1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-28 20:53:54 +02:00
Commit Graph

86707 Commits

Author SHA1 Message Date
Michael Niedermayer
27c2006805 avcodec/takdec: Fixes: integer overflow in AV_SAMPLE_FMT_U8P output
Fixes: runtime error: signed integer overflow: 2147483543 + 128 cannot be represented in type 'int'
Fixes: 2234/clusterfuzz-testcase-minimized-6266896041115648

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-18 14:38:41 +02:00
Michael Niedermayer
9a6503f496 avcodec/iff: Cleanup on init failure
Fixes: memleak
Fixes: 2272/clusterfuzz-testcase-minimized-5059103858622464

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-18 14:05:57 +02:00
Daniel Kucera
c557718bea libavformat/file: return AVERROR_EOF on EOF
Signed-off-by: Daniel Kucera <daniel.kucera@gmail.com>
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-17 22:36:54 +02:00
Daniel Kucera
d4a900fad8 libavformat/subfile: return AVERROR_EOF on EOF
Signed-off-by: Daniel Kucera <daniel.kucera@gmail.com>
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-17 22:36:54 +02:00
Michael Niedermayer
c746f92a8e avcodec/jpeg2000dsp: Reorder operations in ict_int() to avoid 2 integer overflows
Fixes: runtime error: signed integer overflow: 58065 * 51981 cannot be represented in type 'int'
Fixes: 2271/clusterfuzz-testcase-minimized-5778297776504832

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-17 22:36:54 +02:00
Michael Niedermayer
c94326c1fc avcodec/hevcpred_template: Fix left shift of negative value
Fixes: runtime error: left shift of negative value -1
Fixes: 2250/clusterfuzz-testcase-minimized-5693382112313344

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-17 22:36:54 +02:00
James Almer
8ddb6820bd avformat/libssh: check the user provided a password before trying to use it
Fixes ticket #6413

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
2017-06-17 17:16:13 -03:00
Michael Niedermayer
1edbf5e20c avcodec/hevcdec: Fix signed integer overflow in decode_lt_rps()
Fixes: runtime error: signed integer overflow: 2147483647 + 6 cannot be represented in type 'int'
Fixes: 2263/clusterfuzz-testcase-minimized-4800359627227136

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-17 00:34:48 +02:00
Michael Niedermayer
9b65dbf734 avcodec/gdv: Fix undefined shift
Fixes: runtime error: left shift of 255 by 24 places cannot be represented in type 'int'
Fixes: 2249/clusterfuzz-testcase-minimized-5388542379294720

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-16 23:32:28 +02:00
Michael Niedermayer
dfb61ea263 avcodec/jpeg2000dec: Check nonzerobits more completely
Fixes: runtime error: shift exponent 36 is too large for 32-bit type 'int'
Fixes: 2239/clusterfuzz-testcase-minimized-5639766592716800

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-16 20:32:39 +02:00
Michael Niedermayer
16d6cc2168 avcodec/wavpack: Change wp_log2() to unsigned
Fixes: runtime error: signed integer overflow: 2143315325 + 4186162 cannot be represented in type 'int'
Fixes: 2134/clusterfuzz-testcase-minimized-4619258405322752

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-16 20:32:39 +02:00
Michael Niedermayer
e77ddd31a8 avcodec/shorten: Sanity check maxnlpc
Fixes OOM
Fixes: 2131/clusterfuzz-testcase-minimized-4718045157130240

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-16 20:32:39 +02:00
Rostislav Pehlivanov
18f09524f7 configure: use -x instead of -wN ..@ to strip assembly files
Reduces the amount of debugging information of external asm from
uselessly verbose to informative enough.

Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>
Reviewed-by: James Darnley <james.darnley@gmail.com>
2017-06-16 15:25:31 +01:00
James Almer
623d217ed1 avcodec/aacps: move checks for valid length outside the stereo_interpolate dsp function
Signed-off-by: James Almer <jamrial@gmail.com>
2017-06-15 23:49:40 -03:00
James Almer
b3446862bf x86/vorbisdsp: optimize ff_vorbis_inverse_coupling_sse
About 7% faster.
2017-06-15 23:20:05 -03:00
Michael Niedermayer
c0607d88ee avcodec/parser: assert that there is a past buffer if theres a reference into the past
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-16 01:35:35 +02:00
Michael Niedermayer
3c716682a8 avcodec/truemotion2: Move skip computation after checks
Fixes: runtime error: signed integer overflow: 630067357 * 4 cannot be represented in type 'int'
Fixes: 2233/clusterfuzz-testcase-minimized-5943031318446080

