1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-11-26 19:01:44 +02:00
Commit Graph

86116 Commits

Author SHA1 Message Date
Michael Niedermayer
f2c539d350 avcodec/g723_1dec: Fix LCG type
Fixes: 1567/clusterfuzz-testcase-minimized-5693653555085312

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-14 15:30:08 +02:00
Paul B Mahol
69b83f5992 avfilter/af_compand: fix default companding to avoid clipping
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2017-05-14 11:59:04 +02:00
Michael Niedermayer
8630b2cd36 avcodec/ffv1dec: Fix runtime error: signed integer overflow: 1550964438 + 1550964438 cannot be represented in type 'int'
Fixes: 1559/clusterfuzz-testcase-minimized-5048096079740928
Fixes: 1560/clusterfuzz-testcase-minimized-6011037813833728

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-13 23:28:33 +02:00
Michael Niedermayer
8c5cd1c9d3 avcodec/webp: Fix signedness in prefix_code check
Fixes: out of array read
Fixes: 1557/clusterfuzz-testcase-minimized-6535013757616128

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-13 23:22:22 +02:00
Michael Niedermayer
86b1b0d33d avcodec/svq3: Fix runtime error: signed integer overflow: 169 * 12717677 cannot be represented in type 'int'
Fixes: 1556/clusterfuzz-testcase-minimized-5027865978470400

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-13 23:17:18 +02:00
Michael Niedermayer
e3e51f8c14 avcodec/mlpdec: Check that there is enough data for headers
Fixes: out of array access
Fixes: 1541/clusterfuzz-testcase-minimized-6403410590957568

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-13 23:15:13 +02:00
Michael Niedermayer
9351a156de avcodec/ac3dec: Keep track of band structure
It is needed in some corner cases that seem not to be forbidden
Fixes: out of array index
Fixes: 1538/clusterfuzz-testcase-minimized-4696904925446144

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-13 20:36:33 +02:00
Michael Niedermayer
a3508cc3fe avcodec/webp: Add missing input padding
Fixes: 1536/clusterfuzz-testcase-minimized-5973925404082176

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-13 18:28:07 +02:00
Michael Niedermayer
26227d9186 avcodec/aacdec_fixed: Fix runtime error: left shift of negative value -1
Fixes: 1535/clusterfuzz-testcase-minimized-5826695535788032

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-13 18:14:18 +02:00
Michael Niedermayer
87b08ee6d2 avcodec/aacsbr_template: Do not change bs_num_env before its checked
Fixes: 1489/clusterfuzz-testcase-minimized-5075102901207040
Fixes: out of array access

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-13 18:07:33 +02:00
Michael Niedermayer
48f7757749 avcodec/wavpack: Fix runtime error: signed integer overflow: 2147483642 + 512 cannot be represented in type 'int'
Fixed: 1453/clusterfuzz-testcase-minimized-5024976874766336

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-13 18:06:11 +02:00
Michael Niedermayer
2171dfae8c avcodec/scpr: Fix multiple runtime error: index 256 out of bounds for type 'unsigned int [256]'
Fixes: 1519/clusterfuzz-testcase-minimized-5286680976162816

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-13 15:54:33 +02:00
Michael Niedermayer
54e1b62ee2 avcodec/h264_cavlc: Fix runtime error: index -1 out of bounds for type 'VLC [15]
Fixes: 1513/clusterfuzz-testcase-minimized-6246484833992704

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-13 15:54:33 +02:00
Michael Niedermayer
74dc728a2c avcodec/mlp: Fix multiple runtime error: left shift of negative value -1
Fixes: 1512/clusterfuzz-testcase-minimized-4713846423945216

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-13 15:54:33 +02:00
Paul B Mahol
ed93ed5ee3 avfilter: don't anonymously typedef structs
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2017-05-13 11:39:28 +02:00
James Almer
0fbc7a2169 x86/float_dsp: remove usage of integer instructions 2017-05-12 23:34:49 -03:00
Michael Niedermayer
96cbaaa548 avcodec/rangecoder: Fix range coder corner case handling
Fixes: 1511/clusterfuzz-testcase-minimized-5906663800307712

