ham ANIMs
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2016-05-17 11:02:44 +02:00
Paul B Mahol
72e33eec3a avcodec/iff: add support for ANIMs with keyframes and concatenated ANIMs
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2016-05-16 22:39:03 +02:00
Paul B Mahol
8767470fb5 avcodec/iff: check if there is enough bytes left
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2016-05-16 15:39:28 +02:00
Paul B Mahol
5350e0fc97 avcodec/iff: rewrite out of bounds checking in writer
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2016-05-15 16:35:47 +02:00
Paul B Mahol
51a1c1c6ac avcodec/iff: check for end of buffer in input for delta_l decompression
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2016-05-14 14:29:59 +02:00
Paul B Mahol
01ead2a639 avcodec/iff: implement 3rd delta ANIM decompression
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2016-05-13 23:28:19 +02:00
Paul B Mahol
17ea1cd559 avcodec/iff: change delta l offset to uint32_t
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2016-05-13 14:02:59 +02:00
Paul B Mahol
cb928fc448 lavc: add IFF ANIM decoder
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2016-05-13 00:24:48 +02:00
Alexandra Hájková
5c31eaa999 Remove unnecessary get_bits.h #includes and add missing headers where needed.
Signed-off-by: Diego Biurrun <diego@biurrun.de>
2016-05-04 15:14:14 +02:00
Andreas Cadhalpun
ec0275843d avcodec: remove leftover iff_byterun1 decoder
It was merged with the iff_ilbm decoder in commit
929a24efff.

Define AV_CODEC_ID_IFF_BYTERUN1 as AV_CODEC_ID_IFF_ILBM for API
compatibility.

Reviewed-by: Ronald S. Bultje <rsbultje@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2015-10-12 00:21:13 +02:00
Michael Niedermayer
29d147c94d Merge commit '059a934806d61f7af9ab3fd9f74994b838ea5eba'
* commit '059a934806d61f7af9ab3fd9f74994b838ea5eba':
  lavc: Consistently prefix input buffer defines

Conflicts:
	doc/examples/decoding_encoding.c
	libavcodec/4xm.c
	libavcodec/aac_adtstoasc_bsf.c
	libavcodec/aacdec.c
	libavcodec/aacenc.c
	libavcodec/ac3dec.h
	libavcodec/asvenc.c
	libavcodec/avcodec.h
	libavcodec/avpacket.c
	libavcodec/dvdec.c
	libavcodec/ffv1enc.c
	libavcodec/g2meet.c
	libavcodec/gif.c
	libavcodec/h264.c
	libavcodec/h264_mp4toannexb_bsf.c
	libavcodec/huffyuvdec.c
	libavcodec/huffyuvenc.c
	libavcodec/jpeglsenc.c
	libavcodec/libxvid.c
	libavcodec/mdec.c
	libavcodec/motionpixels.c
	libavcodec/mpeg4videodec.c
	libavcodec/mpegvideo.c
	libavcodec/noise_bsf.c
	libavcodec/nuv.c
	libavcodec/nvenc.c
	libavcodec/options.c
	libavcodec/parser.c
	libavcodec/pngenc.c
	libavcodec/proresenc_kostya.c
	libavcodec/qsvdec.c
	libavcodec/svq1enc.c
	libavcodec/tiffenc.c
	libavcodec/truemotion2.c
	libavcodec/utils.c
	libavcodec/utvideoenc.c
	libavcodec/vc1dec.c
	libavcodec/wmalosslessdec.c
	libavformat/adxdec.c
	libavformat/aiffdec.c
	libavformat/apc.c
	libavformat/apetag.c
	libavformat/avidec.c
	libavformat/bink.c
	libavformat/cafdec.c
	libavformat/flvdec.c
	libavformat/id3v2.c
	libavformat/isom.c
	libavformat/matroskadec.c
	libavformat/mov.c
	libavformat/mpc.c
	libavformat/mpc8.c
	libavformat/mpegts.c
	libavformat/mvi.c
	libavformat/mxfdec.c
	libavformat/mxg.c
	libavformat/nutdec.c
	libavformat/oggdec.c
	libavformat/oggparsecelt.c
	libavformat/oggparseflac.c
	libavformat/oggparseopus.c
	libavformat/oggparsespeex.c
	libavformat/omadec.c
	libavformat/rawdec.c
	libavformat/riffdec.c
	libavformat/rl2.c
	libavformat/rmdec.c
	libavformat/rtpdec_latm.c
	libavformat/rtpdec_mpeg4.c
	libavformat/rtpdec_qdm2.c
	libavformat/rtpdec_svq3.c
	libavformat/sierravmd.c
	libavformat/smacker.c
	libavformat/smush.c
	libavformat/spdifenc.c
	libavformat/takdec.c
	libavformat/tta.c
	libavformat/utils.c
	libavformat/vqf.c
	libavformat/westwood_vqa.c
	libavformat/xmv.c
	libavformat/xwma.c
	libavformat/yop.c

