1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-13 21:28:01 +02:00
Commit Graph

116366 Commits

Author SHA1 Message Date
Michael Niedermayer
139bf41246
avformat/mm: Check length
Fixes: CID1220824 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-21 16:41:32 +02:00
Michael Niedermayer
291356f58b
avformat/hnm: Check *chunk_size
Fixes: CID1604419 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-21 16:41:23 +02:00
Michael Niedermayer
7e577165c1
avformat/hlsenc: Check ret
Fixes: CID1609624 Unused value

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-21 16:41:11 +02:00
Michael Niedermayer
bf61f811e7
avformat/bintext: Check avio_size() return
Fixes: CID1604503 Overflowed constant
Fixes: CID1604566 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-21 16:40:49 +02:00
Michael Niedermayer
891bc070f0
avformat/asfdec_o: Check size of index object
We subtract 24 so it must be at least 24

Fixes: CID1604482 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-21 16:40:48 +02:00
Michael Niedermayer
2a8fb3c2cc
avfilter/vf_scale: Check ff_scale_adjust_dimensions() for failure
Helps: CID1513722 Operands don't affect result

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-21 16:34:31 +02:00
Michael Niedermayer
ad9df8bcfe
avfilter/scale_eval: Use 64bit, check values in ff_scale_adjust_dimensions()
Found by reviewing CID1513722 Operands don't affect result

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-21 16:34:30 +02:00
Michael Niedermayer
6db4e326c2
avfilter/vf_neighbor_opencl: Use AV_PIX_MAX_PLANES
Fix/Robustness/whatever: CID1439575 Out-of-bounds read

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-21 16:34:29 +02:00
Michael Niedermayer
ace2e25720
avfilter/vf_lut3d: Check av_scanf()
Fixes: CID1604398 Unchecked return value
Fixes: CID1604542 Unchecked return value

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-21 16:34:28 +02:00
Michael Niedermayer
64aa233a88
avfilter/vf_fftfilt: Remove dead depth code
Fixes: CID1509373 Logically dead code

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-21 16:34:27 +02:00
Michael Niedermayer
2af95b9214
avfilter/vf_elbg: Use unsigned for shifting into the top bit
Fixes: part of CID1355110 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-21 16:34:25 +02:00
Michael Niedermayer
05e21b8902
avfilter/vf_premultiply: Use AV_PIX_MAX_PLANES
Helps: CID1435164 Out-of-bounds read
Helps: CID1435165 Out-of-bounds read
Helps: CID1435167 Out-of-bounds read
Helps: CID1435169 Out-of-bounds read

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-21 15:57:43 +02:00
Michael Niedermayer
9385847af4
avfilter/vf_deshake_opencl: Ensure that the first iteration initializes the best variables
Fixes: CID1452759 Uninitialized scalar variable

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-21 15:52:09 +02:00
Michael Niedermayer
c37dc63c7d
avfilter/vf_deshake_opencl: Use AV_VIDEO_MAX_PLANES
Fixes: CID1452758 Out-of-bounds read (actual out of bounds access depends on a frame with more than 3 planes)

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-21 15:52:08 +02:00
Michael Niedermayer
9b9e02f2ff
avformat/iamf_parse: Check for negative sample sizes
Fixes: index -2 out of bounds for type 'const enum AVCodecID [3]'
Fixes: 69866/clusterfuzz-testcase-minimized-ffmpeg_dem_IAMF_fuzzer-4971166119821312

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-21 15:35:08 +02:00
Michael Niedermayer
bcab9789ef
swscale/output: Fix integer overflows in yuv2rgba64_X_c_template
Fixes: signed integer overflow: -1082982400 + -1068681048 cannot be represented in type 'int'
Fixes: 69995/clusterfuzz-testcase-minimized-ffmpeg_SWS_fuzzer-6285740271534080

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-21 15:35:08 +02:00
Michael Niedermayer
d8d288479d
avformat/mxfdec: Reorder elements of expression in bisect loop
Fixes: signed integer overflow: 9223372036854775807 - -1 cannot be represented in type 'long'
Fixes: 68578/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-6032171648221184