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-13 01:46:05 +02:00
Michael Niedermayer
afb4632cc3 avcodec/dds: Fix runtime error: left shift of 210 by 24 places cannot be represented in type 'int'
Fixes: 1510/clusterfuzz-testcase-minimized-5826231746428928

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-13 01:40:43 +02:00
Michael Niedermayer
934572c5c3 avcodec/rscc: Check pixel_size for overflow
Fixes: 1509/clusterfuzz-testcase-minimized-5129419876204544

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-13 01:32:55 +02:00
Michael Niedermayer
0158b405a7 avcodec/fmvc: Check nb_blocks
Fixes: out of array read
Fixes: 1508/clusterfuzz-testcase-minimized-5011336327069696

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-13 01:23:23 +02:00
Michael Niedermayer
e664882523 avcodec/hq_hqadsp: Fix runtime error: signed integer overflow: 80359 * 30274 cannot be represented in type 'int'
Fixes: 1507/clusterfuzz-testcase-minimized-4955228300378112

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-13 01:15:29 +02:00
Michael Niedermayer
5ac17f187a avcodec/cavsdec: Fix runtime error: signed integer overflow: 31 + 2147483640 cannot be represented in type 'int'
Fixes: 1506/clusterfuzz-testcase-minimized-5401272918212608

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-13 00:43:07 +02:00
Michael Niedermayer
cb243972b1 avcodec/xpmdec: Fix multiple pointer/memory issues
Most of these were found through code review in response to
fixing 1466/clusterfuzz-testcase-minimized-5961584419536896
There is thus no testcase for most of this.
The initial issue was Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-12 23:38:03 +02:00
Martin Vignali
73ae60d7df libavcodec/exr : cosmetics variable name
rename tile variable to better follow ffmpeg coding style

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-12 23:38:03 +02:00
James Almer
28f60eeabb avcodec/avpacket: allow only one element per type in packet side data
It was never meant to do otherwise, as av_packet_get_side_data() returns the first
entry it finds of a given type.

Based on code from libavformat's av_stream_add_side_data().

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
2017-05-12 18:30:31 -03:00
Paul B Mahol
3d55e4883c avfilter/aeval: remove comment that was left from some other file
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2017-05-12 21:47:36 +02:00
Paul B Mahol
c02921417b avfilter/aeval: free input frame on error
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2017-05-12 21:42:21 +02:00
Paul B Mahol
e312ed0504 avfilter/af_astats: add RMS difference too
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2017-05-12 18:14:45 +02:00
Paul B Mahol
9cd62b2ca4 avfilter/vf_pad: revert part of 57c3670896
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2017-05-12 17:37:20 +02:00
Michael Niedermayer
ccce2248bf avcodec/vp8dsp: vp7_luma_dc_wht_c: Fix multiple runtime error: signed integer overflow: -1366381240 + -1262413604 cannot be represented in type 'int'
Fixes: 1440/clusterfuzz-testcase-minimized-5785716111966208

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-12 14:22:50 +02:00
Michael Niedermayer
d5711cb891 avcodec/avcodec: Limit the number of side data elements per packet
Fixes: 1293/clusterfuzz-testcase-minimized-6054752074858496

See: [FFmpeg-devel] [PATCH] avcodec/avcodec: Limit the number of side data elements per packet

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-12 14:19:52 +02:00
Michael Niedermayer
f225003d17 avcodec/texturedsp: Fix runtime error: left shift of 255 by 24 places cannot be represented in type 'int'
Fixes: 1505/clusterfuzz-testcase-minimized-4561688818876416

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-12 13:40:59 +02:00
Michael Niedermayer
c4c0245686 avcodec/g723_1dec: Fix runtime error: left shift of negative value -1
Fixes: 1504/clusterfuzz-testcase-minimized-6249212138225664

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-12 13:40:59 +02:00
Michael Niedermayer
df640dbbc9 avcodec/wmv2dsp: Fix runtime error: signed integer overflow: 181 * -17047030 cannot be represented in type 'int'
Fixes: 1503/clusterfuzz-testcase-minimized-5369271855087616

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-12 13:40:59 +02:00
Paul B Mahol
eaf644e120 avfilter: add acopy filter
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2017-05-12 10:48:13 +02:00
Michael Niedermayer
6899e6e560 avcodec/diracdec: Fix Assertion frame->buf[0] failed at libavcodec/decode.c:610
Fixes: 1487/clusterfuzz-testcase-minimized-6288036495097856

