Michael Niedermayer
d90c5bf105
avcodec/wavpack: Fix runtime error: signed integer overflow: 24 * -2147483648 cannot be represented in type 'int'
...
Fixes: 1894/clusterfuzz-testcase-minimized-4716739789062144
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-30 04:45:27 +02:00
Rostislav Pehlivanov
220b24c7c9
lavc: remove libschroedinger encoding and decoding wrappers
...
The library has stopped being developed and Debian has removed it
from its repositories citing security issues.
The native Dirac decoder supports everything the library has and basic
encoding support is still provided via the native vc2 (Dirac Pro, intra
only version of Dirac) encoder. Hence, there's no reason to still support
linking to the library and potentially leading users into security issues.
2017-05-29 20:15:58 +01:00
Rostislav Pehlivanov
a3deeaade3
lavf: remove the libnut library wrapper
...
libnut is outdated and not developed anymore, all nut developments
happens in this repo, so users are getting mislead
2017-05-29 20:15:58 +01:00
Michael Niedermayer
e091b9b3c7
avcodec/ansi: Fix frame memleak
...
Fixes: 1892/clusterfuzz-testcase-minimized-4519341733183488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-29 14:08:07 +02:00
Michael Niedermayer
c49fa2a514
avcodec/dds: Fix runtime error: left shift of 145 by 24 places cannot be represented in type 'int'
...
Fixes: 1891/clusterfuzz-testcase-minimized-6274417925554176
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-29 13:51:42 +02:00
Michael Niedermayer
f3da6fbff8
avcodec/jpeg2000dec: Use ff_set_dimensions()
...
Fixes: OOM
Fixes: 1890/clusterfuzz-testcase-minimized-6329019509243904
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-29 13:46:09 +02:00
Michael Niedermayer
718f8a01df
tools/target_dec_fuzzer: Move the hwaccel check outside the initialization if
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-29 03:40:47 +02:00
Michael Niedermayer
f6ba58d193
avcodec/aacsbr: Fix libavcodec/aacsbr.c:257:59: runtime error: division by zero
...
Fixes: 1882/clusterfuzz-testcase-minimized-5539735650959360
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Rostislav Pehlivanov <atomnuker@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-29 02:45:17 +02:00
Micah Galizia
c4c73020f4
libavformat/hls: Observe Set-Cookie headers
...
Signed-off-by: Micah Galizia <micahgalizia@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-29 02:00:08 +02:00
Michael Niedermayer
c901627918
avcodec/truemotion2: Fix passing null pointer to memset()
...
Fixes part of: 1888/clusterfuzz-testcase-minimized-5237704826552320
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-28 21:56:02 +02:00
Michael Niedermayer
c9e884f3d9
avcodec/truemotion2: Fix runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
...
Fixes part of: 1888/clusterfuzz-testcase-minimized-5237704826552320
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-28 21:55:06 +02:00
Michael Niedermayer
7c845450d2
avcodec/ra144: Fix runtime error: signed integer overflow: -2449 * 1398101 cannot be represented in type 'int'
...
Fixes: 1885/clusterfuzz-testcase-minimized-5336328549957632
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-28 21:55:02 +02:00
Michael Niedermayer
4c472c5252
avcodec/ra144: Fix runtime error: signed integer overflow: 11184810 * 404 cannot be represented in type 'int'
...
Fixes: 1884/clusterfuzz-testcase-minimized-4637425835966464
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-28 21:38:55 +02:00
Michael Niedermayer
872bac8159
avcodec/aac_defines: Add missing () to AAC_HALF_SUM() macro
...
Fixes: runtime error: shift exponent 1073741848 is too large for 32-bit type 'INTFLOAT' (aka 'int')
Fixes: 1880/clusterfuzz-testcase-minimized-4900645322620928
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-28 21:20:28 +02:00
Michael Niedermayer
67020711b7
avcodec/webp: Fixes null pointer dereference
...
Fixes: 1470/clusterfuzz-testcase-minimized-5404421666111488
Fixes: 1472/clusterfuzz-testcase-minimized-5677426430443520
Fixes: 1875/clusterfuzz-testcase-minimized-5536474562822144
Approved-by: BBB
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-28 21:20:09 +02:00
Michael Niedermayer
6b9cb5d26a
avcodec/aacdec_fixed: Fix runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
...
Fixes: 1878/clusterfuzz-testcase-minimized-6441918630199296
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-28 18:27:43 +02:00
Michael Niedermayer
67b30decf7
avcodec/ylc: Check count in build_vlc()
...
Fixes: runtime error: signed integer overflow: 211633430 + 2147483647 cannot be represented in type 'int'
Fixes: 1874/clusterfuzz-testcase-minimized-5037763613163520
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-28 17:21:41 +02:00
Michael Niedermayer
b9c032ebc0
avcodec/snow: Fix runtime error: signed integer overflow: 1086573993 + 1086573994 cannot be represented in type 'int'
...
