Alternatively the parser could be re implemented / redesigned so as to better
and more efficiently find frame boundaries
Fixes: Timeout
Fixes: 9210/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PBM_fuzzer-4770771833454592
Fixes: 9214/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PPM_fuzzer-5741633353023488
Fixes: 9219/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PGM_fuzzer-6249230237696000
Fixes: 9550/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PAM_fuzzer-5312669836902400
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: simple_idct_template.c:184:30: runtime error: signed integer overflow: -1065517056 - 1392182838 cannot be represented in type 'int'
Fixes: simple_idct_template.c:269:21: runtime error: signed integer overflow: 16384 * 259254 cannot be represented in type 'int'
Fixes: simple_idct_template.c:164:17: runtime error: signed integer overflow: 21407 * 210162 cannot be represented in type 'int'
Fixes: simple_idct_template.c:167:17: runtime error: signed integer overflow: 21407 * 210162 cannot be represented in type 'int'
Fixes: simple_idct_template.c:169:19: runtime error: signed integer overflow: 22725 * 259190 cannot be represented in type 'int'
Fixes: simple_idct_template.c:171:19: runtime error: signed integer overflow: 19265 * 259190 cannot be represented in type 'int'
Fixes: simple_idct_template.c:173:19: runtime error: signed integer overflow: 12873 * 259190 cannot be represented in type 'int'
Fixes: simple_idct_template.c:183:28: runtime error: signed integer overflow: 1860878336 + 585177665 cannot be represented in type 'int'
Fixes: simple_idct_template.c:159:17: runtime error: signed integer overflow: 16384 * 189520 cannot be represented in type 'int'
Fixes: simple_idct_template.c:170:22: runtime error: signed integer overflow: 19265 * 130147 cannot be represented in type 'int'
Fixes: simple_idct_template.c:174:23: runtime error: signed integer overflow: -22725 * 130147 cannot be represented in type 'int'
Fixes: simple_idct_template.c:183:20: runtime error: signed integer overflow: 16384 * -175206 cannot be represented in type 'int'
Fixes: simple_idct_template.c:184:22: runtime error: signed integer overflow: -16384 * -175206 cannot be represented in type 'int'
Fixes: simple_idct_template.c:185:22: runtime error: signed integer overflow: -16384 * -175206 cannot be represented in type 'int'
Fixes: simple_idct_template.c:186:20: runtime error: signed integer overflow: 16384 * -175206 cannot be represented in type 'int'
Fixes: simple_idct_template.c:195:26: runtime error: signed integer overflow: 19265 * 150747 cannot be represented in type 'int'
Fixes: simple_idct_template.c:198:27: runtime error: signed integer overflow: -22725 * 150747 cannot be represented in type 'int'
Fixes: simple_idct_template.c:184:37: runtime error: signed integer overflow: 21407 * -171941 cannot be represented in type 'int'
Fixes: simple_idct_template.c:185:37: runtime error: signed integer overflow: 21407 * -171941 cannot be represented in type 'int'
Fixes: simple_idct_template.c:192:27: runtime error: signed integer overflow: -12873 * 206341 cannot be represented in type 'int'
Fixes: simple_idct_template.c:185:30: runtime error: signed integer overflow: 1196441600 + 1703756981 cannot be represented in type 'int'
Fixes: simple_idct_template.c:176:23: runtime error: signed integer overflow: -12873 * 168461 cannot be represented in type 'int'
Fixes: simple_idct_template.c:191:27: runtime error: signed integer overflow: -22725 * -140062 cannot be represented in type 'int'
Fixes: simple_idct_template.c:197:26: runtime error: signed integer overflow: 19265 * -140062 cannot be represented in type 'int'
Fixes: simple_idct_template.c:183:34: runtime error: signed integer overflow: 8867 * -243046 cannot be represented in type 'int'
Fixes: simple_idct_template.c:186:34: runtime error: signed integer overflow: 8867 * -243046 cannot be represented in type 'int'
Fixes: simple_idct_template.c:186:28: runtime error: signed integer overflow: -816234496 - 2139878414 cannot be represented in type 'int'
Fixes: simple_idct_template.c:188:26: runtime error: signed integer overflow: 12873 * -239872 cannot be represented in type 'int'
Fixes: simple_idct_template.c:165:16: runtime error: signed integer overflow: 8867 * -260084 cannot be represented in type 'int'
Fixes: simple_idct_template.c:166:16: runtime error: signed integer overflow: 8867 * -260084 cannot be represented in type 'int'
Fixes: 9135/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-6324422955761664
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: -1813244069 + -1407981383 cannot be represented in type 'int'
Fixes: 8823/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5643295618236416
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This code came originally from gstreamer, where it was added in [1]
as a work-around for the Tegra 3. (The alignment was changed in [2]
as a response to [3], from 32-bit to 16-bit).
gstreamer only used this workaround in the case where the decoder
didn't return a slice-height property, but when the code was copied
into avcodec the conditional got lost. This commit restores the guard
and prefers the slice-height from the decoder when it is available.