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-21 15:29:25 +02:00
Michael Niedermayer
d5ca373d7e
avutil/timecode: Use a 64bit framenum internally
Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 68550/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-6424065930756096

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-21 15:29:25 +02:00
Mark Thompson
7110a36ba0
cbs_av1: Reject thirty-two zero bits in uvlc code
The spec allows at least thirty-two zero bits followed by a one to mean
2^32-1, with no constraint on the number of zeroes.  The libaom
reference decoder does not match this, instead reading thirty-two zeroes
but not the following one to mean 2^32-1.  These two interpretations are
incompatible and other implementations may follow one or the other.
Therefore reject thirty-two zeroes because the intended behaviour is not
clear.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-21 15:29:25 +02:00
Michael Niedermayer
3faadbe2a2
avcodec/pnmdec: Use 64bit for input size check
Fixes: out of array read
Fixes: poc3

Reported-by: VulDB CNA Team
Found-by: CookedMelon
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-21 15:29:24 +02:00
Michael Niedermayer
167bf8f61e
avformat/mov: Check extradata in mov_read_iacb()
Fixes: MemLeak
Fixes: 69853/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-4660448545275904

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-21 15:29:24 +02:00
Tong Wu
5c8523cef1 lavc/hw_base_encode: correct the timestamp when input_order = decode_delay
Fixed the command line: ffmpeg -hwaccel vaapi -pix_fmt nv12 -s:v
widthxheight -i input.yuv -vf "hwupload" -c:v hevc_vaapi -bf 10 -b_depth 3
-vframes 3 -f null -

Signed-off-by: Tong Wu <wutong1208@outlook.com>
2024-07-20 11:21:36 +02:00
James Almer
2aab4e4cc0 avformat/iamf_writer: disallow Opus extradata with mapping family other than 0
Clause 3.11.1 of IAMF[1] states the Opus ID Header should conform to  ChannelMappingFamily == 0.

[1]https://aomediacodec.github.io/iamf/#opus-specific

Signed-off-by: James Almer <jamrial@gmail.com>
2024-07-19 21:07:32 -03:00
James Almer
9ce065c90d avformat/iamf_parse: sanitize audio_roll_distance values
Ensure the values are spec complaint and that no integer overflow can happen.

Signed-off-by: James Almer <jamrial@gmail.com>
2024-07-19 21:07:32 -03:00
Leo Izen
e30bc8a963
fate/png: add mDCv and cLLi read and write test
This test confirms that we can write mDCv and cLLi chunks and read them
back via the png decoder. It uses an HEVC conformance sample with this
metadata as the base source for the side data in the frames.

Signed-off-by: Leo Izen <leo.izen@gmail.com>
Reported-by: Jan Ekström <jeebjp@gmail.com>
Reviewed-by: Jan Ekström <jeebjp@gmail.com>
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2024-07-19 11:30:19 -04:00
James Almer
97fd5d3363 checkasm/lls: increase epsilon value for the update_lls test
Should fix failures for some seeds on x86_32.

Signed-off-by: James Almer <jamrial@gmail.com>
2024-07-19 09:24:59 -03:00
James Almer
7dabad079b avformat/iamf: byteswap values in OpusHeader
Clause 3.11.1 of IAMF[1] states the values are stored in big endian, in
contrast to the Ogg Encapsulation for Opus[2] where they are in little endian.

[1]https://aomediacodec.github.io/iamf/v1.0.0-errata.html#opus-specific
[2]https://datatracker.ietf.org/doc/html/rfc7845#section-5.1

Signed-off-by: James Almer <jamrial@gmail.com>
2024-07-18 23:27:20 -03:00
James Almer
54b8d5e201 avformat/iamf: rename Codec Config seek_preroll to audio_roll_distance
The semantics for the field are different than the one in AVCodecParameters,
so use the name defined in the IAMF spec to prevent confusion.

