69e12a3f43
doc/examples/qsv_transcode: Initialize pointer before free
...
Fixees: CID1517023 Uninitialized pointer read
Sponsored-by: Sovereign Tech Fund
Reviewed-by: "Xiang, Haihao" <haihao.xiang@intel.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit cae0f2bc55michael@niedermayer.cc >
2024-05-25 00:31:09 +02:00
9493a2d066
doc/examples/qsv_transcode: Simplify str_to_dict() loop
...
Fixes: CID1517022 Logically dead code
Sponsored-by: Sovereign Tech Fund
Reviewed-by: "Xiang, Haihao" <haihao.xiang@intel.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 191950d1bfmichael@niedermayer.cc >
2024-05-25 00:31:08 +02:00
f72b41c421
doc/examples/vaapi_transcode: Simplify loop
...
Fixes: CID1428858(1/2) Logically dead code
Sponsored-by: Sovereign Tech Fund
Reviewed-by: "mypopy@gmail.com " <mypopy@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c9c11a0866michael@niedermayer.cc >
2024-05-25 00:31:08 +02:00
66bcc6463e
doc/examples/qsv_transcode: Simplify loop
...
Fixes: CID1428858(2/2) Logically dead code
Sponsored-by: Sovereign Tech Fund
Reviewed-by: "Xiang, Haihao" <haihao.xiang@intel.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 82cce20934michael@niedermayer.cc >
2024-05-25 00:31:08 +02:00
3d742d20ab
avcodec/cbs_h2645: Check NAL space
...
Found-by-reviewing: CID1419833 Untrusted loop bound
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit b91e3c4c90michael@niedermayer.cc >
2024-05-25 00:31:07 +02:00
d92ef4f846
avfilter/vf_thumbnail_cuda: Set ret before checking it
...
Fixes: CID1418336 Logically dead code
Sponsored-by: Sovereign Tech Fund
Reviewed-by: Timo Rothenpieler <timo@rothenpieler.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 02301017d2michael@niedermayer.cc >
2024-05-25 00:31:07 +02:00
057b8d65e3
avfilter/signature_lookup: Dont copy uninitialized stuff around
...
Fixes: CID1403238 Uninitialized pointer read
Fixes: CID1403239 Uninitialized pointer read
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e7174e66acmichael@niedermayer.cc >
2024-05-25 00:31:07 +02:00
572985605f
avfilter/signature_lookup: Fix 2 differences to the refernce SW
...
Fixes: CID1403227 Division or modulo by float zero
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 25cb66369emichael@niedermayer.cc >
2024-05-25 00:31:06 +02:00
ab4fcc06ce
avcodec/x86/vp3dsp_init: Set correct function pointer, fix crash
...
Regression since fd172185580c1ccdcfb90bbfdb59fa806fad3117;
triggered by vp4/KTkvw8dg1J8.avi in the FATE suite, but not
when running fate as this code is not used when the bitexact
flag is set.
Bisecting done by ami_stuff, patch from user Mika Fischer
in ticket #10027 (which this commit fixes).
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com >
(cherry picked from commit c3ca90a92e
2024-05-22 16:53:27 +02:00
fcce528713
avformat/mp3dec: change bogus error message if read_header encounters EOF
...
Because of ffio_ensure_seekback() a seek error normally should only happen if
the end of file is reached during checking for the junk run-in. Also use proper
error code.
Signed-off-by: Marton Balint <cus@passwd.hu >
(cherry picked from commit 49e018d6fe
2024-05-21 08:44:07 +02:00
306ed3f301
avformat/mp3dec: simplify inner frame size check in mp3_read_header
...
We are protecting the checked buffer with ffio_ensure_seekback(), so if the
inner check fails with a seek error, that likely means the end of file was
reached when checking for the next frame. This could also be the result of a
wrongly guessed (larger than normal) frame size, so let's continue the loop
instead of breaking out early. It will end sooner or later anyway.
Signed-off-by: Marton Balint <cus@passwd.hu >
(cherry picked from commit b75e604fe5
2024-05-21 08:43:56 +02:00
b4681bd6ec
avformat/mp3dec: only call ffio_ensure_seekback once
...
