Michael Niedermayer
f2c539d350
avcodec/g723_1dec: Fix LCG type
...
Fixes: 1567/clusterfuzz-testcase-minimized-5693653555085312
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-14 15:30:08 +02:00
Paul B Mahol
69b83f5992
avfilter/af_compand: fix default companding to avoid clipping
...
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2017-05-14 11:59:04 +02:00
Michael Niedermayer
8630b2cd36
avcodec/ffv1dec: Fix runtime error: signed integer overflow: 1550964438 + 1550964438 cannot be represented in type 'int'
...
Fixes: 1559/clusterfuzz-testcase-minimized-5048096079740928
Fixes: 1560/clusterfuzz-testcase-minimized-6011037813833728
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-13 23:28:33 +02:00
Michael Niedermayer
8c5cd1c9d3
avcodec/webp: Fix signedness in prefix_code check
...
Fixes: out of array read
Fixes: 1557/clusterfuzz-testcase-minimized-6535013757616128
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-13 23:22:22 +02:00
Michael Niedermayer
86b1b0d33d
avcodec/svq3: Fix runtime error: signed integer overflow: 169 * 12717677 cannot be represented in type 'int'
...
Fixes: 1556/clusterfuzz-testcase-minimized-5027865978470400
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-13 23:17:18 +02:00
Michael Niedermayer
e3e51f8c14
avcodec/mlpdec: Check that there is enough data for headers
...
Fixes: out of array access
Fixes: 1541/clusterfuzz-testcase-minimized-6403410590957568
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-13 23:15:13 +02:00
Michael Niedermayer
9351a156de
avcodec/ac3dec: Keep track of band structure
...
It is needed in some corner cases that seem not to be forbidden
Fixes: out of array index
Fixes: 1538/clusterfuzz-testcase-minimized-4696904925446144
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-13 20:36:33 +02:00
Michael Niedermayer
a3508cc3fe
avcodec/webp: Add missing input padding
...
Fixes: 1536/clusterfuzz-testcase-minimized-5973925404082176
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-13 18:28:07 +02:00
Michael Niedermayer
26227d9186
avcodec/aacdec_fixed: Fix runtime error: left shift of negative value -1
...
Fixes: 1535/clusterfuzz-testcase-minimized-5826695535788032
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-13 18:14:18 +02:00
Michael Niedermayer
87b08ee6d2
avcodec/aacsbr_template: Do not change bs_num_env before its checked
...
Fixes: 1489/clusterfuzz-testcase-minimized-5075102901207040
Fixes: out of array access
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-13 18:07:33 +02:00
Michael Niedermayer
48f7757749
avcodec/wavpack: Fix runtime error: signed integer overflow: 2147483642 + 512 cannot be represented in type 'int'
...
Fixed: 1453/clusterfuzz-testcase-minimized-5024976874766336
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-13 18:06:11 +02:00
Michael Niedermayer
2171dfae8c
avcodec/scpr: Fix multiple runtime error: index 256 out of bounds for type 'unsigned int [256]'
...
Fixes: 1519/clusterfuzz-testcase-minimized-5286680976162816
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-13 15:54:33 +02:00
Michael Niedermayer
54e1b62ee2
avcodec/h264_cavlc: Fix runtime error: index -1 out of bounds for type 'VLC [15]
...
Fixes: 1513/clusterfuzz-testcase-minimized-6246484833992704
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-13 15:54:33 +02:00
Michael Niedermayer
74dc728a2c
avcodec/mlp: Fix multiple runtime error: left shift of negative value -1
...
Fixes: 1512/clusterfuzz-testcase-minimized-4713846423945216
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-13 15:54:33 +02:00
Paul B Mahol
ed93ed5ee3
avfilter: don't anonymously typedef structs
...
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2017-05-13 11:39:28 +02:00
James Almer
0fbc7a2169
x86/float_dsp: remove usage of integer instructions
2017-05-12 23:34:49 -03:00
Michael Niedermayer
96cbaaa548
avcodec/rangecoder: Fix range coder corner case handling
...
Fixes: 1511/clusterfuzz-testcase-minimized-5906663800307712
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-13 01:46:05 +02:00
Michael Niedermayer
afb4632cc3
avcodec/dds: Fix runtime error: left shift of 210 by 24 places cannot be represented in type 'int'
...
