1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-03 05:10:03 +02:00
Commit Graph

101845 Commits

Author SHA1 Message Date
Michael Niedermayer
075d793ba8 avcodec/sonic: Use unsigned temporary in predictor_calc_error()
Fixes: signed integer overflow: -2147471366 - 18638 cannot be represented in type 'int'
Fixes: 30157/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5171199746506752

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-28 14:20:00 +02:00
Michael Niedermayer
2c477be08a avformat/jacosubdec: Use 64bit intermediate for start/end timestamp shift
Fixes: signed integer overflow: -1957694447 + -1620425806 cannot be represented in type 'int'
Fixes: 30207/clusterfuzz-testcase-minimized-ffmpeg_dem_JACOSUB_fuzzer-5050791771635712

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-28 14:20:00 +02:00
Michael Niedermayer
b5d8fe1c87 avformat/flvdec: Check array entry number
Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
Fixes: 30209/clusterfuzz-testcase-minimized-ffmpeg_dem_FLV_fuzzer-5724831658147840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-28 14:20:00 +02:00
Gyan Doshi
8b2bde0494 avformat/rtpenc_mpegts: stop leaks
Fixes CID 1474460 & 1474461
2021-03-28 15:55:02 +05:30
Gyan Doshi
1d1a96acf5 doc/filters: note default for elbg pal8 option 2021-03-28 15:26:56 +05:30
James Almer
cad3a5d715 avcodec/libxvid: remove unnecessary output packet data check
The user buffers passed to avcodec_encode_video2() haven't been propagated to
AVCodec.encode2 implementations since 93016f5d1d.
Also, the generic encode code already unrefs the packet if nothing was encoded.

Signed-off-by: James Almer <jamrial@gmail.com>
2021-03-26 18:36:28 -03:00
Derek Buitenhuis
f404a2716a avformat/mov: Properly forward error codes from av_seek
This is important, for example, for connection timed out events,
when used over a network, returning AVERROR(ETIMEDOUT).

Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2021-03-26 20:04:12 +00:00
Michael Niedermayer
896395bbcf tools/target_dec_fuzzer: Adjust threshold for flac
Fixes: Timeout
Fixes: 31464/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLAC_fuzzer-4843965653319680

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-26 16:00:14 +01:00
Michael Niedermayer
8047243899 avcodec/h264_slice: Check sps in h264_slice_header_init()
Fixes: null pointer dereference
Fixes: h264_slice_header_init.mp4

Found-by: Rafael Dutra <rafael.dutra@cispa.de>
Tested-by: Rafael Dutra <rafael.dutra@cispa.de>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-26 16:00:14 +01:00
Michael Niedermayer
28859d6e7c avcodec/aacpsy: Check model_priv_data before dereferencing in psy_3gpp_end()
Fixes: null pointer dereference
Fixes: av_freep.mp4

Found-by: Rafael Dutra <rafael.dutra@cispa.de>
Tested-by: Rafael Dutra <rafael.dutra@cispa.de>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-26 16:00:14 +01:00
Michael Niedermayer
5c2ff44f91 avformat/movenc: Avoid loosing cluster array on failure
Fixes: crash
Fixes: check_pkt.mp4

Found-by: Rafael Dutra <rafael.dutra@cispa.de>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-26 16:00:14 +01:00
Michael Niedermayer
d0a937caec tools/target_dec_fuzzer: Adjust VP4 threshold
Fixes: Timeout (>10sec -> <100ms)
Fixes: 31515/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP4_fuzzer-5247114134290432

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-26 16:00:14 +01:00
Michael Niedermayer
f733688d30 avformat/avidec: Check for dv streams before using priv_data in parse ##dc/##wb
Fixes: null pointer dereference
Fixes: 31588/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-6165716135968768

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-26 16:00:14 +01:00
Michael Niedermayer
d35677736a avformat/mov: Check sample size for overflow in mov_parse_stsd_audio()
Fixes: signed integer overflow: 2 * 1914708000 cannot be represented in type 'int'
Fixes: 31639/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6303428239294464