Otherwise the subsequent ffio_ensure_seekback calls destroy the buffer of the
earlier. The worst case ~66kB seekback is so small it is easier to request it
entirely.
Fixes ticket #10837 , a regression since
0d17f5228fcus@passwd.hu >
(cherry picked from commit b005317219
2024-05-21 08:43:51 +02:00
2aad37688c
avutil/thread: fix pthread_setname_np parameters for NetBSD and Apple
...
Signed-off-by: Marton Balint <cus@passwd.hu >
(cherry picked from commit 71ea90638ebrad@comstyle.com >
2024-05-19 02:41:11 -04:00
66f2cf8958
avutil/thread: add support for setting thread name on *bsd and solaris
...
FreeBSD/DragonFly/Solaris use pthread_setname_np(). OpenBSD uses pthread_set_name_np().
Signed-off-by: Brad Smith <brad@comstyle.com >
Signed-off-by: Marton Balint <cus@passwd.hu >
(cherry picked from commit fd16d8c68cbrad@comstyle.com >
2024-05-19 02:40:19 -04:00
a01ed52733
avutil/ppc/cpu: Also use the machdep.altivec sysctl on NetBSD
...
Use the machdep.altivec sysctl on NetBSD for AltiVec detection
as is done with OpenBSD.
(cherry picked from commit 115c96b9bdbrad@comstyle.com >
2024-05-18 19:31:57 -04:00
ebb406db7c
lavd/v4l2: Use proper field type for second parameter of ioctl() with BSD's
...
The proper type was used until 73251678c8brad@comstyle.com >
Signed-off-by: Marton Balint <cus@passwd.hu >
(cherry picked from commit 9e674b3160brad@comstyle.com >
2024-05-18 19:31:30 -04:00
1606aab99b
avfilter/avfilter: fix OOM case for default activate
...
Fixes OOM when caller keeps adding frames into filtergraph
that reached EOF by other means, for example EOF is signalled
by other filter in filtergraph or by buffersink.
(cherry picked from commit d9e41ead82
2024-05-01 15:32:40 -03:00
670c823406
avfilter/buffersrc: switch to activate
...
Fixes OOM when caller keeps adding frames into filtergraph
that reached EOF by other means, for example EOF is signalled
by other filter in filtergraph or by buffersink.
(cherry picked from commit 84e400ae37
2024-05-01 15:32:40 -03:00
f914c18de5
avcodec/mediacodecenc: set quality in cq mode
...
From AOSP doc, these values are device and codec specific, but lower
values generally result in more efficient (smaller-sized) encoding.
For example, global_quality 50 on Pixel 6 results a 1080P 30 FPS
HEVC with 3744 kb/s, while global_quality 80 results 28178 kb/s.
Fix #10689
Signed-off-by: Zhao Zhili <zhilizhao@tencent.com >
(cherry picked from commit 287e22f745
2024-04-24 12:31:57 +08:00
9593b727e2
Update for 6.1.2
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2024-04-15 01:02:08 +02:00
fce9391532
fate/subtitles: Ignore line endings for sub-scc test
...
Since 7bf1b9b357martin@martin.st >
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com >
(cherry picked from commit 99d33cc661michael@niedermayer.cc >
2024-04-14 03:24:04 +02:00
eb480d1872
avformat/mxfdec: Check index_edit_rate
...
Fixes: Assertion b >=0 failed at libavutil/mathematics.c:62
Fixes: 67811/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-5108429687422976
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ed49391961michael@niedermayer.cc >
2024-04-04 21:10:39 +02:00
610da8475f
swscale/utils: Fix xInc overflow
...
Fixes: signed integer overflow: 2 * 1073741824 cannot be represented in type 'int'
Fixes: 67802/clusterfuzz-testcase-minimized-ffmpeg_SWS_fuzzer-6249515855183872
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1a9eda65d0michael@niedermayer.cc >
2024-04-04 21:09:43 +02:00
b94d2dd59a
avcodec/wavarc: fix signed integer overflow in block type 6/19
...
