1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-12 19:18:44 +02:00
Commit Graph

268 Commits

Author SHA1 Message Date
Michael Niedermayer
ec28a85107 avcodec/tiff: Check for 12bit gray fax
Fixes: Assertion failure
Fixes: 11898/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5759794191794176

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-01-20 21:42:20 +01:00
Carl Eugen Hoyos
90ab9a58ff lavc/tiff: Support CMYK images.
Fixes ticket #3459.
2019-01-12 17:27:48 +01:00
Paul B Mahol
de5e71fb1b avcodec/tiff: add support for 12bit grayscale images
Fixes #4688.
2018-12-16 22:06:08 +01:00
Carl Hetherington
6190f873eb lavc/tiff: Fix leak of yuv_line in TiffContext.
Signed-off-by: Carl Hetherington <cth@carlh.net>
2018-12-11 00:57:01 +01:00
Michael Niedermayer
a036c25969 avcodec/tiff: Fix integer overflows in left shift in init_image()
Fixes: left shift of 255 by 24 places cannot be represented in type 'int'
Fixes: 11377/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5694319101476864

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-11-27 02:56:36 +01:00
Michael Niedermayer
90ac0e5f29 avcodec/tiff: Limit filtering to decoded data
Fixes: Timeout
Fixes: 11068/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5698456681709568

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-11-26 02:56:31 +01:00
Paul B Mahol
26772b789b avcodec/tiff: add initial bayer and sub image support 2018-11-12 09:43:32 +01:00
Michael Niedermayer
c905840e8c avcodec/tiff: check remaining packet size for strips
Fixes: Timeout
Fixes: 10280/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5676217211027456

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-10-03 11:13:38 +02:00
Paul B Mahol
05df39cf3f avcodec/tiff: check ff_lzw_decode_open() for failure 2018-09-09 11:38:33 +02:00
Michael Niedermayer
27f80ab016 avcodec/tiff: Update pointer only when the result is used
Fixes: runtime error: signed integer overflow: 538976288 * 32 cannot be represented in type 'int'
Fixes: 2310/clusterfuzz-testcase-minimized-4534784887881728

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-23 03:03:04 +02:00
Michael Niedermayer
22a25ab389 avcodec/tiff: Fix leak of geotags[].val
Fixes: 2176/clusterfuzz-testcase-minimized-5908197216878592

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-11 01:06:08 +02:00
Michael Niedermayer
d7cbeab4c1 avcodec/tiff: Avoid loosing allocated geotag values
Fixes memleak
Fixes: 2076/clusterfuzz-testcase-minimized-6542640243802112

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-05 22:43:23 +02:00
Michael Niedermayer
98256595fa avcodec/tiff: Clear deinvert_buf_size on deallocation
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-04 00:25:09 +02:00
Michael Niedermayer
9221445fa0 avcodec/tiff: Use av_fast_padded_malloc() in tiff_unpack_fax()
Fixes: Timeout
Fixes: 1213/clusterfuzz-testcase-minimized-6022987469815808

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-03 23:58:46 +02:00
Michael Niedermayer
f08122fbe0 avcodec/tiff: reset sampling[] if its invalid
Fixes divission by 0
Fixes: clusterfuzz-testcase-minimized-5592896440893440

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-16 02:23:18 +02:00
Muhammad Faiz
31f61b0d4f avcodec: do not use AVFrame accessor
Reviewed-by: wm4 <nfxjfg@googlemail.com>
Signed-off-by: Muhammad Faiz <mfcc64@gmail.com>
2017-04-23 14:27:47 +07:00
Michael Niedermayer
cd8e62746f avcodec/tiff: Factor constant computation out of inner loop
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-04-11 17:58:26 +02:00
Michael Niedermayer
3182e19c1c avcodec/tiff: Check geotag count for being non zero
Fixes memleak
Fixes: 874/clusterfuzz-testcase-5252796175613952

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-03-23 15:25:48 +01:00
Michael Niedermayer
5d996b5649 avcodec/tiff: Check stripsize strippos for overflow
Fixes: 861/clusterfuzz-testcase-5688284384591872