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-16 00:21:30 +02:00
Michael Niedermayer
e3fadc57c5 avcodec/jpeg2000: Fixes integer overflow in ff_jpeg2000_ceildivpow2()
Fixes: runtime error: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 2231/clusterfuzz-testcase-minimized-4565181982048256

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-16 00:21:30 +02:00
Michael Niedermayer
611b356274 avcodec/dnxhd_parser: Do not return invalid value from dnxhd_find_frame_end() on error
Fixes: Null pointer dereference

Fixes: CVE-2017-9608
Found-by: Yihan Lian
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-16 00:21:30 +02:00
Rostislav Pehlivanov
b52b398c30 vc2enc: decrease default strictness level
Given how incredibly limited the official specifications are (limiting all use
to only the most common broadcasting formats), permit all supported inputs
by default. This makes the encoder more useful.
2017-06-15 18:30:08 +01:00
Tyler Jones
752dd1952a vorbisenc: Stop tracking number of samples per frame
Each frame is now padded with 0 values if not enough samples are
present, and all frames are guaranteed to have exactly
1 << (venc->log2_blocksize[1] - 1) samples.

Signed-off-by: Tyler Jones <tdjones879@gmail.com>
Reviewed-by: Rostislav Pehlivanov <atomnuker@gmail.com>
2017-06-15 16:42:49 +01:00
Tyler Jones
f57f665183 vorbisenc: Apply and output correct length window and mdct
Usage of blocksize, window, mode, and mdct indexes are switched from
default 0 to a default of 1 to better align with specs. A flag of 0
should correspond with short windows, a flag of 1 with long.

Signed-off-by: Tyler Jones <tdjones879@gmail.com>
Reviewed-by: Rostislav Pehlivanov <atomnuker@gmail.com>
2017-06-15 16:42:49 +01:00
Tyler Jones
5a2ad7ede3 vorbisenc: Separate copying audio samples from windowing
Audio samples are shifted around when copying from the frame queue so that
analysis can be done without negatively impacting calculation of the MDCT.

Window coefficients are applied to the current two overlapped windows
simultaneously instead of applying overlap for the next frame ahead of time.
This improves readability when applying windows of varying lengths.

Signed-off-by: Tyler Jones <tdjones879@gmail.com>
Reviewed-by: Rostislav Pehlivanov <atomnuker@gmail.com>
2017-06-15 16:42:49 +01:00
Paul B Mahol
9b667f609c avfilter/af_headphone: fix possible memory leaks on failure
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2017-06-15 11:19:12 +02:00
Michael Niedermayer
bc40674462 avcodec/hevcdec: Check nb_sps
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-15 03:09:40 +02:00
Michael Niedermayer
1cb4ef526d avcodec/hevc_refs: Check nb_refs in add_candidate_ref()
Fixes: runtime error: index 16 out of bounds for type 'int [16]'
Fixes: 2209/clusterfuzz-testcase-minimized-5012343912136704

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-15 03:09:40 +02:00
James Almer
e53c9065ca avutil/tests: remove float_dsp test
It's been ported to checkasm.

Signed-off-by: James Almer <jamrial@gmail.com>
2017-06-14 19:20:19 -03:00
James Almer
5b10f484e2 checkasm: add float_dsp tests
Ported from libavutil/tests/float_dsp.c

Signed-off-by: James Almer <jamrial@gmail.com>
2017-06-14 19:20:10 -03:00
James Almer
37388b119c checkasm: add a checkasm_checked_call function that doesn't issue emms
Meant for DSP functions returning a float or double, as they'd fail if emms
is called after every run on x86_32.

Signed-off-by: James Almer <jamrial@gmail.com>
2017-06-14 19:18:56 -03:00
Michael Niedermayer
12245ab1f6 avcodec/mpeg4videodec: Check sprite delta upshift against overflowing.
Fixes: runtime error: signed integer overflow: -268386304 * 16 cannot be represented in type 'int'
Fixes: 2204/clusterfuzz-testcase-minimized-5616756909408256

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-15 00:16:20 +02:00
Michael Niedermayer
0a87be404a avcodec/mpeg4videodec: Fix integer overflow in num_sprite_warping_points=2 case
Fixes: runtime error: signed integer overflow: 131072 + 2147352576 cannot be represented in type 'int'
Fixes: 2192/clusterfuzz-testcase-minimized-5370387988742144

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-15 00:16:20 +02:00
Michael Niedermayer
900fe8ee5d avcodec/dnxhdenc: Assert that frame size is not assigned an error code
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-15 00:16:20 +02:00
Mark Thompson
88a2e4504d hevc: Fix scaling list prediction delta for the 32x32 inter matrix
Fixes ticket #6356.
2017-06-14 23:08:26 +01:00
Mark Thompson
5de38188f8 doc: Document hwupload, hwdownload and hwmap filters
(cherry picked from commit 66aa9b94da)
2017-06-14 22:27:34 +01:00
Mark Thompson
d81be0a60a vf_hwmap: Add reverse mapping for hardware frames
This is something of a hack.  It allocates a new hwframe context for
the target format, then maps it back to the source link and overwrites
the input link hw_frames_ctx so that the previous filter will receive
the frames we want from ff_get_video_buffer().  It may fail if
the previous filter imposes any additional constraints on the frames
it wants to use as output.