This fixes segfaults decoding 1920x1080 h264 and mpeg2 videos on the
NVidia SHIELD after upgrading to Android Oreo.
[1] a870e6a5c3
[2] 21ff3ae0b0
[3] https://bugzilla.gnome.org/show_bug.cgi?id=748867
Signed-off-by: Aman Gupta <aman@tmm1.net>
Fixes some SVQ3 encoded files which fail to decode correctly after 6d6faa2a2d.
These files exhibit lots of artifacts and logs show "Media key encryption is not implemented".
However they decode without artifacts before 6d6faa2a2d.
The attatched patch allows these files to successfully decode, but also reject media key files.
Tested on the files in #6094 and http://samples.mplayerhq.hu/V-codecs/SVQ3/Vertical400kbit.sorenson3.mov
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Some containers, like Matroska, may propagate key frames with no Sequence
Header OBU since it's provided in extradata instead.
With this change, the Sequence Header will be appended to the packet data
before calling aom_codec_decode().
Signed-off-by: James Almer <jamrial@gmail.com>
Fixes: signed integer overflow: 8 * 340018243 cannot be represented in type 'int'
Fixes: 9441/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5194665207791616
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 88 * 33685506 cannot be represented in type 'int'
Fixes: 9433/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5725943535501312
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 9291/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-6324345860259840
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 8926/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-6047609228623872
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: -393471 * 5460 cannot be represented in type 'int'
Fixes: 8890/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-6299775379963904
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
frame_number will not increase if nothing is output
Fixes: Timeout
Fixes: 9057/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CDGRAPHICS_fuzzer-4844661498707968
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
And add it to the CONFIGURABLE_COMPONENTS list in Makefile. This way, changes
to the new file will be tracked and the usual warning to suggest re-running
configure will be shown.
Reviewed-by: Rostislav Pehlivanov <atomnuker@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
Fixes the following warnings:
In file included from libavcodec/fft_fixed.c:21:0:
libavcodec/fft_template.c:528:6: warning: ‘pass_big’ defined but not used [-Wunused-function]
PASS(pass_big)
^
libavcodec/fft_template.c:505:13: note: in definition of macro ‘PASS’
static void name(FFTComplex *z, const FFTSample *wre, unsigned int n)\
^~~~
CC libavcodec/ffv1.o
In file included from libavcodec/fft_float.c:21:0:
libavcodec/fft_template.c:528:6: warning: ‘pass_big’ defined but not used [-Wunused-function]
PASS(pass_big)
^
libavcodec/fft_template.c:505:13: note: in definition of macro ‘PASS’
static void name(FFTComplex *z, const FFTSample *wre, unsigned int n)\
^~~~
GCC requires the argument to vec_splat_u32 to be a literal. The easiest
way to accomplish this is to change 'shift' to be const in scale (as it
is in the transform routine above), and convert both routines to be
inline. This way, GCC can coerce the values to literals.
Tested on a 970 (Apple G5) and POWER9 (Talos II); passed fate and played
a clip of Big Buck Bunny correctly.
Fixes ticket #7048
Signed-off-by: A. Wilcox <AWilcox@Wilcox-Tech.com>
aom_codec_get_global_headers() is not implemented as of libaom 1.0.0 for AV1, so
we're forced to extract the relevant header OBUs from the first packet and propagate
them as packet side data.
Signed-off-by: James Almer <jamrial@gmail.com>
On macOS, a zero rc_max_rate cause an error from
VTSessionSetProperty(kVTCompressionPropertyKey_DataRateLimits).
on iOS (depending on device/version), a zero rc_max_rate cause invalid
arguments from the vtenc_output_callback after few frames and then a crash
within the VideoToolbox library.
Signed-off-by: Aman Gupta <aman@tmm1.net>
Fixes a bug that would prevent using multiple comma-separated filters,
and allows options to be passed to each filter.
Based on similar loop in ffmpeg_opt.c's new_output_stream().
Signed-off-by: Aman Gupta <aman@tmm1.net>
reget buffer can be time consuming, theres no need to do it if failures
occur
Testcase: 9010/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TSCC_fuzzer-6042614817095680
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: out of array read
Fixes: 9350/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DVDSUB_fuzzer-5746777750765568
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