Signed-off-by: James Almer <jamrial@gmail.com>
2024-07-18 23:27:20 -03:00
Felicia Lim
2094f40295 avformat/iamf_writer: fix coded audio_roll_distance values
'seek_preroll' corresponds to 'audio_roll_distance' in IAMF[1]

[1]https://aomediacodec.github.io/iamf/v1.0.0-errata.html#audio_roll_distance

Signed-off-by: James Almer <jamrial@gmail.com>
2024-07-18 23:27:20 -03:00
Felicia Lim
709a5687ed avformat/iamf_writer: fix PCM endian-ness flag
The value was swapped from what's defined in clause 3.11.4 of IAMF[1]

[1]https://aomediacodec.github.io/iamf/#lpcm-specific

Signed-off-by: James Almer <jamrial@gmail.com>
2024-07-18 23:27:20 -03:00
Felicia Lim
180c869faf avformat/movenc: fix channel count and samplerate fields for IAMF tracks
Clause 6.2.3 of IAMF[1] states both of these shall be set to 0.

[1]https://aomediacodec.github.io/iamf/v1.0.0-errata.html#iasampleentry-section

Signed-off-by: James Almer <jamrial@gmail.com>
2024-07-18 23:27:20 -03:00
James Almer
3de65f47e0 avformat/mov: don't export frame cropping stream side data when the clap box is a no-op
Signed-off-by: James Almer <jamrial@gmail.com>
2024-07-18 23:27:20 -03:00
James Almer
2ff7d10c30 fftools/ffmpeg_filter: use the correct specifier for crop arguments
Signed-off-by: James Almer <jamrial@gmail.com>
2024-07-18 23:27:20 -03:00
Leo Izen
90e28331c7
avcodec/png: more informative error message for invalid sBIT size
If the sBIT chunk size is invalid, we should print a more informative
error message rather than return an error and print nothing.

Signed-off-by: Leo Izen <leo.izen@gmail.com>
2024-07-18 21:20:38 -04:00
Leo Izen
4225f51c62
avcodec/pngdec: avoid erroring with sBIT on indexed-color images
Indexed color images use three colors for sBIT, but the function
ff_png_get_nb_channels returns 1 in this case. We should avoid erroring
out on valid files in this scenario.

Regression since 84b454935f.

Signed-off-by: Leo Izen <leo.izen@gmail.com>
Reported-by: Ramiro Polla <ramiro.polla@gmail.com>
Reviewed-by: Marton Balint <cus@passwd.hu>
2024-07-18 21:16:18 -04:00
Rémi Denis-Courmont
483fd732ab lavc/h264dsp: R-V V high-depth idct_add{,intra}16, idct8_add4
As with 8-bit, this tends to be faster, but results are all over the
place due to the variable distribution of non-zero coefficients.
2024-07-18 20:37:09 +03:00
James Almer
90672974bd fftools/ffmpeg_demux: don't insert the crop filter if frame cropping side data defines no cropping
Signed-off-by: James Almer <jamrial@gmail.com>
2024-07-18 09:50:36 -03:00
J. Dekker
fa5a605542 avcodec/riscv: add h264 dc idct rvv
checkasm: bench runs 131072 (1 << 17)
h264_idct4_add_dc_8bpp_c: 1.5
h264_idct4_add_dc_8bpp_rvv_i64: 0.7
h264_idct4_add_dc_9bpp_c: 1.5
h264_idct4_add_dc_9bpp_rvv_i64: 0.7
h264_idct4_add_dc_10bpp_c: 1.5
h264_idct4_add_dc_10bpp_rvv_i64: 0.7
h264_idct4_add_dc_12bpp_c: 1.2
h264_idct4_add_dc_12bpp_rvv_i64: 0.7
h264_idct4_add_dc_14bpp_c: 1.2
h264_idct4_add_dc_14bpp_rvv_i64: 0.7
h264_idct8_add_dc_8bpp_c: 5.2
h264_idct8_add_dc_8bpp_rvv_i64: 1.5
h264_idct8_add_dc_9bpp_c: 5.5
h264_idct8_add_dc_9bpp_rvv_i64: 1.2
h264_idct8_add_dc_10bpp_c: 5.5
h264_idct8_add_dc_10bpp_rvv_i64: 1.2
h264_idct8_add_dc_12bpp_c: 4.2
h264_idct8_add_dc_12bpp_rvv_i64: 1.2
h264_idct8_add_dc_14bpp_c: 4.2
h264_idct8_add_dc_14bpp_rvv_i64: 1.2

