1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-18 03:19:31 +02:00
Commit Graph

86312 Commits

Author SHA1 Message Date
Michael Niedermayer
d90c5bf105 avcodec/wavpack: Fix runtime error: signed integer overflow: 24 * -2147483648 cannot be represented in type 'int'
Fixes: 1894/clusterfuzz-testcase-minimized-4716739789062144

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-30 04:45:27 +02:00
Rostislav Pehlivanov
220b24c7c9 lavc: remove libschroedinger encoding and decoding wrappers
The library has stopped being developed and Debian has removed it
from its repositories citing security issues.
The native Dirac decoder supports everything the library has and basic
encoding support is still provided via the native vc2 (Dirac Pro, intra
only version of Dirac) encoder. Hence, there's no reason to still support
linking to the library and potentially leading users into security issues.
2017-05-29 20:15:58 +01:00
Rostislav Pehlivanov
a3deeaade3 lavf: remove the libnut library wrapper
libnut is outdated and not developed anymore, all nut developments
happens in this repo, so users are getting mislead
2017-05-29 20:15:58 +01:00
Michael Niedermayer
e091b9b3c7 avcodec/ansi: Fix frame memleak
Fixes: 1892/clusterfuzz-testcase-minimized-4519341733183488

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-29 14:08:07 +02:00
Michael Niedermayer
c49fa2a514 avcodec/dds: Fix runtime error: left shift of 145 by 24 places cannot be represented in type 'int'
Fixes: 1891/clusterfuzz-testcase-minimized-6274417925554176

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-29 13:51:42 +02:00
Michael Niedermayer
f3da6fbff8 avcodec/jpeg2000dec: Use ff_set_dimensions()
Fixes: OOM
Fixes: 1890/clusterfuzz-testcase-minimized-6329019509243904

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-29 13:46:09 +02:00
Michael Niedermayer
718f8a01df tools/target_dec_fuzzer: Move the hwaccel check outside the initialization if
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-29 03:40:47 +02:00
Michael Niedermayer
f6ba58d193 avcodec/aacsbr: Fix libavcodec/aacsbr.c:257:59: runtime error: division by zero
Fixes: 1882/clusterfuzz-testcase-minimized-5539735650959360

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Rostislav Pehlivanov <atomnuker@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-29 02:45:17 +02:00
Micah Galizia
c4c73020f4 libavformat/hls: Observe Set-Cookie headers
Signed-off-by: Micah Galizia <micahgalizia@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-29 02:00:08 +02:00
Michael Niedermayer
c901627918 avcodec/truemotion2: Fix passing null pointer to memset()
Fixes part of: 1888/clusterfuzz-testcase-minimized-5237704826552320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-28 21:56:02 +02:00
Michael Niedermayer
c9e884f3d9 avcodec/truemotion2: Fix runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
Fixes part of: 1888/clusterfuzz-testcase-minimized-5237704826552320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-28 21:55:06 +02:00
Michael Niedermayer
7c845450d2 avcodec/ra144: Fix runtime error: signed integer overflow: -2449 * 1398101 cannot be represented in type 'int'
Fixes: 1885/clusterfuzz-testcase-minimized-5336328549957632

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-28 21:55:02 +02:00
Michael Niedermayer
4c472c5252 avcodec/ra144: Fix runtime error: signed integer overflow: 11184810 * 404 cannot be represented in type 'int'
Fixes: 1884/clusterfuzz-testcase-minimized-4637425835966464

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-28 21:38:55 +02:00
Michael Niedermayer
872bac8159 avcodec/aac_defines: Add missing () to AAC_HALF_SUM() macro
Fixes: runtime error: shift exponent 1073741848 is too large for 32-bit type 'INTFLOAT' (aka 'int')
Fixes: 1880/clusterfuzz-testcase-minimized-4900645322620928

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-28 21:20:28 +02:00
Michael Niedermayer
67020711b7 avcodec/webp: Fixes null pointer dereference
Fixes: 1470/clusterfuzz-testcase-minimized-5404421666111488
Fixes: 1472/clusterfuzz-testcase-minimized-5677426430443520
Fixes: 1875/clusterfuzz-testcase-minimized-5536474562822144

Approved-by: BBB

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-28 21:20:09 +02:00
Michael Niedermayer
6b9cb5d26a avcodec/aacdec_fixed: Fix runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
Fixes: 1878/clusterfuzz-testcase-minimized-6441918630199296

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-28 18:27:43 +02:00
Michael Niedermayer
67b30decf7 avcodec/ylc: Check count in build_vlc()
Fixes: runtime error: signed integer overflow: 211633430 + 2147483647 cannot be represented in type 'int'
Fixes: 1874/clusterfuzz-testcase-minimized-5037763613163520

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-28 17:21:41 +02:00
Michael Niedermayer
b9c032ebc0 avcodec/snow: Fix runtime error: signed integer overflow: 1086573993 + 1086573994 cannot be represented in type 'int'
Fixes: 1871/clusterfuzz-testcase-minimized-5719950331215872

