FFmpeg

mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-11-26 19:01:44 +02:00

Author	SHA1	Message	Date
Michael Niedermayer	5aba5b89d0	avcodec/mpeg4videodec: Check for bitstream end in read_quant_matrix_ext() Fixes: out of array read Fixes: asff-crash-0e53d0dc491dfdd507530b66562812fbd4c36678 Found-by: Paul Ch <paulcher@icloud.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-07-04 23:14:24 +02:00
Michael Niedermayer	bd27a9364c	avcodec/mpeg4videodec: Remove use of FF_PROFILE_MPEG4_SIMPLE_STUDIO as indicator of studio profile The profile field is changed by code inside and outside the decoder, its not a reliable indicator of the internal codec state. Maintaining it consistency with studio_profile is messy. Its easier to just avoid it and use only studio_profile Fixes: assertion failure Fixes: ffmpeg_crash_9.avi Found-by: Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu with AFLSmart Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-07-04 12:11:36 +02:00
Michael Niedermayer	2aa9047486	avcodec/mpeg4videodec: Check read profile before setting it Fixes: null pointer dereference Fixes: ffmpeg_crash_7.avi Found-by: Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu with AFLSmart Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-28 21:35:01 +02:00
Michael Niedermayer	2fc108f60f	avcodec/mpeg4videodec: Clear bits_per_raw_sample if it has originated from a previous instance Fixes: assertion failure Fixes: ffmpeg_crash_5.avi Found-by: Thuan Pham <thuanpv@comp.nus.edu.sg>, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu with AFLSmart Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-06-13 21:55:19 +02:00
Michael Niedermayer	ba97d75ac6	avcodec/mpeg4video: Detect reference studio streams as studio streams Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-05-17 02:23:06 +02:00
Michael Niedermayer	b3a18511cc	avcodec/mpeg4videodec: Check bps (VOL header) before VOP for studio profile Fixes: runtime error: shift exponent -1 is negative Fixes: 7486/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-4977380939530240 Fixes: runtime error: index 36 out of bounds for type 'const uint8_t [32]' Fixes: 7566/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-6536620682510336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-05-17 02:23:06 +02:00
Michael Niedermayer	9e5d0860c0	avcodec/mpeg4videodec: Do not corrupt bits_per_raw_sample Reviewed-by: Kieran Kunhya <kierank@obe.tv> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-05-17 02:23:06 +02:00
Michael Niedermayer	9f73ae31e0	avcodec/mpeg4videode: Eliminate out of loop VOP startcode reading for studio profile Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-05-17 02:23:06 +02:00
Michael Niedermayer	177133a0f4	avcodec/mpeg4videodec: Split decode_studio_vol_header() out of decode_studiovisualobject() Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-05-03 17:33:51 +02:00
Michael Niedermayer	e03bf251d8	avcodec/mpeg4videodec: Move decode_studiovisualobject() parsing in the branch for visual object parsing Fixes: runtime error: shift exponent -1 is negative Fixes: 7510/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5024523356209152 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-05-03 17:33:51 +02:00
James Almer	2f27370111	avcodec/mpeg4videodec: unbreak multithreading decoding Should fix double free related crashes. Signed-off-by: James Almer <jamrial@gmail.com>	2018-04-04 11:09:11 -03:00
James Almer	a866cc3ad3	avcodec/mpeg4videodec: free studio profile VLCs when closing the decoder Fixes memleaks. Signed-off-by: James Almer <jamrial@gmail.com>	2018-04-04 00:45:16 -03:00
Kieran Kunhya	f9d3841ae6	mpeg4video: Add support for MPEG-4 Simple Studio Profile. This is a profile supporting > 8-bit video and has a higher quality DCT	2018-04-02 13:06:23 +01:00
Michael Niedermayer	db77230894	avcodec/mpeg4videodec: Use more specific error codes Forward error codes where possible. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-03-26 02:17:13 +02:00
Michael Niedermayer	63a4bdbf3b	avcodec/mpeg4videodec: Ignore multiple VOL headers Fixes: Ticket7005 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-02-11 12:06:04 +01:00
Michael Niedermayer	d4967c04e0	avcodec/mpeg4videodec: Avoid possibly aliasing violating casts Found-by: kierank Reviewed-by: Kieran Kunhya <kieran618@googlemail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-01-29 04:11:28 +01:00