Merged-by: Michael Niedermayer <michael@niedermayer.cc>
2015-07-27 23:15:19 +02:00
Michael Niedermayer
444e9874a7 Merge commit 'def97856de6021965db86c25a732d78689bd6bb0'
* commit 'def97856de6021965db86c25a732d78689bd6bb0':
  lavc: AV-prefix all codec capabilities

Conflicts:
	cmdutils.c
	ffmpeg.c
	ffplay.c
	libavcodec/8svx.c
	libavcodec/aacenc.c
	libavcodec/ac3dec.c
	libavcodec/adpcm.c
	libavcodec/alac.c
	libavcodec/atrac3plusdec.c
	libavcodec/bink.c
	libavcodec/dnxhddec.c
	libavcodec/dvdec.c
	libavcodec/dvenc.c
	libavcodec/ffv1dec.c
	libavcodec/ffv1enc.c
	libavcodec/fic.c
	libavcodec/flacdec.c
	libavcodec/flacenc.c
	libavcodec/flvdec.c
	libavcodec/fraps.c
	libavcodec/frwu.c
	libavcodec/gifdec.c
	libavcodec/h261dec.c
	libavcodec/hevc.c
	libavcodec/iff.c
	libavcodec/imc.c
	libavcodec/libopenjpegdec.c
	libavcodec/libvo-aacenc.c
	libavcodec/libvorbisenc.c
	libavcodec/libvpxdec.c
	libavcodec/libvpxenc.c
	libavcodec/libx264.c
	libavcodec/mjpegbdec.c
	libavcodec/mjpegdec.c
	libavcodec/mpegaudiodec_float.c
	libavcodec/msmpeg4dec.c
	libavcodec/mxpegdec.c
	libavcodec/nvenc_h264.c
	libavcodec/nvenc_hevc.c
	libavcodec/pngdec.c
	libavcodec/qpeg.c
	libavcodec/ra288.c
	libavcodec/rv10.c
	libavcodec/s302m.c
	libavcodec/sp5xdec.c
	libavcodec/takdec.c
	libavcodec/tiff.c
	libavcodec/tta.c
	libavcodec/utils.c
	libavcodec/v210dec.c
	libavcodec/vp6.c
	libavcodec/vp9.c
	libavcodec/wavpack.c
	libavcodec/yop.c

Merged-by: Michael Niedermayer <michael@niedermayer.cc>
2015-07-27 22:50:18 +02:00
Vittorio Giovara
059a934806 lavc: Consistently prefix input buffer defines
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
2015-07-27 15:24:59 +01:00
Vittorio Giovara
def97856de lavc: AV-prefix all codec capabilities
Express bitfields more simply.

Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
2015-07-27 15:24:58 +01:00
Michael Niedermayer
a94eba6f0c Merge commit '7f9f771eac0d37a632e0ed9bd89961d57fcfb7e0'
* commit '7f9f771eac0d37a632e0ed9bd89961d57fcfb7e0':
  avcodec: Don't anonymously typedef structs

Conflicts:
	libavcodec/alac.c
	libavcodec/cinepak.c
	libavcodec/cscd.c
	libavcodec/dcadec.c
	libavcodec/g723_1.c
	libavcodec/gif.c
	libavcodec/iff.c
	libavcodec/kgv1dec.c
	libavcodec/libopenjpegenc.c
	libavcodec/libspeexenc.c
	libavcodec/ra288.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2015-02-14 21:18:17 +01:00
Diego Biurrun
7f9f771eac avcodec: Don't anonymously typedef structs 2015-02-14 10:13:49 -08:00
Michael Niedermayer
3539d6c63a avcodec/iff: check pixfmt for rgb8 / rgbn
Fixes out of array access

Found-by: Piotr Bandurski <ami_stuff@o2.pl>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-08-10 22:05:55 +02:00
Michael Niedermayer
9bcdb98839 avcodec/iff: Factorize av_pix_fmt_desc_get() out
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-08-10 21:53:39 +02:00