Fixes out of array access
Fixes: 1345/clusterfuzz-testcase-minimized-6062963045695488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The reimplementation by Libav does not prevent out of array
writes, even though it looks like it does at a quick glance.
No FFmpeg releases are affected by this
See: d1c95d2ce33623589edc740ebe468c
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit '8d617b11cfc87b2c6056fee029ac5bc760af874a':
id3v2: pad the APIC packets as required by lavc.
dfa: check for invalid access in decode_wdlt().
Conflicts:
libavformat/id3v2.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This can happen when the number of skipped lines is not consistent with
the number of coded lines.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
* commit 'c68317ebbe4915035df0b08c23eea7a0b80ab881':
lavc: fix documentation for AVCodecContext.delay
atrac3: return an error if extradata_size is not a specific known size
lavc: use the correct API version guard macro for avcodec_encode_audio()
Move Doxyfile into the doc/ subdirectory
doxygen: Build Doxygen documentation in the doc/ subdirectory
dfa: use av_memcpy_backptr() where previously impossible
av_memcpy_backptr: Drop no longer necessary malloc padding
Conflicts:
.gitignore
libavcodec/avcodec.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'd05f72c75445969cd7bdb1d860635c9880c67fb6':
dfa: improve boundary checks in decode_dds1()
wmalosslessdec: Fix reading too many bits in decode_channel_residues()
wmalosslessdec: fix a get_bits(0) in decode_ac_filter
wmalosslessdec: make MCLMS arrays big enough for what is written into them.
indeo4/5: check empty tile size in decode_mb_info().
ivi_common: make ff_ivi_process_empty_tile() static.
indeo5: check tile size in decode_mb_info().
indeo3: fix out of cell write.
Conflicts:
libavcodec/dfa.c
libavcodec/indeo3.c
libavcodec/indeo5.c
libavcodec/ivi_common.c
libavcodec/wmalosslessdec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
The values are checked in the wraper function used to call this code.
This was introduced by: ee715f49a0
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'b146d74730ab9ec5abede9066f770ad851e45fbc':
indeo4: update AVCodecContext width/height on size change
dfa: check that the caller set width/height properly.
indeo5dec: Make sure we have had a valid gop header.
cavsdec: check for changing w/h.
lavc: set channel count from channel layout in avcodec_open2().
doc/platform: Rework the Visual Studio linking section
doc/faq: Change the Visual Studio entry to reflect current status
doc/platform: Replace Visual Studio section with build instructions
doc/platform: Nuke section on linking static MinGW-built libs with MSVC
doc/platform: Remove false claim about MinGW installer
doc/platform: Mention MinGW-w64
dsputil_mmx: fix reading prior of the src array in sub_hfyu_median_prediction()
mpegaudiodec: fix short_start calculation
Conflicts:
doc/faq.texi
doc/platform.texi
libavcodec/cavsdec.c
libavcodec/indeo5.c
libavcodec/ivi_common.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master: (28 commits)
dfa: use more meaningful return codes
eatgv: check vector_bits
eatgv: check motion vectors
Mark a number of variables only used in av_dlog() calls as av_unused.
dvdec: drop const qualifier from variable to eliminate a warning
avcodec: Improve comment for thread_safe_callbacks to avoid misinterpretation.
tests/utils: don't ignore the return value of fwrite()
lavfi/formats: use sizeof(var) instead of sizeof(type).
lavfi: remove avfilter_default_config_input_link() declaration
lavfi: always enable the scale filter and depend on sws.
vf_split: support user-specifiable number of outputs.
avconv: remove stray useless comment.
mpegmux: add stuffing to avoid incomplete PCM frames
rtsp: avoid const warnings from strtol() call
avserver: check return value of ftruncate()
lagarith: make offset array type unsigned
dfa: add some checks to ensure that decoder won't write past frame end
aacps: NEON optimisations
aacps: align some arrays
aacps: move some loops to function pointers
...
Conflicts:
configure
doc/filters.texi
libavcodec/dfa.c
libavcodec/eatgv.c
libavfilter/Makefile
libavfilter/allfilters.c
libavfilter/avfilter.h
libavfilter/formats.c
libavfilter/vf_split.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
rtpdec_asf: Set the no_resync_search option for the chained asf demuxer
asfdec: Add an option for not searching for the packet markers
cosmetics: Clean up the tiffenc pix_fmts declaration to match the style of others
cosmetics: Align codec declarations
cosmetics: Convert mimic.c to utf-8
avconv: remove an unused function parameter.
avconv: remove now pointless variables.
avconv: drop support for building without libavfilter.
nellymoserenc: fix crash due to memsetting the wrong area.
libavformat: Only require first packet to be known for audio/video streams
avplay: Don't try to scale timestamps if the tb isn't set
Conflicts:
Changelog
configure
ffmpeg.c
libavcodec/aacenc.c
libavcodec/bmpenc.c
libavcodec/dnxhddec.c
libavcodec/dnxhdenc.c
libavcodec/ffv1.c
libavcodec/flacenc.c
libavcodec/fraps.c
libavcodec/huffyuv.c
libavcodec/libopenjpegdec.c
libavcodec/mpeg12enc.c
libavcodec/mpeg4videodec.c
libavcodec/pamenc.c
libavcodec/pgssubdec.c
libavcodec/pngenc.c
libavcodec/qtrleenc.c
libavcodec/rawdec.c
libavcodec/sgienc.c
libavcodec/tiffenc.c
libavcodec/v210dec.c
libavcodec/wmv2dec.c
libavformat/utils.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Also break some long lines, remove codec function placeholder comments
and add spaces in sample/pixel format lists.
Signed-off-by: Martin Storsjö <martin@martin.st>
* qatar/master:
doc/general: update supported devices table.
doc/general: add missing @tab to codecs table.
h264: Fix invalid interlaced/progressive MB combinations for direct mode prediction.
avconv: reindent
avconv: link '-passlogfile' option to libx264 'stats' AVOption.
libx264: add 'stats' private option for setting 2pass stats filename.
libx264: fix help text for slice-max-size option.
http: Clear the auth state on redirects
http: Retry auth if it failed due to being stale
rtsp: Resend new keepalive commands if they used stale auth
rtsp: Retry authentication if failed due to being stale
httpauth: Parse the stale field in digest auth
dxva2_vc1: pass the overlap flag to the decoder
dxva2_vc1: fix decoding of BI frames
FATE: add shorthand to wavpack test
dfa: convert to bytestream2 API
anm decoder: move buffer allocation from decode_init() to decode_frame()
h264: improve parsing of broken AVC SPS
Conflicts:
ffmpeg.c
libavcodec/anm.c
libavcodec/dfa.c
libavcodec/h264.c
libavcodec/h264_direct.c
libavcodec/h264_ps.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Previously the decoder would raise an error.
The end result is the same, the time stamps only change
because regression tests create time stamps incorrectly.
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
* qatar/master:
mxfdec: Include FF_INPUT_BUFFER_PADDING_SIZE when allocating extradata.
H.264: tweak some other x86 asm for Atom
probe: Fix insane flow control.
mpegts: remove invalid error check
s302m: use nondeprecated audio sample format API
lavc: use designated initialisers for all codecs.
x86: cabac: add operand size suffixes missing from 6c32576
Conflicts:
libavcodec/ac3enc_float.c
libavcodec/flacenc.c
libavcodec/frwu.c
libavcodec/pictordec.c
libavcodec/qtrleenc.c
libavcodec/v210enc.c
libavcodec/wmv2dec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>