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-11 23:55:59 +02:00
Michael Niedermayer
d05bdba242 avcodec/mss3: Fix runtime error: signed integer overflow: -2146318336 - 2139696256 cannot be represented in type 'int'
Fix is similar to rac_get_model_sym()
Fixes: 1483/clusterfuzz-testcase-minimized-6386507814273024
Fixes: 1485/clusterfuzz-testcase-minimized-6639880215986176

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-11 23:55:59 +02:00
Michael Niedermayer
2752410c47 avcodec/golomb: Fix runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
Fixes: 1481/clusterfuzz-testcase-minimized-5264379509473280

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-11 23:55:49 +02:00
Michael Niedermayer
15e892aad1 avcodec/msmpeg4dec: Check for cbpy VLC errors
Fixes: runtime error: left shift of negative value -1
Fixes: 1480/clusterfuzz-testcase-minimized-5188321007370240

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-11 20:04:57 +02:00
Michael Niedermayer
2bfd0a9758 avcodec/cllc: Check num_bits
Fixes: runtime error: shift exponent -2 is negative
Fixes: 1479/clusterfuzz-testcase-minimized-6638493360979968

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-11 20:04:57 +02:00
Michael Niedermayer
e717fa1f0a avcodec/cllc: Factor VLC_BITS/DEPTH out, do not use repeated literal numbers
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-11 20:04:57 +02:00
James Almer
602ac48720 doc/libav-merge: mention the skipped AVFrame crop fields usage commits 2017-05-11 14:03:41 -03:00
James Almer
fc63d5ceb3 Merge commit '1202b712690c14f0efb06e4ad8b06c5b3df6822a'
* commit '1202b712690c14f0efb06e4ad8b06c5b3df6822a':
  theora: export cropping information instead of handling it internally
  h264dec: export cropping information instead of handling it internally
  h264dec: be more explicit in handling container cropping
  hevcdec: export cropping information instead of handling it internally

This commit is a noop.

This changes the cropping behavior, when it's supposedly only meant to move
it outside of the decoder.
See https://ffmpeg.org/pipermail/ffmpeg-devel/2017-May/211239.html for the
discussion about it.

Merged-by: James Almer <jamrial@gmail.com>
2017-05-11 14:02:45 -03:00
Michael Niedermayer
7ac5067146 avcodec/scpr: Check y in first line loop in decompress_i()
Fixes: out of array access
Fixes: 1478/clusterfuzz-testcase-minimized-5285486908145664

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-11 15:51:08 +02:00
Michael Niedermayer
8a69f2602f avcodec/dvbsubdec: Check entry_id
Fixes: randomly writing over the array end
Fixes: 1473/clusterfuzz-testcase-minimized-5768907824562176

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-11 15:51:08 +02:00
Michael Niedermayer
3a0ff78168 avcodec/aacdec_fixed: Fix multiple shift exponent 33 is too large for 32-bit type 'int'
Fixes: 1471/clusterfuzz-testcase-minimized-6376460543590400

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-11 15:51:08 +02:00
Michael Niedermayer
d9051f8f3e avcodec/mimic: Fix runtime error: index 96 out of bounds for type 'const int8_t [64]'
Fixes: 1468/clusterfuzz-testcase-minimized-5235964056174592

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-11 15:51:08 +02:00
Matthieu Bouron
1795dccde0 lavc/mediacodec_wrapper: fix local reference leaks
Reviewed-by: Clément Bœsch <u@pkh.me>
2017-05-11 16:29:03 +02:00
Matthieu Bouron
2f43897f65 lavc/ffjni: fix local reference leak
Reviewed-by: Clément Bœsch <u@pkh.me>
2017-05-11 16:28:59 +02:00
Matthieu Bouron
5d0b8b1ae3 lavc/aarch64/simple_idct: fix iOS build without gas-preprocessor
Separates macro arguments with commas and passes .4H/.8H as macro
arguments instead of 4H/8H (the later form being interpreted as an
hexadecimal value).

Fixes ticket #6324.

Suggested-by: Martin Storsjö <martin@martin.st>
2017-05-11 16:28:54 +02:00