Fixes: signed integer overflow: -2088796289 + -91276551 cannot be represented in type 'int'
Fixes: 67772/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVARC_fuzzer-6533568953122816
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 28c7094b25michael@niedermayer.cc >
2024-04-04 21:04:36 +02:00
b38902646c
doc/developer: (security) researchers should be credited
...
Reviewed-by: Tomas Härdin <git@haerdin.se >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 5a5422196dmichael@niedermayer.cc >
2024-04-04 20:58:21 +02:00
7c8c94279c
avformat/isom: Uninit layout in ff_mp4_read_dec_config_descr()
...
Fixes: memleak
Fixes: 67442/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-5068813261406208
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: James Almer <jamrial@gmail.com >
(cherry picked from commit d157725cf7michael@niedermayer.cc >
2024-04-04 20:55:26 +02:00
58475c6988
avcodec/exr: Dont use 64bits to hold 6bits
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e3984de6ffmichael@niedermayer.cc >
2024-04-03 02:09:58 +02:00
e85ea8baaa
avcodec/exr: Check for remaining bits in huf_unpack_enc_table()
...
Fixes: Timeout
Fixes: 67645/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-6308760977997824
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 589fa8a027michael@niedermayer.cc >
2024-04-03 02:09:04 +02:00
72b27f4f70
avcodec/apedec: Use NABS to avoid undefined negation
...
Fixes: negation of -2147483648 cannot be represented in type 'int32_t' (aka 'int'); cast to an unsigned type to negate this value to itself
Fixes: 67738/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5444313212321792
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1887ff250cmichael@niedermayer.cc >
2024-04-03 02:07:40 +02:00
2da196b39a
avformat/mpegts: Reset local nb_prg on add_program() failure
...
add_program() will deallocate the whole array on failure so
we must clear nb_prgs
Fixes: null pointer dereference
Fixes: crash-35a3b39ddcc5babeeb005b7399a3a1217c8781bc
Found-by: Catena cyber
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit cb9752d897michael@niedermayer.cc >
2024-04-03 02:04:00 +02:00
93d6513bbe
avformat/aiffdec: Check for previously set channels
...
Fixes: out of array access (av_channel_layout_copy())
Fixes: 67087/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-4920720268263424
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 23b29f72eemichael@niedermayer.cc >
2024-04-03 02:03:59 +02:00
27d48ddd8f
avformat/mxfdec: Make edit_unit_byte_count unsigned
...
Suggested-by: Marton Balint <cus@passwd.hu >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f30fe5e8d0michael@niedermayer.cc >
2024-04-03 02:03:59 +02:00
56999f9353
avformat/movenc: Check that cts fits in 32bit
...
Fixes: Assertion av_rescale_rnd(start_dts, mov->movie_timescale, track->timescale, AV_ROUND_DOWN) <= 0 failed at libavformat/movenc.c:3694
Fixes: poc2
Found-by: Wang Dawei and Zhou Geng, from Zhongguancun Laboratory
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit d88c284c18michael@niedermayer.cc >
2024-04-03 02:03:59 +02:00
38261d8cbd
avformat/mxfdec: Check first case of offset_temp computation for overflow
...
This is kind of ugly
Fixes: signed integer overflow: 255 * 1157565362826411919 cannot be represented in type 'long'
Fixes: 67313/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-6250434245230592
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit d6ed6f6e8dmichael@niedermayer.cc >
2024-04-03 02:03:58 +02:00
ab84c37d63
avcodec/jpeg2000htdec: warn about non zero roi shift
...
Suggested-by: Tomas Härdin <git@haerdin.se >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7b7eea8e63michael@niedermayer.cc >
2024-04-03 02:03:58 +02:00
78e54e1361
avcodec/jpeg2000htdec: Check magp before using it in a shift
...
Fixes: shift exponent -1 is negative
Fixes: 65378/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5457678193197056
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 19ad05e9e0michael@niedermayer.cc >
2024-04-03 02:03:58 +02:00
5bb9d8affe
avfilter/vf_signature: Dont crash on no frames
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 3d5f03bbc8michael@niedermayer.cc >
2024-04-03 02:03:57 +02:00
243359fc78
avformat/westwood_vqa: Fix 2g packets
...