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-28 17:13:07 +02:00
Michael Niedermayer
781f88bb26 avcodec/jpeg2000: Fix runtime error: signed integer overflow: 4185 + 2147483394 cannot be represented in type 'int'
Fixes: 1870/clusterfuzz-testcase-minimized-4686788029317120

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-28 14:01:12 +02:00
Michael Niedermayer
9c1812491f avcodec/jpeg2000dec: Check tile offsets more completely
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-28 13:52:13 +02:00
Michael Niedermayer
d8030c14bd avcodec/sheervideo: Check input buffer size before allocating and decoding
Fixes: Timeout
Fixes: 1858/clusterfuzz-testcase-minimized-6450473802399744

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-28 13:32:12 +02:00
Michael Niedermayer
c51357d206 avcodec/wavpack: Fix runtime error: signed integer overflow: -1386217472 * 4 cannot be represented in type 'int'
Fixes: 1853/clusterfuzz-testcase-minimized-5471155626442752

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-28 12:57:14 +02:00
Michael Niedermayer
6c3a63fc3d avcodec/aacdec_fixed: Fix multiple runtime error: shift exponent 127 is too large for 32-bit type 'int'
Fixes: 1851/clusterfuzz-testcase-minimized-5692607495667712

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-28 03:34:43 +02:00
Michael Niedermayer
7f50c25124 avcodec/wnv1: More strict buffer size check
This requires at least 25% of a picture to allocate and decode it

Fixes: Timeout
Fixes: 1845/clusterfuzz-testcase-minimized-5075974343360512

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-28 03:20:09 +02:00
Michael Niedermayer
ca6776a993 avcodec/libfdk-aacdec: Correct buffer_size parameter
the timeDataSize argument to aacDecoder_DecodeFrame() seems undocumented and until
2016 04 (203e3f28fbebec7011342017fafc2a0bda0ce530) unused.
after that commit libfdk-aacdec interprets it as size in sample units and memsets that on error.
FFmpeg as well as others (like GStreamer) did interpret it as size in bytes

Fixes: 1442/clusterfuzz-testcase-minimized-4540199973421056 (This requires recent libfdk to reproduce)

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-28 03:08:33 +02:00
Michael Niedermayer
7c36ee216f avcodec/sbrdsp_template: Fix: runtime error: signed integer overflow: 849815297 + 1315389781 cannot be represented in type 'int'
Fixes: 1770/clusterfuzz-testcase-minimized-5285511235108864

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-28 03:07:45 +02:00
Michael Niedermayer
fe8c9420dd avcodec/aacps: Check border_position to be monotone
Fixes: runtime error: left shift of negative value -67108864
Fixes: 1738/clusterfuzz-testcase-minimized-6734814327603200

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-28 03:07:02 +02:00
erankor
15bd309af8 movenc: encryption with time code track fix
instead of deciding whether to encrypt based on the encryption scheme,
decide according to whether cenc was initialized or not.
mov_create_timecode_track calls ff_mov_write_packet with a track that
doesn't have cenc initialized.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-28 03:05:59 +02:00
Michael Niedermayer
357f2316a0 avcodec/ivi_dsp: Fix runtime error: left shift of negative value -2
Fixes: 1839/clusterfuzz-testcase-minimized-6238490993885184

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-28 03:04:21 +02:00
Kevin Mark
114e871621 doc/filters: Clarify scale2ref example
Signed-off-by: Kevin Mark <kmark937@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-28 02:39:08 +02:00
James Almer
24133973fc avformat/mov: add support for reading Content Light Level Box
As defined in "VP Codec ISO Media File Format Binding v1.0"
https://github.com/webmproject/vp9-dash/blob/master/VPCodecISOMediaFileFormatBinding.md

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
2017-05-27 16:14:24 -03:00
James Almer
ab05bd6e6c avformat/mov: add support for reading Mastering Display Metadata Box
As defined in "VP Codec ISO Media File Format Binding v1.0"
https://github.com/webmproject/vp9-dash/blob/master/VPCodecISOMediaFileFormatBinding.md

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
2017-05-27 16:09:55 -03:00
Michael Niedermayer
ac8dfcbd89 avcodec/mlpdec: Do not leave invalid values in matrix_out_ch[] on error
Fixes: runtime error: index 12 out of bounds for type 'uint8_t [8]'
Fixes: 1832/clusterfuzz-testcase-minimized-6574546079449088

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-27 14:37:42 +02:00
Michael Niedermayer
53c0c637d3 avcodec/ra144dec: Fix runtime error: left shift of negative value -17
Fixes: 1830/clusterfuzz-testcase-minimized-5828293733384192

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-27 13:07:35 +02:00
Michael Niedermayer
77d9889821 avcodec/pixlet: Fix runtime error: signed integer overflow: 2147483647 + 32 cannot be represented in type 'int'
Fixes: 1829/clusterfuzz-testcase-minimized-5527165321871360