(cherry picked from commit 81a4cb8e58)
2017-06-14 22:27:34 +01:00
Mark Thompson
b2ef1f42ba vf_hwmap: Add device derivation
Also refactor a little and improve error messages to make failure
cases easier to understand.

(cherry picked from commit 38cb05f1c8)
2017-06-14 22:27:34 +01:00
Mark Thompson
d59c6a3aeb hwcontext: Improve allocation in derived contexts
Use the flags argument of av_hwframe_ctx_create_derived() to pass the
mapping flags which will be used on allocation.  Also, set the format
and hardware context on the allocated frame automatically - the user
should not be required to do this themselves.

(cherry picked from commit c5714b51aa)
2017-06-14 22:27:32 +01:00
Mark Thompson
a97fb14418 hwcontext_qsv: Implement mapping frames to the child device type
(cherry picked from commit e1c5d56b18)
2017-06-14 22:27:07 +01:00
Mark Thompson
f82ace71c0 hwcontext_qsv: Implement mapping frames from the child device type
Factorises out existing surface initialisation code to reuse.

(cherry picked from commit eaa5e07104)
2017-06-14 22:27:07 +01:00
Mark Thompson
ec3dbeae81 hwcontext: Add frame context mapping for nontrivial contexts
Some frames contexts are not usable without additional format-specific
state in hwctx.  This change adds new functions frames_derive_from and
frames_derive_to to initialise this state appropriately when deriving
a frames context which will require it to be set.

(cherry picked from commit 27978155bc)
2017-06-14 22:27:07 +01:00
Mark Thompson
045ff8d30a hwcontext_qsv: Support derivation from child devices
(cherry picked from commit aa51bb3d27)
2017-06-14 22:27:07 +01:00
Mark Thompson
7ce47090ce ffmpeg: Support setting the hardware device to use when filtering
This only supports one device globally, but more can be used by
passing them with input streams in hw_frames_ctx or by deriving new
devices inside a filter graph with hwmap.

(cherry picked from commit e669db7610)
2017-06-14 22:27:07 +01:00
Mark Thompson
3882063174 vaapi: Add external control of allow-profile-mismatch
Uses the just-added ALLOW_PROFILE_MISMATCH flag.

(cherry picked from commit 7acb90333a)
2017-06-14 22:27:06 +01:00
Mark Thompson
49ae8a5e87 lavc: Add flag to allow profile mismatch with hardware decoding
(cherry picked from commit 64a5260c69)
2017-06-14 22:27:04 +01:00
Mark Thompson
b658b5399e vaapi_encode: Use gop_size consistently in RC parameters
The non-H.26[45] codecs already use this form.  Since we don't
currently generate I frames for codecs which support them separately
to IDR, the p_per_i variable is set to infinity by default so that it
doesn't interfere with any other calculation.  (All the code for I
frames still exists, and it works for H.264 if set manually.)

(cherry picked from commit 6af014f402)
2017-06-14 22:26:32 +01:00
Mark Thompson
28aedeed19 qsvenc: Allow use of hw_device_ctx to make the internal session
(cherry picked from commit 3d197514e6)
2017-06-14 22:26:32 +01:00
Mark Thompson
8aa3c2df1a qsvdec: Allow use of hw_device_ctx to make the internal session
(cherry picked from commit 8848ba0bd6)
2017-06-14 22:26:32 +01:00
Mark Thompson
91c3b50d74 qsv: Add ability to create a session from a device
(cherry picked from commit 4936a48b1e)
2017-06-14 22:26:32 +01:00
Mark Thompson
bff7bec1d7 vf_deinterlace_vaapi: Add support for field rate output
In order to work correctly with the i965 driver, this also fixes the
direction of forward/backward references - forward references are
intended to be those from the past to the current frame, not from the
current frame to the future.

(cherry picked from commit 9aa251c98c)
2017-06-14 22:26:32 +01:00
Mark Thompson
527a1e2131 ffmpeg: Document the -init_hw_device option
(cherry picked from commit 303fadf596)
2017-06-14 22:26:32 +01:00