1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-19 05:49:09 +02:00

95150 Commits

Author SHA1 Message Date
Michael Niedermayer
033d2c4884 avcodec/smacker: Fix integer overflow in signed int multiply in SMK_BLK_FILL
Fixes: signed integer overflow: 238 * 16843009 cannot be represented in type 'int'
Fixes: 16958/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMACKER_fuzzer-5193905355620352

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-09-24 17:53:39 +02:00
Michael Niedermayer
b30c07cc2b avcodec/alac: Fix invalid shifts in 20/24 bps
Fixes: left shift of negative value -256
Fixes: 16892/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-4880802642395136

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-09-24 17:53:39 +02:00
Michael Niedermayer
0831cbfe09 avcodec/alac: fix undefined behavior with INT_MIN in lpc_prediction()
Fixes: signed integer overflow: -2147483648 * -1 cannot be represented in type 'int'
Fixes: 16786/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5632818851348480

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-09-24 17:53:39 +02:00
Michael Niedermayer
72db18e929 avformat/utils: Do not assume duration is non negative in compute_pkt_fields()
Several subtitle demuxers set negative durations

Fixes: signed integer overflow: 9223372036854775807 - -1 cannot be represented in type 'long'
Fixes: 16925/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5766519790764032

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-09-24 17:53:39 +02:00
Michael Niedermayer
c7ccbf40ed avcodec/ffwavesynth: Fix integer overflow in timestamps
Fixes: signed integer overflow: 9223371075321077760 * 2 cannot be represented in type 'long'
Fixes: 16447/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5698937431785472

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-09-24 17:53:39 +02:00
Michael Niedermayer
27a2f65948 avformat/vividas: Test size and packet numbers a bit more
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-09-24 17:53:39 +02:00
Michael Niedermayer
8e51f35f81 avformat/vividas: Check n_sb_blocks against input space
Fixes: OOM
Fixes: 16726/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5719320750981120

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-09-24 17:53:39 +02:00
Michael Niedermayer
cede385018 avcodec/aacdec_fixed: Add FF_CODEC_CAP_INIT_CLEANUP
Fixes: memleaks
Fixes: 16788/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5649873898045440

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-09-24 17:53:39 +02:00
Michael Niedermayer
59163731e9 tools/target_dec_fuzzer: consider potential padding/edge in pixel threshold
Fixes: Timeout (73sec ->30ms)
Fixes: 16921/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5689384594046976

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-09-24 17:53:39 +02:00
Michael Niedermayer
d217691eec libavcodec/mpeg12dec: Check input for minimal frame size
Fixes: Timeout (35sec -> 6sec)
Fixes: 16901/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEGVIDEO_fuzzer-5729024726269952
Fixes: 16901/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEGVIDEO_fuzzer-5642388592132096

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-09-24 17:53:39 +02:00
Michael Niedermayer
5fe6a9db15 tools/target_dec_fuzzer: Adjust threshold for MSS2
The decoder is slow

Fixes: Timeout (94sec -> 7sec)
Fixes: 16417/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSS2_fuzzer-5711668050395136

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-09-24 17:53:39 +02:00
Andreas Rheinhardt
f83ac5fd79 avcodec/cbs_h264: Automatically free SEI payload on error
If adding an SEI message to an access unit fails, said SEI message was
not touched, so that the caller had to free any data associated with it
that might need to be freed. But given that ff_cbs_h264_add_sei_message
can simply call cbs_h264_free_sei_payload, one can easily free
the content of the SEI payload.

