1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-28 20:53:54 +02:00
Commit Graph

28 Commits

Author SHA1 Message Date
Andreas Rheinhardt
d6c16c5217 avcodec/mobiclip: Rewrite code to make it clearer
In order to know that the earlier code did not use uninitialized
values one needs to know that the lowest four bits of each used
value of pframe_block4x4_coefficients_tab do not vanish identically.
E.g. Coverity did not get this and warned about it in ticket #1466632.
Fix this by slightly rewriting the code.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2021-11-28 06:59:56 +01:00
Andreas Rheinhardt
a247ac640d avcodec: Constify AVCodecs
Given that the AVCodec.next pointer has now been removed, most of the
AVCodecs are not modified at all any more and can therefore be made
const (as this patch does); the only exceptions are the very few codecs
for external libraries that have a init_static_data callback.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
2021-04-27 10:43:15 -03:00
Florian Nouwt
f067fcb9df mobiclip: fix copyright headers
The Mobiclip related code was based on Mobius (https://github.com/adibsurani/Mobius),
which was based on my original reverse engineering efforts (https://github.com/Gericom/MobiclipDecoder).
This commit adds the appropriate copyright headers on the related files.

Signed-off-by: Florian Nouwt <fnouwt2@gmail.com>
2021-03-08 19:19:19 +01:00
Michael Niedermayer
4dc039b4c7 avcodec/mobiclip: Avoid undefined integer overflow in MV computation
Fixes: signed integer overflow: 1 + 2147483647 cannot be represented in type 'int'
Fixes: 30877/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOBICLIP_fuzzer-4775601145774080

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-03 11:40:40 +01:00
Andreas Rheinhardt
0e645b98c6 Remove double ';'
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-01 06:10:44 +01:00
Michael Niedermayer
3a24000e72 avcodec/mobiclip: Bound planar prediction value
Fixes: signed integer overflow: 2 * 1073741952 cannot be represented in type 'int'
Fixes: 26765/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOBICLIP_fuzzer-6594926936326144
Fixes: 29663/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOBICLIP_fuzzer-5169789012148224

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-02-10 12:28:30 +01:00
Andreas Rheinhardt
f782dd316a avcodec/mobiclip: Reindentation
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-12-08 17:51:46 +01:00
Andreas Rheinhardt
ee1ddd308b avcodec/mobiclip: Make decoder init-threadsafe
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-12-08 17:51:45 +01:00
Andreas Rheinhardt
866c2ef183 avcodec/mobiclip: Avoid code duplication when initializing VLCs
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-12-08 17:51:45 +01:00
Andreas Rheinhardt
a58be26293 avcodec/mobiclip: Avoid redundant codes table to initialize VLCs
If both codes, lengths and symbols tables are ordered so that the codes
are sorted from left to right in the tree, the codes can be easily
derived from the lengths and therefore become redundant. This is
exploited in this commit to remove the codes tables for the mobiclip
decoder; notice that tables for the run-length VLC were already ordered
correctly.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-12-08 17:51:45 +01:00
Michael Niedermayer
a108a4d809 avcodec/mobiclip: Check mv against INT_MAX
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 27369/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOBICLIP_fuzzer-5083469356728320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-11-21 22:09:51 +01:00
Andreas Rheinhardt
33996444ee avcodec/mobiclip: Use get_ue_golomb_31() where possible
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-11-15 19:00:57 +01:00
Andreas Rheinhardt
307a1b8e54 avcodec/mobiclip: Use smaller type for codes
Even though the length of these codes is > 8, only the lowest seven bits
are ever set (because the long codes are on the left of the tree), so
one can use an uint8_t for them, saving space.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-26 07:56:51 +01:00
Andreas Rheinhardt
77e8c959aa avcodec/mobiclip: Use static VLC tables
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-26 07:48:19 +01:00
Andreas Rheinhardt
924bc6d860 avcodec/mobiclip: Don't use too big max_depth, inline constants
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-26 07:46:05 +01:00
Andreas Rheinhardt
10106b5d54 avcodec/mobiclip: Don't check for errors for complete VLCs
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-26 07:43:32 +01:00
Andreas Rheinhardt
c4229ad074 avcodec/mobiclip: Reduce size of VLCs, inline constants
The longest motion vector VLC for mobiclip is six bits long, so using
eight bits for the VLC table is wasteful. Furthermore, the length can be
inlined.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-26 07:25:09 +01:00
Michael Niedermayer
a4895b75a3 avcodec/mobiclip: Avoid signed integer overflows in idct()
Fixes: signed integer overflow: 536870912 + 1610612736 cannot be represented in type 'int'
Fixes: 26288/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOBICLIP_fuzzer-6194364759670784