Signed-off-by: J. Dekker <jdek@itanimul.li>
2024-07-18 02:47:30 +02:00
Zhao Zhili
b3aeef3bf9 avcodec/vvc: Remove write-only assignments in alf_filter_chroma 2024-07-17 21:23:41 +08:00
Zhao Zhili
8bac9d4a21 avcodec/vvc: Remove NOP condition check in alf_filter_luma
If (y + i == vb_above) or (y + i == vb_below), the if body has no
operation.
2024-07-17 21:23:41 +08:00
Michael Niedermayer
0993ef675f
avcodec/mpeg12enc: Use av_rescale() in vbv_buffer_size computation
Fixes: signed integer overflow: 20 * 2314885530818453759 cannot be represented in type 'long'
Fixes: 69098/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG2VIDEO_fuzzer-6107989688778752

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-16 19:03:50 +02:00
Michael Niedermayer
69e90491f1
avcodec/utvideoenc: Use unsigned shift to build flags
Fixes: left shift of 255 by 24 places cannot be represented in type 'int'
Fixes: 69083/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_UTVIDEO_fuzzer-5608202363273216

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-16 19:03:50 +02:00
Michael Niedermayer
a84fbd7471
avcodec/j2kenc: Merge dwt_norm into lambda
This moves computations out of a loop

This may help with UB in vsynth*-jpeg2000-yuva444p16

Fixes: signed integer overflow: 31665934879948800 * 9998 cannot be represented in type 'long'
Fixes: 69024/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5949662967169024

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-16 19:03:50 +02:00
Michael Niedermayer
8a4e5e0e15
tools/target_dec_fuzzer: Adjust threshold for RV30
Fixes: Timeout
Fixes: 69216/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RV30_fuzzer-5808725188214784

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-16 18:43:15 +02:00
Michael Niedermayer
664fbfb9ac
avcodec/mscc: move frame allocates to later
Fixes: Timeout
Fixes: 66964/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SRGC_fuzzer-5413170363564032
Fixes: 69373/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSCC_fuzzer-5239787748392960

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-16 18:43:15 +02:00
James Almer
b248dace92
avformat/iamf_parse: keep substream count consistent
Fixes: member access within null pointer of type 'IAMFSubStream' (aka 'struct IAMFSubStream')
Fixes: 69795/clusterfuzz-testcase-minimized-ffmpeg_dem_IAMF_fuzzer-6216287009701888

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-16 18:43:14 +02:00
Michael Niedermayer
7147c3c911
avcodec/ratecontrol: Handle wanted bits overflow
Fixes: 5.92611e+20 is outside the range of representable values of type 'unsigned long'
Fixes: 68984/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-5155755073273856

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-16 18:43:14 +02:00
Michael Niedermayer
af99358353
avcodec/vc2enc: Fix overflows with storing large values
Fixes: left shift of 1431634944 by 2 places cannot be represented in type 'int'
Fixes: left shift of 1073741824 by 1 places cannot be represented in type 'int'
Fixes: 69061/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC2_fuzzer-6325700826038272

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-07-16 18:43:14 +02:00
Zhao Zhili
8ca60e14d2 configure: Fix Apple framework dependencies in .pc file
configure use "-Wl,-framework,foo" and "-framework foo" to specify
dependencies on Apple frameworks. These two styles essentially do
the same thing when build ffmpeg. However, they do make difference
when generate pkg-config files. Some tools interact with pkg-config
cannot handle "-Wl,-framework,foo" in Libs field, e.g., cmake with
pkg_check_modules.

Signed-off-by: Zhao Zhili <zhilizhao@tencent.com>
2024-07-16 22:50:41 +08:00
Zhao Zhili
cb9c98da16 avformat/file: guard fd_dup by FD_PROTOCOL or PIPE_PROTOCOL
fd_dup is unused when fd and pipe have been disabled. This also
fix build error with wasi since 'dup' isn't available.

Signed-off-by: Zhao Zhili <zhilizhao@tencent.com>
2024-07-16 22:50:21 +08:00