This fixes a memleak when inserting a user data unregistered string for
h264_metadata fails.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2019-09-24 15:54:31 +01:00
Michael Niedermayer
8c7d5fcfc3 avcodec/dxv: Check op_offset in both directions
Fixes: signed integer overflow: 61 + 2147483647 cannot be represented in type 'int'
Fixes: 15311/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXV_fuzzer-5742552826773504

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-09-24 12:28:26 +02:00
Michael Niedermayer
c7c0229beb avcodec/truespeech: Eliminate some left shifts
This avoids some invalid shifts

Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-09-24 12:25:48 +02:00
Michael Niedermayer
74bbf9bc82 avcodec/adpcm: Check number of channels for MTAF
Fixes: out of array access
Fixes: 17608/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_MTAF_fuzzer-5074936267276288

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-09-24 12:24:41 +02:00
Timo Rothenpieler
89cbbe9f70 avcodec/nvenc: fix typo in new Windows driver version
Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
2019-09-24 12:00:00 +02:00
Paul B Mahol
a214c17414 avfilter/vf_v360: do not use mod where it is not needed 2019-09-24 11:28:11 +02:00
Limin Wang
3104100a12 avcodec/exr: cosmetics
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-09-23 22:16:00 +02:00
Moritz Barsnick
e9e9f79a19 avformat/hashenc: fix incorrect use of av_mallocz_array()
Fixes CID 1453867, CID 1453866, CID 1453865.

Signed-off-by: Moritz Barsnick <barsnick@gmx.net>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-09-23 22:16:00 +02:00
Timo Rothenpieler
648f5c9382 avcodec/nvenc: add driver version info for SDK 9.1
Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
2019-09-23 15:47:27 +02:00
James Almer
d889ae3396 avcodec/bsf: check that AVBSFInternal was allocated before dereferencing it
This can happen when av_bsf_free() is called on av_bsf_alloc() failure.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
2019-09-23 10:02:03 -03:00
Paul B Mahol
eaf3c4b8bf avfilter/vf_v360: fix regression introduced in b342678bc47b4e5 2019-09-23 12:27:41 +02:00
vectronic
8c90bb8ebb avformat/dashdec: fix segfault when parsing segmentlist
index into segmentlists_tab was specified as 4 instead of 3 causing invalid access

further fix to: 8135

Reviewed-by: Steven Liu <lq@onvideo.cn>
Signed-off-by: vectronic <hello.vectronic@gmail.com>
2019-09-23 10:06:46 +08:00
vectronic
598962cd3a avformat/dashdec: fix pointer being freed was not allocated
prevent attempt to call xmlFree if val was not allocated
fixes: 8135

Reviewed-by: Steven Liu <lq@onvideo.cn>
Signed-off-by: vectronic <hello.vectronic@gmail.com>
2019-09-23 10:06:08 +08:00
Paul B Mahol
4ba45a95df avfilter/vf_v360: adjust h for mercator input/output 2019-09-22 22:34:13 +02:00
Paul B Mahol
043038ea56 avfilter/vf_v360: fix xyz_to_mercator() 2019-09-22 22:32:37 +02:00
Paul B Mahol
a8925d264a avfilter/vf_v360: fix mercator_to_xyz() 2019-09-22 22:32:37 +02:00
Paul B Mahol
b4d2bea647 avfilter/v360: reduce size of some struct members 2019-09-22 19:55:31 +02:00
Paul B Mahol
05a2ce9326 avformat/y4m: do not try to seek if pts is less than 0
Fixes #8193.
2019-09-22 19:25:55 +02:00
Michael Niedermayer
0728d64497 avcodec/sunrast: Fix indention
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-09-22 18:16:38 +02:00
Michael Niedermayer
0e8b7709a9 avcodec/sunrast: Fix return type for "unsupported (compression) type"
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-09-22 18:16:38 +02:00
Andreas Rheinhardt
25a501b528 avutil/opt: Fix type specifier
This bug has been introduced in 9e0a071e.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-09-22 18:16:38 +02:00
Paul B Mahol
51a2f02117 avfilter/vf_v360: add fixed pixel padding options 2019-09-22 14:12:51 +02:00
Paul B Mahol
79d14a3cc8 avfilter/vf_v360: remove intermediate variables 2019-09-22 14:12:51 +02:00
James Zern
ba24b24aab tools/patcheck: remove gcc-2.95 compat check
this conflicts with the current contributing guidance:
http://ffmpeg.org/developer.html#Contributing
FFmpeg is programmed in the ISO C90 language with a few additional
features from ISO C99, namely:
...
for loops with variable definition (‘for (int i = 0; i < 8; i++)’);