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-03-20 01:33:08 +01:00
Michael Niedermayer
cfa10e11be avcodec/tiff: Check palette shift
Fixes multiple  runtime error: shift exponent 792 is too large for 32-bit type 'unsigned int'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-03-16 01:04:35 +01:00
Michael Niedermayer
108b02e547 avcodec/tiff: Check for multiple geo key directories
Fixes memleak
Fixes: 826/clusterfuzz-testcase-5316921379520512

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-03-14 22:48:49 +01:00
Michael Niedermayer
f48b6b8b91 avcodec/tiff: Perform multiply in tiff_unpack_lzma() as 64bit
This should make no difference as the value should not be able to be that large
but its more correct this way

Fixes CID1348138

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-01-10 00:55:15 +01:00
Andreas Cadhalpun
ed412d2850 tiff: fix overflows when calling av_reduce
The arguments of av_reduce are signed, so the cast to uint64_t is misleading.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-12-15 01:30:57 +01:00
Carl Eugen Hoyos
beb877bae0 lavc/tiff: Print compression debug information. 2016-10-05 13:49:17 +02:00
Michael Niedermayer
89f464e9c2 avcodec/tiff: Check subsample & rps values more completely
Fixes out of array access
Fixes: 83aedfb29af669c4d6e10f1bfad974d2/asan_heap-oob_1ab42fe_4984_9f6ec14462f8d8a00ea24b320572a963.tif

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-18 03:51:00 +01:00
Michael Niedermayer
7727f76230 avcodec/tiff: Support uncompressed G3 CCITT fax
Fixes part of Ticket700

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-08-13 17:02:05 +02:00
Michael Niedermayer
dd1b4ed6d9 avcodec/tiff: Support uncompressed G4 CCITT fax
Fixes part of ticket700

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-08-13 16:33:36 +02:00
Michael Niedermayer
29d147c94d Merge commit '059a934806d61f7af9ab3fd9f74994b838ea5eba'
* commit '059a934806d61f7af9ab3fd9f74994b838ea5eba':
  lavc: Consistently prefix input buffer defines

Conflicts:
	doc/examples/decoding_encoding.c
	libavcodec/4xm.c
	libavcodec/aac_adtstoasc_bsf.c
	libavcodec/aacdec.c
	libavcodec/aacenc.c
	libavcodec/ac3dec.h
	libavcodec/asvenc.c
	libavcodec/avcodec.h
	libavcodec/avpacket.c
	libavcodec/dvdec.c
	libavcodec/ffv1enc.c
	libavcodec/g2meet.c
	libavcodec/gif.c
	libavcodec/h264.c
	libavcodec/h264_mp4toannexb_bsf.c
	libavcodec/huffyuvdec.c
	libavcodec/huffyuvenc.c
	libavcodec/jpeglsenc.c
	libavcodec/libxvid.c
	libavcodec/mdec.c
	libavcodec/motionpixels.c
	libavcodec/mpeg4videodec.c
	libavcodec/mpegvideo.c
	libavcodec/noise_bsf.c
	libavcodec/nuv.c
	libavcodec/nvenc.c
	libavcodec/options.c
	libavcodec/parser.c
	libavcodec/pngenc.c
	libavcodec/proresenc_kostya.c
	libavcodec/qsvdec.c
	libavcodec/svq1enc.c
	libavcodec/tiffenc.c
	libavcodec/truemotion2.c
	libavcodec/utils.c
	libavcodec/utvideoenc.c
	libavcodec/vc1dec.c
	libavcodec/wmalosslessdec.c
	libavformat/adxdec.c
	libavformat/aiffdec.c
	libavformat/apc.c
	libavformat/apetag.c
	libavformat/avidec.c
	libavformat/bink.c
	libavformat/cafdec.c
	libavformat/flvdec.c
	libavformat/id3v2.c
	libavformat/isom.c
	libavformat/matroskadec.c
	libavformat/mov.c
	libavformat/mpc.c
	libavformat/mpc8.c
	libavformat/mpegts.c
	libavformat/mvi.c
	libavformat/mxfdec.c
	libavformat/mxg.c
	libavformat/nutdec.c
	libavformat/oggdec.c
	libavformat/oggparsecelt.c
	libavformat/oggparseflac.c
	libavformat/oggparseopus.c
	libavformat/oggparsespeex.c
	libavformat/omadec.c
	libavformat/rawdec.c
	libavformat/riffdec.c
	libavformat/rl2.c
	libavformat/rmdec.c
	libavformat/rtpdec_latm.c
	libavformat/rtpdec_mpeg4.c
	libavformat/rtpdec_qdm2.c
	libavformat/rtpdec_svq3.c
	libavformat/sierravmd.c
	libavformat/smacker.c
	libavformat/smush.c
	libavformat/spdifenc.c
	libavformat/takdec.c
	libavformat/tta.c
	libavformat/utils.c
	libavformat/vqf.c
	libavformat/westwood_vqa.c
	libavformat/xmv.c
	libavformat/xwma.c
	libavformat/yop.c