Michael Niedermayer	05f4703a16	avcodec/mpeg4videodec: Check mb_num also against 0 The spec implies that 0 is invalid in addition to the existing checks Found-by: <kierank> Reviewed-by: Kieran Kunhya <kieran618@googlemail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-01-29 04:11:28 +01:00
Mark Thompson	e6a1dfc9ce	mpeg4videodec: Fix unused variable warning video_format is not used.	2017-12-26 17:25:46 +00:00
Michael Niedermayer	4b2a186ef0	avcodec/mpeg4videodec: Add support for parsing and exporting video_range Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-12-21 19:48:41 +01:00
James Almer	921d7af6e9	avcodec/mpeg4videodec: fix preprocessor check for the nvdec hwaccel Signed-off-by: James Almer <jamrial@gmail.com>	2017-11-26 22:21:20 -03:00
Mark Thompson	758fbc54fe	lavc: Add hardware config metadata for decoders supporting hardware output This includes a pointer to the associated hwaccel for decoders using hwaccels - these will be used later to implement the hwaccel setup without needing a global list. Also added is a new file listing all hwaccels as external declarations - this will be used later to generate the hwaccel list at configure time.	2017-11-26 21:35:53 +00:00
Michael Niedermayer	0e7865ce41	avcodec/mpeg4videodec: Check also for negative versions in the validity check Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-11-21 21:24:08 +01:00
Dale Curtis	7010dd98b5	Fix undefined shift on assumed 8-bit input. decode_user_data() attempts to create an integer \|build\| value with 8 bits of spacing for 3 components. However each component is an int32_t, so shifting each component is undefined for values outside of the 8 bit range. This patch simply clamps input to 8-bits per component and prints out a warning that the values were clamped. Signed-off-by: Dale Curtis <dalecurtis@chromium.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-11-21 03:13:03 +01:00
James Almer	e621b1ca64	Merge commit '97cfe1d8bd1968143e2ba9aa46ebe9504a835e24' * commit '97cfe1d8bd1968143e2ba9aa46ebe9504a835e24': Convert all AVClass struct declarations to designated initializers. Merged-by: James Almer <jamrial@gmail.com>	2017-11-01 20:05:09 -03:00
James Almer	af0505ed95	Merge commit '6ac0e7818399a57e4684202bac79f35b3561ad1e' * commit '6ac0e7818399a57e4684202bac79f35b3561ad1e': mpeg4videodec: raise an error if sprite_trajectory.table is NULL Merged-by: James Almer <jamrial@gmail.com>	2017-10-26 16:19:43 -03:00
James Almer	b773a8d8c1	Merge commit 'dd343fd986459f467a2d1d70c26101dff1d47d68' * commit 'dd343fd986459f467a2d1d70c26101dff1d47d68': lavu: Drop deprecated VDPAU pixel formats Merged-by: James Almer <jamrial@gmail.com>	2017-10-23 18:15:49 -03:00
Michael Niedermayer	e38f280fec	avcodec/mpeg4videodec: Use 64 bit intermediates for sprite delta Fixes: runtime error: signed integer overflow: -104713 * 65536 cannot be represented in type 'int' Fixes: 3453/clusterfuzz-testcase-minimized-5555554657239040 Fixes: 3528/clusterfuzz-testcase-minimized-6283628420005888 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-10-10 23:58:40 +02:00
Michael Niedermayer	7735ed2974	avcodec/mpeg4videodec: Clear mcsel before decoding an image Fixes: runtime error: signed integer overflow: 2146467840 + 1032192 cannot be represented in type 'int' Fixes: 2826/clusterfuzz-testcase-minimized-5901511613743104 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-08-11 12:07:16 +02:00
Michael Niedermayer	4976a3411f	avcodec/mpeg4videodec: Fix GMC with videos of dimension 1 Fixes: runtime error: shift exponent -1 is negative Fixes: 2338/clusterfuzz-testcase-minimized-5153426541379584 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-24 14:48:13 +02:00
Michael Niedermayer	5443c4bdf4	avcodec/mpeg4videodec: Fix overflow in virtual_ref computation Fixes: runtime error: signed integer overflow: 262144 * -16120 cannot be represented in type 'int' Fixes: 2292/clusterfuzz-testcase-minimized-6156080415506432 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-21 02:25:23 +02:00
Michael Niedermayer	12245ab1f6	avcodec/mpeg4videodec: Check sprite delta upshift against overflowing. Fixes: runtime error: signed integer overflow: -268386304 * 16 cannot be represented in type 'int' Fixes: 2204/clusterfuzz-testcase-minimized-5616756909408256 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-15 00:16:20 +02:00
Michael Niedermayer	0a87be404a	avcodec/mpeg4videodec: Fix integer overflow in num_sprite_warping_points=2 case Fixes: runtime error: signed integer overflow: 131072 + 2147352576 cannot be represented in type 'int' Fixes: 2192/clusterfuzz-testcase-minimized-5370387988742144 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-15 00:16:20 +02:00
