FFmpeg

mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-03-23 04:24:35 +02:00

Author	SHA1	Message	Date
Michael Niedermayer	2661025679	avcodec/shorten: Fix integer overflow with offset Fixes: signed integer overflow: -1625810908 - 582229060 cannot be represented in type 'int' Fixes: 10977/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5732602018267136 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2f888771cd1ce8d68d4b18a1009650c1f260aaf2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-11-16 13:18:23 +01:00
Michael Niedermayer	3c3b437d79	avcodec/shorten: Fix bitstream end check in read_header() Fixes: Timeout Fixes: 9961/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5687856176562176 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 28b80c2d52d82eb4f73af5f818dab60946bcf299) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-11-01 00:52:46 +01:00
Michael Niedermayer	298ca73ab1	avcodec/shorten: Fix signed 32bit overflow in shift in shorten_decode_frame() Fixes: runtime error: left shift of 1 by 31 places cannot be represented in type 'int' Fixes: 9480/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-6647324284551168 -rss_limit_mb=2000 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9b604e96a51a1fca92bbabfe4f7ac53f0470ee41) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-11-01 00:52:46 +01:00
Michael Niedermayer	d16d851238	avcodec/shorten: Fix integer overflow in residual/LPC combination Fixes: signed integer overflow: -540538872 + -2012739576 cannot be represented in type 'int' Fixes: 9255/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5758630052757504 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit db7e9082e1a1479c6a8844f7adf77eae03cc2aa7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-11-01 00:52:46 +01:00
Michael Niedermayer	488c246bf5	avcodec/shorten: Check verbatim length Fixes: Timeout Fixes: 9252/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5780720709533696 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7007dabec08f2f9f81661e71ef482dde394e17a8) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-11-01 00:52:46 +01:00
Michael Niedermayer	01a694d482	avcodec/shorten: Fix undefined addition in shorten_decode_frame() Fixes: signed integer overflow: 1139785606 + 1454196085 cannot be represented in type 'int' Fixes: 8937/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-6202943597445120 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3b10bb8772c76177cc47b8d15a6970f19dd11039) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-07-16 19:16:13 +02:00
Michael Niedermayer	739e3ff475	avcodec/shorten: Fix undefined integer overflow Fixes: signed integer overflow: 8454144 * 256 cannot be represented in type 'int' Fixes: 8788/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5728205041303552 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 70832333bba3b915040f415548518e136b44280e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-07-16 19:16:13 +02:00
Michael Niedermayer	3f66c3386c	avcodec/shorten: Fix multiple integer overflows Fixes: signed integer overflow: 3 * 1006632960 cannot be represented in type 'int' Fixes: 8278/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5692857166856192 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f2abd36b3863188894fd21964c662b6c17268bfb) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-07-16 19:06:27 +02:00
Michael Niedermayer	c2d16aafbb	avcodec/shorten: Fix undefined shift in fix_bitshift() Fixes: left shift of negative value -9 Fixes: 8571/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5715966875926528 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 606c7148231404544005c0827b83c165dd6b39a8) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-07-16 19:06:27 +02:00