Merged-by: Michael Niedermayer <michael@niedermayer.cc>
2015-07-27 23:15:19 +02:00
Michael Niedermayer
444e9874a7 Merge commit 'def97856de6021965db86c25a732d78689bd6bb0'
* commit 'def97856de6021965db86c25a732d78689bd6bb0':
  lavc: AV-prefix all codec capabilities

Conflicts:
	cmdutils.c
	ffmpeg.c
	ffplay.c
	libavcodec/8svx.c
	libavcodec/aacenc.c
	libavcodec/ac3dec.c
	libavcodec/adpcm.c
	libavcodec/alac.c
	libavcodec/atrac3plusdec.c
	libavcodec/bink.c
	libavcodec/dnxhddec.c
	libavcodec/dvdec.c
	libavcodec/dvenc.c
	libavcodec/ffv1dec.c
	libavcodec/ffv1enc.c
	libavcodec/fic.c
	libavcodec/flacdec.c
	libavcodec/flacenc.c
	libavcodec/flvdec.c
	libavcodec/fraps.c
	libavcodec/frwu.c
	libavcodec/gifdec.c
	libavcodec/h261dec.c
	libavcodec/hevc.c
	libavcodec/iff.c
	libavcodec/imc.c
	libavcodec/libopenjpegdec.c
	libavcodec/libvo-aacenc.c
	libavcodec/libvorbisenc.c
	libavcodec/libvpxdec.c
	libavcodec/libvpxenc.c
	libavcodec/libx264.c
	libavcodec/mjpegbdec.c
	libavcodec/mjpegdec.c
	libavcodec/mpegaudiodec_float.c
	libavcodec/msmpeg4dec.c
	libavcodec/mxpegdec.c
	libavcodec/nvenc_h264.c
	libavcodec/nvenc_hevc.c
	libavcodec/pngdec.c
	libavcodec/qpeg.c
	libavcodec/ra288.c
	libavcodec/rv10.c
	libavcodec/s302m.c
	libavcodec/sp5xdec.c
	libavcodec/takdec.c
	libavcodec/tiff.c
	libavcodec/tta.c
	libavcodec/utils.c
	libavcodec/v210dec.c
	libavcodec/vp6.c
	libavcodec/vp9.c
	libavcodec/wavpack.c
	libavcodec/yop.c

Merged-by: Michael Niedermayer <michael@niedermayer.cc>
2015-07-27 22:50:18 +02:00
Vittorio Giovara
059a934806 lavc: Consistently prefix input buffer defines
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
2015-07-27 15:24:59 +01:00
Vittorio Giovara
def97856de lavc: AV-prefix all codec capabilities
Express bitfields more simply.

Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
2015-07-27 15:24:58 +01:00
Michael Niedermayer
d5e9fc7821 avcodec/tiff: move bpp check to after "end:"
This ensures that all current and future code-pathes get bpp checked

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-03-08 23:36:46 +01:00
Michael Niedermayer
9889762a9b Merge commit 'ae5e1f3d663a8c9a532d89e588cbc61f171c9186'
* commit 'ae5e1f3d663a8c9a532d89e588cbc61f171c9186':
  tiff: Check that there is no aliasing in pixel format selection

See: e1c0cfaa41
Merged-by: Michael Niedermayer <michaelni@gmx.at>
2015-03-08 23:19:30 +01:00
Anton Khirnov
ae5e1f3d66 tiff: Check that there is no aliasing in pixel format selection
Fixes possible issues with unexpected bpp/bppcount values.