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-20 15:33:13 +02:00
Michael Niedermayer
92233a6344 avcodec/mobiclip: Check that Motion vectors are within the input frame
The MV checks did not consider the width and height of the block, also they
had some off by 1 errors. This resulted in undefined behavior and crashes.
This commit instead errors out on these

Fixes: out of array read
Fixes: 26080/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOBICLIP_fuzzer-5758146355920896

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-15 22:53:56 +02:00
Michael Niedermayer
b6b640c544 avcodec/mobiclip: set the bitstream size to the input
Fixes: out of array read
Fixes: 25453/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOBICLIP_fuzzer-5163575973511168

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-15 22:53:56 +02:00
Michael Niedermayer
0aa1645140 avcodec/mobiclip: Fix multiple integer overflows
Fixes: signed integer overflow: 872415232 * 7 cannot be represented in type 'int'
Fixes: signed integer overflow: -2013265888 + -1744830464 cannot be represented in type 'int'
Fixes: 25834/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOBICLIP_fuzzer-5471406434025472

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-11 16:42:49 +02:00
Michael Niedermayer
2f9a3215aa avcodec/mobiclip: Move quantizer check into setup_qtables()
Fixes: shift exponent -2 is negative
Fixes: 25683/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOBICLIP_fuzzer-6434808492982272

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-09-25 10:21:28 +02:00
Andreas Rheinhardt
e42fc62633 avcodec/mobiclip: Fix heap-buffer-overflow
The MobiClip decoder uses adjacent pixels for prediction; yet when
accessing the left pixel, it was forgotten to clip the x coordinate.
This results in an heap-buffer-overflow. It can e.g. be reproduced with
the sample from https://samples.ffmpeg.org/V-codecs/MOHD/crap.avi when
forcing the video decoder to mobiclip.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-09-15 19:25:26 +02:00
Andreas Rheinhardt
a53f32cf49 avcodec/mobiclip: Fix memleak upon init failure
If an error happens during init after an allocation has succeeded,
the already allocated data leaked up until now. Fix this by setting the
FF_CODEC_CAP_INIT_CLEANUP flag.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-09-15 19:25:26 +02:00
Paul B Mahol
bd7d832e84 avcodec/mobiclip: add missing flush 2020-09-13 16:05:01 +02:00
Michael Niedermayer
bad8b17a3d avcodec/mobiclip: Check quantizer before table setup
Fixes: index -1 out of bounds for type 'const uint8_t [6][16]'
Fixes: out of array read
Fixes: shift exponent -21 is negative
Fixes: 25422/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOBICLIP_fuzzer-5748258226569216
Fixes: shift exponent 8039082 is too large for 32-bit type 'int'
Fixes: 25430/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOBICLIP_fuzzer-5698567770210304

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-09-12 15:17:43 +02:00
Andreas Rheinhardt
c1a5d06b82 avcodec/mobiclip: Fix mixed declarations and code
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-09-04 22:04:57 +02:00
Paul B Mahol
7f95339319 avcodec: add MobiClip video decoder 2020-09-03 18:09:30 +02:00