Michael Niedermayer	b7134d7fb6	avcodec/shorten: Fix a negative left shift in shorten_decode_frame() Fixes: left shift of negative value -9057 Fixes: 8527/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5666853924896768 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a711efe922b2bf1d363bdf7f8357656c3e35021e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-07-16 19:06:27 +02:00
Michael Niedermayer	f51163b166	avcodec/shorten: Sanity check nmeans Fixes: OOM Fixes: 8195/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5179785826271232 The reference software appears to use longs for 32bits and it uses int for nmeans hinting that the intended maximum size was not 32bit. Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d91a0b503d7a886587281bc1ee42476aa5e89f85) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-07-16 19:06:27 +02:00
Michael Niedermayer	8da3d69163	avcodec/shorten: Check non COMM chunk len before skip in decode_aiff_header() Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 8024/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5109204648984576 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 424a81df107b63a166894a4aee3d27702ae3f459) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2018-07-16 19:06:27 +02:00
Michael Niedermayer	0c5eb03aac	avcodec/shorten: Move buffer allocation and offset init to end of read_header() They are time consuming operations, performing them after the other checks improves the speed with damaged input dramatically. Fixes: Timeout Fixes: 2928/clusterfuzz-testcase-4992812120539136 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 380659604f2692b625928a3a76a1c046f473c9f6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-09-12 01:54:00 +02:00
Michael Niedermayer	01ed8d93b2	avcodec/shorten: Sanity check maxnlpc Fixes OOM Fixes: 2131/clusterfuzz-testcase-minimized-4718045157130240 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e77ddd31a8e14bcf5eccd6008d866ae90b4b0d4c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-07-19 15:26:37 +02:00
Michael Niedermayer	2ff5e3f54e	avcodec/shorten: Check k in get_uint() Fixes: undefined shift Fixes: 1371/clusterfuzz-testcase-minimized-5770822591447040 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7b6a51f59c467ab9f4b73122dc269206fb517425) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-05-14 00:21:49 +02:00
Clément Bœsch	e3287077ec	Merge commit '67deba8a416d818f3d95aef0aa916589090396e2' * commit '67deba8a416d818f3d95aef0aa916589090396e2': Use avpriv_report_missing_feature() where appropriate Merged-by: Clément Bœsch <cboesch@gopro.com>	2017-03-31 10:40:34 +02:00
Clément Bœsch	549045254c	Fix all -Wformat warnings raised by DJGPP	2017-03-29 14:49:29 +02:00
Paul B Mahol	20789372da	avcodec/shorten: support decoding AIFF-C variant Signed-off-by: Paul B Mahol <onemda@gmail.com>	2017-02-23 23:03:27 +01:00
Diego Biurrun	67deba8a41	Use avpriv_report_missing_feature() where appropriate	2016-11-08 17:54:34 +01:00
Paul B Mahol	1f62a6e780	avcodec/shorten: make max frame size bigger if custom block size was used Signed-off-by: Paul B Mahol <onemda@gmail.com>	2016-04-27 09:08:45 +02:00
Paul B Mahol	b62ed56e25	avcodec/shorten: properly handle bitshift > 31 Signed-off-by: Paul B Mahol <onemda@gmail.com>	2016-04-11 13:14:55 +02:00
Paul B Mahol	571aa7d25e	avcodec/shorten: mark as AV_CODEC_CAP_SUBFRAMES Signed-off-by: Paul B Mahol <onemda@gmail.com>	2016-04-10 19:54:43 +02:00
Paul B Mahol	0c90b2e013	avcodec/shorten: add support for AIFF packing, not bitexact Also report unsupported packing. Signed-off-by: Paul B Mahol <onemda@gmail.com>	2016-04-09 21:07:10 +02:00
Paul B Mahol	82ee37f1f3	avcodec/shorten: fix decoding of very large (>2048) block sizes Signed-off-by: Paul B Mahol <onemda@gmail.com>	2016-04-09 19:51:16 +02:00
Paul B Mahol	dee138624f	avcodec/shorten: fix decoding of files with number of samples lower than max_frame_size Note that support of very big block sizes is not currently supported at all due too flawed logic in decoder. Signed-off-by: Paul B Mahol <onemda@gmail.com>	2016-04-08 23:45:09 +02:00