Michael Niedermayer	18bca25adb	avcodec/mpeg4videodec: Fix runtime error: signed integer overflow: 53098 * 40448 cannot be represented in type 'int' Fixes: 2106/clusterfuzz-testcase-minimized-6136503639998464 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-06 16:54:50 +02:00
Michael Niedermayer	efeb47fd5d	avcodec/mpeg4videodec: Check for multiple VOL headers Fixes multiple: runtime error: signed integer overflow: 2147115008 + 413696 cannot be represented in type 'int' Fixes: 1723/clusterfuzz-testcase-minimized-5309409372667904 Fixes: 1727/clusterfuzz-testcase-minimized-5900685306494976 Fixes: 1737/clusterfuzz-testcase-minimized-5922321338466304 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-05-21 16:05:20 +02:00
Michael Niedermayer	467677769a	avcodec/mpeg4videodec: Clear sprite wraping on unsupported cases in VOP decode Fixes: Integer overflow Fixes: 1572/clusterfuzz-testcase-minimized-4578773729017856 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-05-14 16:47:58 +02:00
Michael Niedermayer	c1c3a14073	libavcodec/mpeg4videodec: Convert sprite_offset to 64bit This avoids intermediates from overflowing (the final values are checked) Fixes: runtime error: signed integer overflow: -167712 + -2147352576 cannot be represented in type 'int' Fixes: 1298/clusterfuzz-testcase-minimized-5955580877340672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-05-04 19:49:45 +02:00
Sean McGovern	6ac0e78183	mpeg4videodec: raise an error if sprite_trajectory.table is NULL CC: libav-stable@libav.org Bug-Id: 1012	2017-04-05 17:23:39 -04:00
Michael Niedermayer	e2a4f1a9eb	avcodec/mpeg4videodec: Fix runtime error: signed integer overflow: -135088512 * 16 cannot be represented in type 'int' Fixes: 736/clusterfuzz-testcase-5580263943831552 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-03-09 23:28:10 +01:00
Michael Niedermayer	fab13bbbcd	avcodec/mpeg4videodec: Fix runtime error: signed integer overflow: 134527392 * 16 cannot be represented in type 'int' This checks the sprite delta intermediates for overflow Fixes: 716/clusterfuzz-testcase-4890287480504320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-03-05 12:01:41 +01:00
Michael Niedermayer	eb41956636	avcodec/mpeg4videodec: Improve the overflow checks in mpeg4_decode_sprite_trajectory() Also clear the state on errors Fixes integer overflows in 701/clusterfuzz-testcase-6594719951880192 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-03-04 03:05:15 +01:00
Michael Niedermayer	25e93aacc2	avcodec/mpeg4videodec: Fix runtime error: left shift of negative value -2650 Fixes: 674/clusterfuzz-testcase-6713275880308736 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-28 01:13:52 +01:00
Michael Niedermayer	76ba09d182	avcodec/mpeg4videodec: Check the other 3 sprite points for intermediate overflows This is not necessarily specific to fuzzed files Fixes: Multiple integer overflows Fixes: 656/clusterfuzz-testcase-6463814516080640 Fixes: 658/clusterfuzz-testcase-6691260146384896 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-24 00:38:45 +01:00
Michael Niedermayer	6871df02d9	avcodec/mpeg4videodec: Check sprite_offset in addition to shifts Fixes: 651/clusterfuzz-testcase-5710668915277824 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-22 22:29:03 +01:00
Michael Niedermayer	6179dc8aa7	avcodec/mpeg4video: Fix runtime error: left shift of negative value Fixes: 644/clusterfuzz-testcase-4726434209726464 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-22 02:42:48 +01:00
Michael Niedermayer	aa2b75263e	avcodec/mpeg4videodec: Fix runtime error: shift exponent -2 is negative Fixes: 612/clusterfuzz-testcase-4707817137111040 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-19 21:49:03 +01:00
Anton Khirnov	fd9212f2ed	Mark some arrays that never change as const.	2017-02-01 10:42:59 +01:00
Michael Niedermayer	cde007dcd3	avcodec: Add FF_CODEC_CAP_SKIP_FRAME_FILL_PARAM to most h263 based codecs Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-01-21 02:30:38 +01:00
Michael Niedermayer	8258e36385	avcodec/mpeg4videodec: Fix undefined shifts in mpeg4_decode_sprite_trajectory() Fixes: part of 670190.ogg Found-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-09 17:44:54 +01:00
Michael Niedermayer	2c9106257f	avcodec/mpeg4videodec: Workaround interlaced mpeg4 edge MC bug Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-11-17 12:21:48 +01:00
Clément Bœsch	6c98398b0b	lavc/get_bits: add a logging context to check_marker() Based on `d338abb664`	2016-06-22 20:07:49 +02:00

1 2 3 4 5 ...

294 Commits