Fixes: 1871/clusterfuzz-testcase-minimized-5719950331215872
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-28 17:13:07 +02:00
Michael Niedermayer
781f88bb26
avcodec/jpeg2000: Fix runtime error: signed integer overflow: 4185 + 2147483394 cannot be represented in type 'int'
...
Fixes: 1870/clusterfuzz-testcase-minimized-4686788029317120
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-28 14:01:12 +02:00
Michael Niedermayer
9c1812491f
avcodec/jpeg2000dec: Check tile offsets more completely
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-28 13:52:13 +02:00
Michael Niedermayer
d8030c14bd
avcodec/sheervideo: Check input buffer size before allocating and decoding
...
Fixes: Timeout
Fixes: 1858/clusterfuzz-testcase-minimized-6450473802399744
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-28 13:32:12 +02:00
Michael Niedermayer
c51357d206
avcodec/wavpack: Fix runtime error: signed integer overflow: -1386217472 * 4 cannot be represented in type 'int'
...
Fixes: 1853/clusterfuzz-testcase-minimized-5471155626442752
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-28 12:57:14 +02:00
Michael Niedermayer
6c3a63fc3d
avcodec/aacdec_fixed: Fix multiple runtime error: shift exponent 127 is too large for 32-bit type 'int'
...
Fixes: 1851/clusterfuzz-testcase-minimized-5692607495667712
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-28 03:34:43 +02:00
Michael Niedermayer
7f50c25124
avcodec/wnv1: More strict buffer size check
...
This requires at least 25% of a picture to allocate and decode it
Fixes: Timeout
Fixes: 1845/clusterfuzz-testcase-minimized-5075974343360512
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-28 03:20:09 +02:00
Michael Niedermayer
ca6776a993
avcodec/libfdk-aacdec: Correct buffer_size parameter
...
the timeDataSize argument to aacDecoder_DecodeFrame() seems undocumented and until
2016 04 (203e3f28fbebec7011342017fafc2a0bda0ce530) unused.
after that commit libfdk-aacdec interprets it as size in sample units and memsets that on error.
FFmpeg as well as others (like GStreamer) did interpret it as size in bytes
Fixes: 1442/clusterfuzz-testcase-minimized-4540199973421056 (This requires recent libfdk to reproduce)
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-28 03:08:33 +02:00
Michael Niedermayer
7c36ee216f
avcodec/sbrdsp_template: Fix: runtime error: signed integer overflow: 849815297 + 1315389781 cannot be represented in type 'int'
...
Fixes: 1770/clusterfuzz-testcase-minimized-5285511235108864
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-28 03:07:45 +02:00
Michael Niedermayer
fe8c9420dd
avcodec/aacps: Check border_position to be monotone
...
Fixes: runtime error: left shift of negative value -67108864
Fixes: 1738/clusterfuzz-testcase-minimized-6734814327603200
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-28 03:07:02 +02:00
erankor
15bd309af8
movenc: encryption with time code track fix
...
instead of deciding whether to encrypt based on the encryption scheme,
decide according to whether cenc was initialized or not.
mov_create_timecode_track calls ff_mov_write_packet with a track that
doesn't have cenc initialized.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-28 03:05:59 +02:00
Michael Niedermayer
357f2316a0
avcodec/ivi_dsp: Fix runtime error: left shift of negative value -2
...
Fixes: 1839/clusterfuzz-testcase-minimized-6238490993885184
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-28 03:04:21 +02:00
Kevin Mark
114e871621
doc/filters: Clarify scale2ref example
...
Signed-off-by: Kevin Mark <kmark937@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-28 02:39:08 +02:00
James Almer
24133973fc
avformat/mov: add support for reading Content Light Level Box
...
As defined in "VP Codec ISO Media File Format Binding v1.0"
https://github.com/webmproject/vp9-dash/blob/master/VPCodecISOMediaFileFormatBinding.md
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
2017-05-27 16:14:24 -03:00
James Almer
ab05bd6e6c
avformat/mov: add support for reading Mastering Display Metadata Box
...
As defined in "VP Codec ISO Media File Format Binding v1.0"
https://github.com/webmproject/vp9-dash/blob/master/VPCodecISOMediaFileFormatBinding.md
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
2017-05-27 16:09:55 -03:00
Michael Niedermayer
ac8dfcbd89
avcodec/mlpdec: Do not leave invalid values in matrix_out_ch[] on error
...
Fixes: runtime error: index 12 out of bounds for type 'uint8_t [8]'
Fixes: 1832/clusterfuzz-testcase-minimized-6574546079449088
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-27 14:37:42 +02:00
Michael Niedermayer
53c0c637d3
avcodec/ra144dec: Fix runtime error: left shift of negative value -17
...
Fixes: 1830/clusterfuzz-testcase-minimized-5828293733384192
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-27 13:07:35 +02:00
Michael Niedermayer
77d9889821
avcodec/pixlet: Fix runtime error: signed integer overflow: 2147483647 + 32 cannot be represented in type 'int'
...