Fixes: 1510/clusterfuzz-testcase-minimized-5826231746428928
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-13 01:40:43 +02:00
Michael Niedermayer
934572c5c3
avcodec/rscc: Check pixel_size for overflow
...
Fixes: 1509/clusterfuzz-testcase-minimized-5129419876204544
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-13 01:32:55 +02:00
Michael Niedermayer
0158b405a7
avcodec/fmvc: Check nb_blocks
...
Fixes: out of array read
Fixes: 1508/clusterfuzz-testcase-minimized-5011336327069696
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-13 01:23:23 +02:00
Michael Niedermayer
e664882523
avcodec/hq_hqadsp: Fix runtime error: signed integer overflow: 80359 * 30274 cannot be represented in type 'int'
...
Fixes: 1507/clusterfuzz-testcase-minimized-4955228300378112
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-13 01:15:29 +02:00
Michael Niedermayer
5ac17f187a
avcodec/cavsdec: Fix runtime error: signed integer overflow: 31 + 2147483640 cannot be represented in type 'int'
...
Fixes: 1506/clusterfuzz-testcase-minimized-5401272918212608
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-13 00:43:07 +02:00
Michael Niedermayer
cb243972b1
avcodec/xpmdec: Fix multiple pointer/memory issues
...
Most of these were found through code review in response to
fixing 1466/clusterfuzz-testcase-minimized-5961584419536896
There is thus no testcase for most of this.
The initial issue was Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-12 23:38:03 +02:00
Martin Vignali
73ae60d7df
libavcodec/exr : cosmetics variable name
...
rename tile variable to better follow ffmpeg coding style
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-12 23:38:03 +02:00
James Almer
28f60eeabb
avcodec/avpacket: allow only one element per type in packet side data
...
It was never meant to do otherwise, as av_packet_get_side_data() returns the first
entry it finds of a given type.
Based on code from libavformat's av_stream_add_side_data().
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
2017-05-12 18:30:31 -03:00
Paul B Mahol
3d55e4883c
avfilter/aeval: remove comment that was left from some other file
...
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2017-05-12 21:47:36 +02:00
Paul B Mahol
c02921417b
avfilter/aeval: free input frame on error
...
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2017-05-12 21:42:21 +02:00
Paul B Mahol
e312ed0504
avfilter/af_astats: add RMS difference too
...
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2017-05-12 18:14:45 +02:00
Paul B Mahol
9cd62b2ca4
avfilter/vf_pad: revert part of 57c3670896
...
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2017-05-12 17:37:20 +02:00
Michael Niedermayer
ccce2248bf
avcodec/vp8dsp: vp7_luma_dc_wht_c: Fix multiple runtime error: signed integer overflow: -1366381240 + -1262413604 cannot be represented in type 'int'
...
Fixes: 1440/clusterfuzz-testcase-minimized-5785716111966208
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-12 14:22:50 +02:00
Michael Niedermayer
d5711cb891
avcodec/avcodec: Limit the number of side data elements per packet
...
Fixes: 1293/clusterfuzz-testcase-minimized-6054752074858496
See: [FFmpeg-devel] [PATCH] avcodec/avcodec: Limit the number of side data elements per packet
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-12 14:19:52 +02:00
Michael Niedermayer
f225003d17
avcodec/texturedsp: Fix runtime error: left shift of 255 by 24 places cannot be represented in type 'int'
...
Fixes: 1505/clusterfuzz-testcase-minimized-4561688818876416
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-12 13:40:59 +02:00
Michael Niedermayer
c4c0245686
avcodec/g723_1dec: Fix runtime error: left shift of negative value -1
...
Fixes: 1504/clusterfuzz-testcase-minimized-6249212138225664
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-12 13:40:59 +02:00
Michael Niedermayer
df640dbbc9
avcodec/wmv2dsp: Fix runtime error: signed integer overflow: 181 * -17047030 cannot be represented in type 'int'
...
Fixes: 1503/clusterfuzz-testcase-minimized-5369271855087616
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-12 13:40:59 +02:00
Paul B Mahol
eaf644e120
avfilter: add acopy filter
...
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2017-05-12 10:48:13 +02:00
Michael Niedermayer
6899e6e560
avcodec/diracdec: Fix Assertion frame->buf[0] failed at libavcodec/decode.c:610
...