Paul B Mahol	c18fdc8692	avcodec/shorten: remove useless if condition and comment, reindent Signed-off-by: Paul B Mahol <onemda@gmail.com>	2016-04-08 23:21:47 +02:00
Paul B Mahol	966d43d778	avcodec/shorten: fix decoding of last frame Previously it would be always discarded. Signed-off-by: Paul B Mahol <onemda@gmail.com>	2016-04-08 22:32:32 +02:00
Paul B Mahol	ae8a13c560	avcodec/shorten: if allocation fails reset max_frame_size Otherwise crash happens. Signed-off-by: Paul B Mahol <onemda@gmail.com>	2016-04-08 09:59:05 +02:00
Paul B Mahol	0c9490609d	avformat: support shorten in nistshpere demuxer Signed-off-by: Paul B Mahol <onemda@gmail.com>	2016-04-07 22:15:41 +02:00
Derek Buitenhuis	1a12eb4a73	Merge commit '29c2d06d67724e994980045afa055c6c34611b30' * commit '29c2d06d67724e994980045afa055c6c34611b30': cosmetics: Drop empty comment lines Merged-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>	2016-02-24 17:31:44 +00:00
Diego Biurrun	29c2d06d67	cosmetics: Drop empty comment lines	2016-02-18 15:35:30 +01:00
Michael Niedermayer	29d147c94d	Merge commit '059a934806d61f7af9ab3fd9f74994b838ea5eba' * commit '059a934806d61f7af9ab3fd9f74994b838ea5eba': lavc: Consistently prefix input buffer defines Conflicts: doc/examples/decoding_encoding.c libavcodec/4xm.c libavcodec/aac_adtstoasc_bsf.c libavcodec/aacdec.c libavcodec/aacenc.c libavcodec/ac3dec.h libavcodec/asvenc.c libavcodec/avcodec.h libavcodec/avpacket.c libavcodec/dvdec.c libavcodec/ffv1enc.c libavcodec/g2meet.c libavcodec/gif.c libavcodec/h264.c libavcodec/h264_mp4toannexb_bsf.c libavcodec/huffyuvdec.c libavcodec/huffyuvenc.c libavcodec/jpeglsenc.c libavcodec/libxvid.c libavcodec/mdec.c libavcodec/motionpixels.c libavcodec/mpeg4videodec.c libavcodec/mpegvideo.c libavcodec/noise_bsf.c libavcodec/nuv.c libavcodec/nvenc.c libavcodec/options.c libavcodec/parser.c libavcodec/pngenc.c libavcodec/proresenc_kostya.c libavcodec/qsvdec.c libavcodec/svq1enc.c libavcodec/tiffenc.c libavcodec/truemotion2.c libavcodec/utils.c libavcodec/utvideoenc.c libavcodec/vc1dec.c libavcodec/wmalosslessdec.c libavformat/adxdec.c libavformat/aiffdec.c libavformat/apc.c libavformat/apetag.c libavformat/avidec.c libavformat/bink.c libavformat/cafdec.c libavformat/flvdec.c libavformat/id3v2.c libavformat/isom.c libavformat/matroskadec.c libavformat/mov.c libavformat/mpc.c libavformat/mpc8.c libavformat/mpegts.c libavformat/mvi.c libavformat/mxfdec.c libavformat/mxg.c libavformat/nutdec.c libavformat/oggdec.c libavformat/oggparsecelt.c libavformat/oggparseflac.c libavformat/oggparseopus.c libavformat/oggparsespeex.c libavformat/omadec.c libavformat/rawdec.c libavformat/riffdec.c libavformat/rl2.c libavformat/rmdec.c libavformat/rtpdec_latm.c libavformat/rtpdec_mpeg4.c libavformat/rtpdec_qdm2.c libavformat/rtpdec_svq3.c libavformat/sierravmd.c libavformat/smacker.c libavformat/smush.c libavformat/spdifenc.c libavformat/takdec.c libavformat/tta.c libavformat/utils.c libavformat/vqf.c libavformat/westwood_vqa.c libavformat/xmv.c libavformat/xwma.c libavformat/yop.c Merged-by: Michael Niedermayer <michael@niedermayer.cc>	2015-07-27 23:15:19 +02:00
Michael Niedermayer	444e9874a7	Merge commit 'def97856de6021965db86c25a732d78689bd6bb0' * commit 'def97856de6021965db86c25a732d78689bd6bb0': lavc: AV-prefix all codec capabilities Conflicts: cmdutils.c ffmpeg.c ffplay.c libavcodec/8svx.c libavcodec/aacenc.c libavcodec/ac3dec.c libavcodec/adpcm.c libavcodec/alac.c libavcodec/atrac3plusdec.c libavcodec/bink.c libavcodec/dnxhddec.c libavcodec/dvdec.c libavcodec/dvenc.c libavcodec/ffv1dec.c libavcodec/ffv1enc.c libavcodec/fic.c libavcodec/flacdec.c libavcodec/flacenc.c libavcodec/flvdec.c libavcodec/fraps.c libavcodec/frwu.c libavcodec/gifdec.c libavcodec/h261dec.c libavcodec/hevc.c libavcodec/iff.c libavcodec/imc.c libavcodec/libopenjpegdec.c libavcodec/libvo-aacenc.c libavcodec/libvorbisenc.c libavcodec/libvpxdec.c libavcodec/libvpxenc.c libavcodec/libx264.c libavcodec/mjpegbdec.c libavcodec/mjpegdec.c libavcodec/mpegaudiodec_float.c libavcodec/msmpeg4dec.c libavcodec/mxpegdec.c libavcodec/nvenc_h264.c libavcodec/nvenc_hevc.c libavcodec/pngdec.c libavcodec/qpeg.c libavcodec/ra288.c libavcodec/rv10.c libavcodec/s302m.c libavcodec/sp5xdec.c libavcodec/takdec.c libavcodec/tiff.c libavcodec/tta.c libavcodec/utils.c libavcodec/v210dec.c libavcodec/vp6.c libavcodec/vp9.c libavcodec/wavpack.c libavcodec/yop.c Merged-by: Michael Niedermayer <michael@niedermayer.cc>	2015-07-27 22:50:18 +02:00