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-27 13:04:23 +02:00
Michael Niedermayer
1a36354698 avformat/mux: Fix copy an paste typo
Found-by: Roger Scott <rscott@grammatech.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-27 04:21:34 +02:00
Vittorio Giovara
1f4454230d zscale: Add range options aliases to match scale ones
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
2017-05-26 10:29:32 -04:00
Vittorio Giovara
6aafe56421 zscale: Add pixdesc-API compatible color names to filter options
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
2017-05-26 10:28:50 -04:00
James Almer
5213c6d175 doc/libav-merge: remove lines about AVFrame crop fields 2017-05-26 11:22:23 -03:00
James Almer
a9a6d51ca4 avcodec/theora: export cropping information instead of handling it internally
This merges commit 1202b71269 from libav,
originally written by Anton Khirnov and skipped in
fc63d5ceb3.

 libavcodec/vp3.c | 26 +++++++++-----------------
 1 file changed, 9 insertions(+), 17 deletions(-)
2017-05-26 11:15:45 -03:00
James Almer
07596e45c5 avcodec/h264dec: export cropping information instead of handling it internally
This merges commit c3e84820d6 from libav,
originally written by Anton Khirnov and skipped in
fc63d5ceb3.

 libavcodec/h264_picture.c |  3 ---
 libavcodec/h264_ps.c      |  9 ---------
 libavcodec/h264_slice.c   | 25 +++++++++++++++++++------
 libavcodec/h264dec.c      | 13 +------------
 libavcodec/h264dec.h      |  9 +++++----
 5 files changed, 25 insertions(+), 34 deletions(-)
2017-05-26 11:15:45 -03:00
James Almer
6505e8cfd0 avcodec/h264dec: be more explicit in handling container cropping
This merges commit 4fded0480f from libav,
originally written by Anton Khirnov and skipped in
fc63d5ceb3.

 libavcodec/h264_slice.c | 20 +++++++++++++-------
 libavcodec/h264dec.c    |  3 +++
 libavcodec/h264dec.h    |  5 +++++
 3 files changed, 21 insertions(+), 7 deletions(-)
2017-05-26 11:15:45 -03:00
James Almer
000fb61a71 avcodec/hevcdec: export cropping information instead of handling it internally
This merges commit a02ae1c683 from libav,
originally written by Anton Khirnov and skipped in
fc63d5ceb3.

 libavcodec/hevc_parser.c |  6 ++++--
 libavcodec/hevc_ps.c     | 31 ++++++++++++-------------------
 libavcodec/hevc_ps.h     |  2 --
 libavcodec/hevc_refs.c   | 18 +++++-------------
 libavcodec/hevcdec.c     |  7 ++++---
 libavcodec/hevcdec.h     |  2 --
 6 files changed, 25 insertions(+), 41 deletions(-)

Signed-off-by: James Almer <jamrial@gmail.com>
2017-05-26 11:15:45 -03:00
Michael Niedermayer
43c394dcae avcodec/clearvideo: Check buf_size before decoding frame
Fixes; Timeout
Fixes: 1826/clusterfuzz-testcase-minimized-5728569256837120

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-26 01:38:03 +02:00
Michael Niedermayer
8e87d146d7 avcodec/aacdec_fixed: Fix runtime error: signed integer overflow: -2147483648 * -1 cannot be represented in type 'int'
Fixes: 1825/clusterfuzz-testcase-minimized-6002833050566656

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-25 23:03:53 +02:00
Michael Niedermayer
356194fcb1 avcodec/smc: Check remaining input
Fixes: Timeout
Fixes: 1818/clusterfuzz-testcase-minimized-5039166473633792

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-25 20:08:31 +02:00
Michael Niedermayer
b946bd8ef2 avcodec/diracdec: Fix off by 1 error in quant check
Fixes: out of array read
Fixes: 1781/clusterfuzz-testcase-minimized-4617176877105152

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-25 19:32:39 +02:00
Michael Niedermayer
6d6fc4105b avcodec/diracdec: Factor quant matrix reads
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-25 19:32:39 +02:00
Ronald S. Bultje
d98f34d7d4 frame_thread_encoder: extend critical code covered by finished_task_mutex.
Should fix tsan errors in utvideoenc_rgb_left and related tests.
2017-05-25 10:29:07 -04:00
Ronald S. Bultje
ca2209d67a hevc: fix race condition in max_ra/seq_decode.
These variables are shared between frame threads, but they are updated
post-setup_finished() if a EOB/EOS slice type occurs. Moving the EOB/EOS
slices to the next frame thread instance (by parsing them leading into
the next picture instead of trailing behind the last picture) effectively
prevents this race condition.

This fixes tsan failures on hevc-conformance-NoOutPrior_A_Qualcomm_1.
2017-05-25 10:29:07 -04:00