1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-07 11:13:41 +02:00
Commit Graph

20 Commits

Author SHA1 Message Date
Michael Niedermayer
cd66606a8f
avcodec/bonk: Fix undefined overflow in predictor_calc_error()
Fixes: signed integer overflow: -2146469728 - 1488954 cannot be represented in type 'int'
Fixes: 62490/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-5612782399389696

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-16 01:05:07 +02:00
Michael Niedermayer
2b25a5168e
avcodec/bonk: Fix integer overflow in predictor_calc_error()
Fixes: signed integer overflow: -2147483300 - 12285 cannot be represented in type 'int'
Fixes: 59462/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-5714298807386112

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-09-14 22:00:17 +02:00
Michael Niedermayer
43e5e2e423
avcodec/bonk: Avoid undefined integer overflow in predictor_calc_error()
Fixes: signed integer overflow: -159584 * 5105950 cannot be represented in type 'int'
Fixes: 55165/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-5796023719297024

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-05-22 02:49:59 +02:00
Anton Khirnov
8b20d0dcb5 lavc: deprecate AV_CODEC_CAP_SUBFRAMES
There is nothing meaningful the caller can do with it.
2023-05-15 10:24:54 +02:00
Michael Niedermayer
957106a24d
avcodec/bonk: decode multiple passes in intlist_read() at once
This makes the worst case much faster

Fixes: Timeout
Fixes: 51363/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-5660734784143360
Fixes: 57957/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-5874095467397120

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-05-01 00:48:32 +02:00
Paul B Mahol
0c7af7b954 avcodec/bonk: properly handle some other errors 2023-02-07 17:13:11 +01:00
Michael Niedermayer
8e58d20e10
avcodec/bonk: Check ntaps against buffer size
Fixes: out of array read
Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-6739246658748416

Note: This issue was assigned to a unrelated theora bug

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-01-12 15:44:41 +01:00
Michael Niedermayer
977028f9f4
avcodec/bonk: Avoid undefined overflow in quant
Fixes: signed integer overflow: -2889074 * 2048 cannot be represented in type 'int'
Fixes: 51363/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-5660734784143360
Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-6617680050520064
Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-6743951854141440

No check is done for the overflow as this was rejected in last review, see the ML

Note: the 2nd and 3rd testcase was assigned by ossfuzz to a unrelated theora issue (48567)

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-01-12 15:44:41 +01:00
Paul B Mahol
5852682dbd avcodec/bonk: increase level limit as joint encodings needs more 2023-01-02 18:42:35 +01:00
Michael Niedermayer
8f975641d7
avcodec/bonk: Use unsigned in predictor_init_state() to avoid undefined behavior
Fixes: signed integer overflow: -5010 * -717450 cannot be represented in type 'int'
Fixes: 53370/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-4945644204195840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-11-28 21:20:56 +01:00
Paul B Mahol
abb5ff373d avcodec/bonk: check level value to not reach invalid values
Also reset bitstream parsing variables on fatal error.
2022-11-22 20:51:42 +01:00
Michael Niedermayer
104b516a13
avcodec/bonk: step cannot become 0 without overflowing which is undefined
also the original reference code does not contain a 0 check

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-11-14 21:52:51 +01:00
Michael Niedermayer
5df8c300a9
avcodec/bonk: actual_run seems not able to become negative
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-11-14 21:52:51 +01:00
Michael Niedermayer
00b489b168
avcodec/bonk: Remove special 32bit case from read_uint_max()
This case seems not to match the reference decoder and it also
seems not reachable

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-11-14 21:52:51 +01:00
Michael Niedermayer
8e59e72041
avcodec/bonk: steplet cannot become negative
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-11-10 21:14:23 +01:00
Michael Niedermayer
3263185225
avcodec/bonk: Check step against overflow
No testcase

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-11-10 21:14:23 +01:00
Michael Niedermayer
9f00286c4c
avcodec/bonk: Simplify read_uint_max()
The max == 0 case can be removed too but i left it as 50% of the cases use it

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-11-10 21:14:23 +01:00
Michael Niedermayer
f4df49eb48
avcodec/bonk: Use unsigned in predictor_calc_error() to avoid undefined overflows
Fixes: signed integer overflow: 22 * -2107998208 cannot be represented in type 'int'
Fixes: 51363/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-5660734784143360

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-11-10 21:14:22 +01:00
Andreas Rheinhardt
8d12f3de14 avcodec/bonk: Actually clip when using av_clip()
Also fixes a "statement with no effect [-Wunused-value]"
warning from GCC.

Reviewed-by: James Almer <jamrial@gmail.com>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2022-09-12 23:51:51 +02:00
Paul B Mahol
88170070c4 avcodec: add bonk audio decoder 2022-09-12 11:34:27 +02:00