Vittorio Giovara	059a934806	lavc: Consistently prefix input buffer defines Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>	2015-07-27 15:24:59 +01:00
Vittorio Giovara	def97856de	lavc: AV-prefix all codec capabilities Express bitfields more simply. Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>	2015-07-27 15:24:58 +01:00
Paul B Mahol	94cfb6db7d	avcodec/shorten: use init_get_bits8() Signed-off-by: Paul B Mahol <onemda@gmail.com>	2015-07-03 16:57:11 +00:00
Michael Niedermayer	294469416d	avcodec/shorten: More complete pred_order check Fixes CID1239055 Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-05-15 17:02:28 +02:00
Michael Niedermayer	2d15588124	avcodec/shorten: Fix code depending on signed overflow behavior Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-05-15 16:58:51 +02:00
Michael Niedermayer	d201becfc0	avcodec/shorten: Check skip_bytes() Fixes CID1210526 Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-05-15 16:48:31 +02:00
Michael Niedermayer	fbe8672e15	avcodec/shorten: use av_reallocp_array() Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-01-12 23:46:50 +01:00
Michael Niedermayer	ecb748866e	Merge commit '8e104619a627fcf5f4c2bd3c09d0c2d323aae745' * commit '8e104619a627fcf5f4c2bd3c09d0c2d323aae745': shorten: check for return value Conflicts: libavcodec/shorten.c See: e20ebe491c17388a312e04ff060c217ecfafc914 Merged-by: Michael Niedermayer <michaelni@gmx.at>	2014-11-13 14:21:58 +01:00
Vittorio Giovara	8e104619a6	shorten: check for return value Avoid a possible negative bitshift. CC: libav-stable@libav.org Bug-Id: CID 1194400	2014-11-13 01:41:26 +01:00
Michael Niedermayer	e20ebe491c	avcodec/shorten: check bitshift Fixes invalid shift Fixes CID1194400 Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-04-27 13:03:28 +02:00
Anton Khirnov	1713eec29a	shorten: pad the internal bitstream buffer Fixes invalid reads. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC:libav-stable@libav.org	2014-02-04 21:59:57 +01:00
Michael Niedermayer	1486ed0815	avcodec/shorten: clear bitstream buffer Fixes use of uninitialized memory Fixes: msan_uninit-mem_7f3ca95606fb_6393_luckynight-partial.shn Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2013-12-26 01:35:00 +01:00
Michael Niedermayer	8c677a9f06	Merge commit '9b8d11a76ae7bca8bbb58abb822138f8b42c776c' * commit '9b8d11a76ae7bca8bbb58abb822138f8b42c776c': avcodec: Use av_reallocp where suitable Conflicts: libavcodec/bitstream.c libavcodec/eatgv.c libavcodec/flashsv.c libavcodec/libtheoraenc.c libavcodec/libvpxenc.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2013-12-09 20:31:29 +01:00
Alexandra Khirnova	9b8d11a76a	avcodec: Use av_reallocp where suitable Signed-off-by: Martin Storsjö <martin@martin.st>	2013-12-09 12:27:51 +02:00
Michael Niedermayer	bb8ce36dc2	Merge commit '5f5ada3dbf97e306a74250ba8dcf8619ad59b020' * commit '5f5ada3dbf97e306a74250ba8dcf8619ad59b020': shorten: Fix out-of-array read Merged-by: Michael Niedermayer <michaelni@gmx.at>	2013-10-11 09:20:26 +02:00
Tim Walker	5f5ada3dbf	shorten: Fix out-of-array read pred_order == FF_ARRAY_ELEMS(fixed_coeffs) is invalid too. Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2013-10-10 17:52:14 +02:00
Michael Niedermayer	7f22df3a49	Merge remote-tracking branch 'qatar/master' * qatar/master: shorten: Extend fixed_coeffs to properly support pred_order 0 Conflicts: libavcodec/shorten.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2013-10-09 11:04:06 +02:00

1 2 3 4

174 Commits