Fixes: 1829/clusterfuzz-testcase-minimized-5527165321871360
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-27 13:04:23 +02:00
Michael Niedermayer
1a36354698
avformat/mux: Fix copy an paste typo
...
Found-by: Roger Scott <rscott@grammatech.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-27 04:21:34 +02:00
Vittorio Giovara
1f4454230d
zscale: Add range options aliases to match scale ones
...
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
2017-05-26 10:29:32 -04:00
Vittorio Giovara
6aafe56421
zscale: Add pixdesc-API compatible color names to filter options
...
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
2017-05-26 10:28:50 -04:00
James Almer
5213c6d175
doc/libav-merge: remove lines about AVFrame crop fields
2017-05-26 11:22:23 -03:00
James Almer
a9a6d51ca4
avcodec/theora: export cropping information instead of handling it internally
...
This merges commit 1202b71269
from libav,
originally written by Anton Khirnov and skipped in
fc63d5ceb3
.
libavcodec/vp3.c | 26 +++++++++-----------------
1 file changed, 9 insertions(+), 17 deletions(-)
2017-05-26 11:15:45 -03:00
James Almer
07596e45c5
avcodec/h264dec: export cropping information instead of handling it internally
...
This merges commit c3e84820d6
from libav,
originally written by Anton Khirnov and skipped in
fc63d5ceb3
.
libavcodec/h264_picture.c | 3 ---
libavcodec/h264_ps.c | 9 ---------
libavcodec/h264_slice.c | 25 +++++++++++++++++++------
libavcodec/h264dec.c | 13 +------------
libavcodec/h264dec.h | 9 +++++----
5 files changed, 25 insertions(+), 34 deletions(-)
2017-05-26 11:15:45 -03:00
James Almer
6505e8cfd0
avcodec/h264dec: be more explicit in handling container cropping
...
This merges commit 4fded0480f
from libav,
originally written by Anton Khirnov and skipped in
fc63d5ceb3
.
libavcodec/h264_slice.c | 20 +++++++++++++-------
libavcodec/h264dec.c | 3 +++
libavcodec/h264dec.h | 5 +++++
3 files changed, 21 insertions(+), 7 deletions(-)
2017-05-26 11:15:45 -03:00
James Almer
000fb61a71
avcodec/hevcdec: export cropping information instead of handling it internally
...
This merges commit a02ae1c683
from libav,
originally written by Anton Khirnov and skipped in
fc63d5ceb3
.
libavcodec/hevc_parser.c | 6 ++++--
libavcodec/hevc_ps.c | 31 ++++++++++++-------------------
libavcodec/hevc_ps.h | 2 --
libavcodec/hevc_refs.c | 18 +++++-------------
libavcodec/hevcdec.c | 7 ++++---
libavcodec/hevcdec.h | 2 --
6 files changed, 25 insertions(+), 41 deletions(-)
Signed-off-by: James Almer <jamrial@gmail.com>
2017-05-26 11:15:45 -03:00
Michael Niedermayer
43c394dcae
avcodec/clearvideo: Check buf_size before decoding frame
...
Fixes; Timeout
Fixes: 1826/clusterfuzz-testcase-minimized-5728569256837120
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-26 01:38:03 +02:00
Michael Niedermayer
8e87d146d7
avcodec/aacdec_fixed: Fix runtime error: signed integer overflow: -2147483648 * -1 cannot be represented in type 'int'
...
Fixes: 1825/clusterfuzz-testcase-minimized-6002833050566656
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-25 23:03:53 +02:00
Michael Niedermayer
356194fcb1
avcodec/smc: Check remaining input
...
Fixes: Timeout
Fixes: 1818/clusterfuzz-testcase-minimized-5039166473633792
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-25 20:08:31 +02:00
Michael Niedermayer
b946bd8ef2
avcodec/diracdec: Fix off by 1 error in quant check
...
Fixes: out of array read
Fixes: 1781/clusterfuzz-testcase-minimized-4617176877105152
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-25 19:32:39 +02:00
Michael Niedermayer
6d6fc4105b
avcodec/diracdec: Factor quant matrix reads
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-25 19:32:39 +02:00
Ronald S. Bultje
d98f34d7d4
frame_thread_encoder: extend critical code covered by finished_task_mutex.
...
Should fix tsan errors in utvideoenc_rgb_left and related tests.
2017-05-25 10:29:07 -04:00
Ronald S. Bultje
ca2209d67a
hevc: fix race condition in max_ra/seq_decode.
...
These variables are shared between frame threads, but they are updated
post-setup_finished() if a EOB/EOS slice type occurs. Moving the EOB/EOS
slices to the next frame thread instance (by parsing them leading into
the next picture instead of trailing behind the last picture) effectively
prevents this race condition.
This fixes tsan failures on hevc-conformance-NoOutPrior_A_Qualcomm_1.
2017-05-25 10:29:07 -04:00