Fixes: signed integer overflow: 2147483424 * 2 cannot be represented in type 'int'
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_WSVQA_fuzzer-4576211411795968
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 86f73277bfmichael@niedermayer.cc >
2024-04-03 02:03:57 +02:00
41f9156856
avformat/matroskadec: Check timescale
...
Fixes: 3.82046e+18 is outside the range of representable values of type 'unsigned int'
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6381436594421760
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e849eb2343michael@niedermayer.cc >
2024-04-03 02:03:57 +02:00
a42a5e692d
avformat/wavdec: satuarte next_tag_ofs, data_end
...
Fixes: signed integer overflow: 5053074104798691550 + 5053074104259715104 cannot be represented in type 'long'
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-6515315309936640
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 61dca9e150michael@niedermayer.cc >
2024-04-03 02:03:56 +02:00
6d92f9a85e
avformat/wavdec: sanity check channels and bps before using them for block_align
...
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_W64_fuzzer-4704044498944000
Fixes: signed integer overflow: 520464 * 8224 cannot be represented in type 'int'
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 75317ec442michael@niedermayer.cc >
2024-04-03 02:03:56 +02:00
d492fc3e5e
avformat/sbgdec: Check for negative duration
...
Fixes: signed integer overflow: 9223372036854775807 - -8000000 cannot be represented in type 'long'
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-5133181743136768
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0bed22d597michael@niedermayer.cc >
2024-04-03 02:03:56 +02:00
4a618246cd
avformat/rpl: Use 64bit for total_audio_size and check it
...
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-4677434693517312
Fixes: signed integer overflow: 5555555555555555556 * 8 cannot be represented in type 'long long'
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 878625812fmichael@niedermayer.cc >
2024-04-03 02:03:55 +02:00
7af16852cb
avformat/timecode: use 64bit for intermediate for rounding in fps_from_frame_rate()
...
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-4802790784303104
Fixes: signed integer overflow: 1768972133 + 968491058 cannot be represented in type 'int'
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 3d8d778a68michael@niedermayer.cc >
2024-04-03 02:03:55 +02:00
db7a80c3ca
avformat/mov: use 64bit for intermediate for rounding
...
Fixes: signed integer overflow: 1768972133 + 968491058 cannot be represented in type 'int'
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-4802790784303104
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f01a89c5a3michael@niedermayer.cc >
2024-04-03 02:03:55 +02:00
6cc785c255
avformat/jacosubdec: Use 64bit for abs
...
Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_JACOSUB_fuzzer-5401294942371840
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 746203af31michael@niedermayer.cc >
2024-04-03 02:03:54 +02:00
0a64d77be9
avformat/concatdec: Check user_duration sum
...
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_CONCAT_fuzzer-6434245599690752
Fixes: signed integer overflow: 9223372026773000000 + 22337000000 cannot be represented in type 'long'
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 007486058cmichael@niedermayer.cc >
2024-04-03 02:03:54 +02:00
e709315488
avcodec/wavarc: avoid signed integer overflow in AC code
...
Fixes: 62285/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVARC_fuzzer-659847401740697
Fixes: signed integer overflow: 65312 * 34078 cannot be represented in type 'int'
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1eb8cbd09cmichael@niedermayer.cc >
2024-04-03 02:03:54 +02:00
9062d89849
avcodec/wavarc: Avoid signed integer overflow in sample
...
Fixes: signed integer overflow: -2147483648 + -25122315 cannot be represented in type 'int'
Fixes: 62285/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVARC_fuzzer-6199806972198912
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 6009dd07bdmichael@niedermayer.cc >
2024-04-03 02:03:53 +02:00
4cbc9bb2c9
avcodec/truemotion1: Height not being a multiple of 4 is unsupported
...
mb_change_bits is given space based on height >> 2, while more data is read
Fixes: out of array access
Fixes: 62285/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION1_fuzzer-5201925062590464.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ebdcf98499michael@niedermayer.cc >
2024-04-03 02:03:53 +02:00