Signed-off-by: James Zern <jzern@google.com>
2019-09-21 12:57:04 -07:00
Paul B Mahol
a1391cb942 avfilter/vf_v360: fix comparison with float value 2019-09-21 21:35:39 +02:00
Paul B Mahol
073d22696e avfilter/vf_v360: simplify xyz_to_dfisheye() calculations 2019-09-21 21:33:03 +02:00
Paul B Mahol
b342678bc4 avfilter/vf_v360: simplify dfisheye_to_xyz() calculations 2019-09-21 21:17:37 +02:00
Paul B Mahol
a46ee096d1 avfilter/avf_showfreqs: fix check for failed allocation 2019-09-21 19:09:29 +02:00
James Almer
1c165e19f9 avformat/latmenc: fix context used for logging
Signed-off-by: James Almer <jamrial@gmail.com>
2019-09-21 12:32:24 -03:00
Paul B Mahol
34046bcd5f avfilter/vf_v360: simplify ball_to_xyz() calculations 2019-09-21 16:31:32 +02:00
Paul B Mahol
ecaef69fbb avfilter/vf_v360: simplify xyz_to_ball() calculations 2019-09-21 16:31:32 +02:00
Paul B Mahol
b8dfc108a2 avfilter/vf_v360: add hammer projection 2019-09-21 15:58:03 +02:00
Paul B Mahol
76f861bbb7 avfilter/vf_v360: use lrintf() in kernel 2019-09-21 11:00:28 +02:00
Paul B Mahol
de1d6cb34f avfilter/vf_v360: fix small artifacts between corners in EAC format 2019-09-21 10:31:59 +02:00
Moritz Barsnick
2f87c9f646 avformat/hashenc: add streamhash muxer
Implemented as a variant of the hash muxer, reusing most functions,
and making use of the previously introduced array of hashes.

Signed-off-by: Moritz Barsnick <barsnick@gmx.net>
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-09-20 23:26:34 +02:00
Moritz Barsnick
666b427881 avformat/hashenc: use an array of hashes
Only the first element of the array is used currently, the other
elements are in preparation for a new muxer calculating multiple
hashes.

Also move alloc/init code from the write_header() functions to
dedicated init() functions, and the cleanup code from the
write_trailer() functions to dedicated deinit() functions.

hash_free() and framehash_free() turn out to be identical here,
but will differ in the subsequent commit, so they are not consolidated.

Signed-off-by: Moritz Barsnick <barsnick@gmx.net>
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-09-20 23:26:34 +02:00
Moritz Barsnick
d214f21611 avformat/hashenc: rearrange options definition
Only the frame* muxers support the format_version option.
Use macros to ease the proliferation of identical options to
coming muxers as well.

Signed-off-by: Moritz Barsnick <barsnick@gmx.net>
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-09-20 23:26:34 +02:00
Andreas Rheinhardt
e6018fda14 avutil/encryption_info: Don't pass NULL to memcpy
The pointer arguments to memcpy (and several other functions of the
C standard library) are not allowed to be NULL, not even when the number
of bytes to copy is zero. An AVEncryptionInitInfo's data pointer is
explicitly allowed to be NULL and yet av_encryption_init_info_add_side_data
unconditionally used it as a source pointer to copy from. This commit changes
this so that copying is only done if the number of bytes to copy is > 0.

Fixes ticket #8141 as well as a part of ticket #8150.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-09-20 23:26:34 +02:00
Michael Niedermayer
87a7fc692d tools/target_dec_fuzzer: fuzz channels and sample_rate too
This should increase coverage over more audio decoders.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-09-20 23:26:34 +02:00