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-26 16:00:14 +01:00
Michael Niedermayer
e8bd34fe4f avcodec/sga: Check for array end in lzss_decompress()
Fixes: out of array access
Fixes: 31640/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SGA_fuzzer-5630883286614016
Fixes: 31619/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SGA_fuzzer-5176667708456960

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-26 16:00:14 +01:00
Michael Niedermayer
f44068db1e avformat/sbgdec: Check for overflow in last loop in expand_timestamps()
Fixes: signed integer overflow: 9223372036854775807 + 86400000000 cannot be represented in type 'long'
Fixes: 31003/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6256298771480576

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-26 15:53:30 +01:00
Michael Niedermayer
be08b84f8b avcodec/ffwavesynth: Avoid signed integer overflow in phi_at()
Fixes: signed integer overflow: 2314885530818453536 - -9070214327174160352 cannot be represented in type 'long'
Fixes: 31000/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-6558389742206976

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-26 15:53:30 +01:00
Gyan Doshi
2c806aa2b4 avformat/rtpenc_mpegts: convey options for rtp muxer 2021-03-26 12:37:10 +05:30
Gyan Doshi
325bb04188 avformat/rtpenc_mpegts: relay streamid to mpegts muxer streams. 2021-03-26 12:35:37 +05:30
Gyan Doshi
affe911c65 avformat/rtpenc_mpegts: convey options for mpeg-ts muxer
Fixes #5239
2021-03-26 12:34:27 +05:30
Andreas Rheinhardt
6599960940 avcodec/pthread_frame: Reindentation
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-26 03:04:28 +01:00
Andreas Rheinhardt
c85fcc96b7 avcodec/pthread_frame: Check initializing mutexes/condition variables
Up until now, initializing the mutexes/condition variables wasn't
checked by ff_frame_thread_init(). This commit changes this.

Given that it is not documented to be save to destroy a zeroed but
otherwise uninitialized mutex/condition variable, one has to choose
between two approaches: Either one duplicates the code to free them
in ff_frame_thread_init() in case of errors or one records which have
been successfully initialized. This commit takes the latter approach:
For each of the two structures with mutexes/condition variables
an array containing the offsets of the members to initialize is added.
Said array is used both for initializing and freeing and the only thing
that needs to be recorded is how many of these have been successfully
initialized.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-26 03:04:28 +01:00
Andreas Rheinhardt
e9b6617579 avcodec/pthread_frame: Fix cleanup during init
In case an error happened when setting up the child threads,
ff_frame_thread_init() would up until now call ff_frame_thread_free()
to clean up all threads set up so far, including the current, not
properly initialized one.
But a half-allocated context needs special handling which
ff_frame_thread_frame_free() doesn't provide.
Notably, if allocating the AVCodecInternal, the codec's private data
or setting the options fails, the codec's close function will be
called (if there is one); it will also be called if the codec's init
function fails, regardless of whether the FF_CODEC_CAP_INIT_CLEANUP
is set. This is not supported by all codecs; in ticket #9099 it led
to a crash.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-26 03:04:28 +01:00
Andreas Rheinhardt
24ee151402 avcodec/pthread_frame: Factor initializing single thread out
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-26 03:04:28 +01:00
Andreas Rheinhardt
df6dc331dd avformat/libmodplug: Fix memleaks on error
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-26 03:03:59 +01:00
Andreas Rheinhardt
9e0c16fcc3 avformat/libgme: Remove redundant setting of packet size
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-26 03:03:59 +01:00
Andreas Rheinhardt
1897286d05 avformat/libgme: Actually set the duration
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-26 03:03:59 +01:00
Andreas Rheinhardt
05457a3661 avformat/libgme: Fix memleaks on errors
Also free the gme_info_t structure immediately after its use.
This simplifies cleanup, because it might be unsafe to call
gme_free_info(NULL) (or even worse, gme_track_info() might even
on error set the pointer to the gme_info_t structure to something
else than NULL).