Fixes: 1487/clusterfuzz-testcase-minimized-6288036495097856
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-11 23:55:59 +02:00
Michael Niedermayer
d05bdba242
avcodec/mss3: Fix runtime error: signed integer overflow: -2146318336 - 2139696256 cannot be represented in type 'int'
...
Fix is similar to rac_get_model_sym()
Fixes: 1483/clusterfuzz-testcase-minimized-6386507814273024
Fixes: 1485/clusterfuzz-testcase-minimized-6639880215986176
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-11 23:55:59 +02:00
Michael Niedermayer
2752410c47
avcodec/golomb: Fix runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
...
Fixes: 1481/clusterfuzz-testcase-minimized-5264379509473280
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-11 23:55:49 +02:00
Michael Niedermayer
15e892aad1
avcodec/msmpeg4dec: Check for cbpy VLC errors
...
Fixes: runtime error: left shift of negative value -1
Fixes: 1480/clusterfuzz-testcase-minimized-5188321007370240
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-11 20:04:57 +02:00
Michael Niedermayer
2bfd0a9758
avcodec/cllc: Check num_bits
...
Fixes: runtime error: shift exponent -2 is negative
Fixes: 1479/clusterfuzz-testcase-minimized-6638493360979968
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-11 20:04:57 +02:00
Michael Niedermayer
e717fa1f0a
avcodec/cllc: Factor VLC_BITS/DEPTH out, do not use repeated literal numbers
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-11 20:04:57 +02:00
James Almer
602ac48720
doc/libav-merge: mention the skipped AVFrame crop fields usage commits
2017-05-11 14:03:41 -03:00
James Almer
fc63d5ceb3
Merge commit '1202b712690c14f0efb06e4ad8b06c5b3df6822a'
...
* commit '1202b712690c14f0efb06e4ad8b06c5b3df6822a':
theora: export cropping information instead of handling it internally
h264dec: export cropping information instead of handling it internally
h264dec: be more explicit in handling container cropping
hevcdec: export cropping information instead of handling it internally
This commit is a noop.
This changes the cropping behavior, when it's supposedly only meant to move
it outside of the decoder.
See https://ffmpeg.org/pipermail/ffmpeg-devel/2017-May/211239.html for the
discussion about it.
Merged-by: James Almer <jamrial@gmail.com>
2017-05-11 14:02:45 -03:00
Michael Niedermayer
7ac5067146
avcodec/scpr: Check y in first line loop in decompress_i()
...
Fixes: out of array access
Fixes: 1478/clusterfuzz-testcase-minimized-5285486908145664
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-11 15:51:08 +02:00
Michael Niedermayer
8a69f2602f
avcodec/dvbsubdec: Check entry_id
...
Fixes: randomly writing over the array end
Fixes: 1473/clusterfuzz-testcase-minimized-5768907824562176
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-11 15:51:08 +02:00
Michael Niedermayer
3a0ff78168
avcodec/aacdec_fixed: Fix multiple shift exponent 33 is too large for 32-bit type 'int'
...
Fixes: 1471/clusterfuzz-testcase-minimized-6376460543590400
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-11 15:51:08 +02:00
Michael Niedermayer
d9051f8f3e
avcodec/mimic: Fix runtime error: index 96 out of bounds for type 'const int8_t [64]'
...
Fixes: 1468/clusterfuzz-testcase-minimized-5235964056174592
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-11 15:51:08 +02:00
Matthieu Bouron
1795dccde0
lavc/mediacodec_wrapper: fix local reference leaks
...
Reviewed-by: Clément Bœsch <u@pkh.me>
2017-05-11 16:29:03 +02:00
Matthieu Bouron
2f43897f65
lavc/ffjni: fix local reference leak
...
Reviewed-by: Clément Bœsch <u@pkh.me>
2017-05-11 16:28:59 +02:00
Matthieu Bouron
5d0b8b1ae3
lavc/aarch64/simple_idct: fix iOS build without gas-preprocessor
...
Separates macro arguments with commas and passes .4H/.8H as macro
arguments instead of 4H/8H (the later form being interpreted as an
hexadecimal value).
Fixes ticket #6324 .
Suggested-by: Martin Storsjö <martin@martin.st>
2017-05-11 16:28:54 +02:00