CC: libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Bug-Id: CVE-2014-8544
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2015-03-08 19:14:14 +01:00
Carl Eugen Hoyos
50144b91ea Respect horizontal differencing predictor for 16bit gray tiff images.
Fixes ticket #4291.
2015-01-30 14:12:55 +01:00
Michael Niedermayer
3779973a9b Merge commit 'f86f39cb9b1fcd063d5e4812132a75c06cc7acd2'
* commit 'f86f39cb9b1fcd063d5e4812132a75c06cc7acd2':
  tiff: support decoding GBRP and GBRAP formats

Conflicts:
	libavcodec/tiff.c

See: 379ad9788b
Merged-by: Michael Niedermayer <michaelni@gmx.at>
2015-01-15 06:11:32 +01:00
Paul B Mahol
f86f39cb9b tiff: support decoding GBRP and GBRAP formats
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
2015-01-14 17:17:24 +01:00
Carl Eugen Hoyos
3a3790b8f8 tiff: support encoding and decoding 64bit images 2014-12-18 23:22:59 +01:00
Matthew Oliver
293fee4bc2 libavcodec/tiff: Fix static linking of lzma with msvc.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-11-22 22:12:19 +01:00
Michael Niedermayer
e1c0cfaa41 avcodec/tiff: more completely check bpp/bppcount
Fixes pixel format selection
Fixes out of array accesses
Fixes: asan_heap-oob_1766029_6_asan_heap-oob_20aa045_332_cov_1823216757_m2-d1d366d7965db766c19a66c7a2ccbb6b.tif

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-10-03 16:33:06 +02:00
Michael Niedermayer
6beea6f017 avcodec/tiff: fix odd dimensioned yuv
Fixes Ticket3893

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-09-15 01:38:02 +02:00
Benoit Fouet
4f10495055 tiff: fix {2,4}bpp grayscale palettes.
Create a default grayscale palette for 2 or 4 bpp grayscale tiff, if
there is no palette defined.
Fixes ticket #3915

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-09-05 12:57:22 +02:00
Michael Niedermayer
ab1e431288 avcodec/tiff: Make pixel format checks tighter
Fixes assertion failure with imgsrc001-lzma.tiff

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-08-24 01:55:19 +02:00
James Almer
b140b51ebb lavc/tiff: add support for LZMA compression
Derived from deflate code.
Requires liblzma.

Signed-off-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-08-24 01:21:39 +02:00
James Almer
201a511bb9 lavc/tiff: add support for YUV deflate
Signed-off-by: James Almer <jamrial@gmail.com>
2014-08-19 18:48:39 -03:00
James Almer
b4231b4fed lavc/tiff: move unpack_yuv() above the deflate functions
Signed-off-by: James Almer <jamrial@gmail.com>
2014-08-19 18:48:31 -03:00
Michael Niedermayer
f0c0ae37c6 avcodec/tiff: Check that pix_fmt is a yuv variant for TIFF_PHOTOMETRIC_YCBCR
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-08-19 21:09:07 +02:00
Michael Niedermayer
6ea69a8ffa avcodec/tiff: do not use photometric to detect pix_fmt
They should match but they do not always
Fixes assertion failure
no testcase with unmodified source available

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-08-19 21:09:07 +02:00
Michael Niedermayer
3f0c76e262 Merge commit '12640e4cbb142be0cd025bcf37f1ea437bdfecd0'
* commit '12640e4cbb142be0cd025bcf37f1ea437bdfecd0':
  tiff: Return proper error for missing LZMA compression

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-08-18 19:52:22 +02:00
Diego Elio Pettenò
12640e4cbb tiff: Return proper error for missing LZMA compression
The LZMA support is a semi-official extension supported by libtiff 4.0.0
and later.

Signed-off-by: Diego Elio Pettenò <flameeyes@flameeyes.eu>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2014-08-18 14:23:24 +02:00