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-26 03:03:59 +01:00
Andreas Rheinhardt
3ec3370dea avformat/aadec: Fix leak on error
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-26 03:03:59 +01:00
Andreas Rheinhardt
4f11685e4c avformat/jacosubdec: Fix leak on error
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-26 03:03:59 +01:00
Ting Fu
637bdefdeb lavfi/dnn_backend_tensorflow.c: fix mem leak in execute_model_tf
Signed-off-by: Ting Fu <ting.fu@intel.com>
2021-03-25 13:10:32 +08:00
Ting Fu
b08b5f07b6 lavfi/dnn_backend_tensorflow.c: fix mem leak in load_native_model
Signed-off-by: Ting Fu <ting.fu@intel.com>
2021-03-25 13:10:32 +08:00
Ting Fu
3499ec84cc lavfi/dnn_backend_tensorflow.c: fix mem leak in load_tf_model
Signed-off-by: Ting Fu <ting.fu@intel.com>
2021-03-25 13:10:32 +08:00
nyanmisaka
a4e518c321 avfilter/overlay_cuda: fix framesync with embedded PGS subtitle
Signed-off-by: nyanmisaka <nst799610810@gmail.com>
2021-03-25 04:31:42 +01:00
nyanmisaka
0c5098d1a2 avfilter/hwupload_cuda: add YUVA420P format support
Signed-off-by: nyanmisaka <nst799610810@gmail.com>
Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
2021-03-25 04:30:50 +01:00
Zane van Iperen
f53e54b3a5
MAINTAINERS: add myself as adpcm maintainer
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2021-03-25 12:51:10 +10:00
Zane van Iperen
64fb63411d
avformat/pp_bnk: allow seeking to start
Allows "ffplay -loop" to work.

Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2021-03-25 12:51:10 +10:00
Zane van Iperen
ea9732c5d6
avformat/alp: allow seeking to start
Allows "ffplay -loop" to work.

Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2021-03-25 12:51:10 +10:00
Zane van Iperen
3cc4a140ef
avformat/kvag: allow seeking to start
Allows "ffplay -loop" to work.

Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2021-03-25 12:51:10 +10:00
Zane van Iperen
e550667f61
avcodec/adpcm_ima_cunning: reset state on flush
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2021-03-25 12:51:09 +10:00
Zane van Iperen
257d9f91fc
avcodec/adpcm_ima_alp: reset state on flush
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2021-03-25 12:51:09 +10:00
Zane van Iperen
ff7bbd6d88
avcodec/adpcm_ima_ssi: reset state on flush
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2021-03-25 12:51:09 +10:00
Zane van Iperen
660c14a9b9
avcodec/adpcm_argo: reset state on flush
Commit 003b5c800f introduced seeking in argo_asf,
but this was missed, leading to non-deterministic output.

Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2021-03-25 12:51:08 +10:00
Zane van Iperen
efb58ec8f9
avcodec/adpcm_aica: reset state in flush callback
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2021-03-25 12:51:08 +10:00
Zane van Iperen
95280cf3e7
avcodec/adpcm_zork: reset state in flush callback
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2021-03-25 12:51:08 +10:00
Zane van Iperen
55a50885b9
avcodec/adpcm: add comment to has_status field
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2021-03-25 12:51:01 +10:00
Andreas Rheinhardt
7439267eeb avcodec/kmvc: Avoid branch when swapping pointers
Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-25 00:32:47 +01:00
Andreas Rheinhardt
efbfee4c1a avcodec/kmvc: Move commonly used variables to the front of the context
Reduces codesize because the offset in pointer+offset addressing
requires less bytes to encode. Reduces the size of .text from 8871B
to 8146B (GCC 10, -O3, x64).

Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-25 00:32:47 +01:00
Andreas Rheinhardt
fb6a8847ad avcodec/kmvc: Prefer in-band palette
Fixes decoding of https://samples.ffmpeg.org/V-codecs/KMVC/LOGO2.AVI

Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-25 00:32:47 +01:00
Andreas Rheinhardt
ea70c39dee avcodec/vc1dec: Postpone allocating sprite frame to avoid segfault
Up until now, the VC-1 decoders allocated an AVFrame for usage with
sprites during vc1_decode_init(); yet said AVFrame can be freed if
(re)initializing the context (which happens ordinarily during decoding)
fails. The AVFrame does not get allocated again lateron in this case,
leading to segfaults.

Fix this by moving the allocation of said frame immediately before it is
used (this also means that said frame won't be allocated at all any more
in case of a regular (i.e. non-image) stream).

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-25 00:02:17 +01:00