virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-29 22:00:58 +02:00
Code Issues Releases Activity
107,489 Commits 37 Branches 400 Tags
Commit Graph

107489 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Niedermayer
e443e2e210
avformat/sdsdec: Use av_rescale() to avoid intermediate overflow in duration calculation 
Fixes: signed integer overflow: 72128794995445727 * 240 cannot be represented in type 'long'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_SDS_fuzzer-6628185583779840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit aa8eb1bed075931b0ce0a8bc9a8ff5882830044c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:23 +02:00
Michael Niedermayer
ad56da7634
avformat/sbgdec: Check ts_int in genrate_intervals 
There is probably a better place to check for this, but better
here than nowhere

Fixes: signed integer overflow: -9223372036824775808 - 86400000000 cannot be represented in type 'long'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6601162580688896

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5f529e9147a5c5c8ecf8d5ef0dd569194ce30eed)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:22 +02:00
Michael Niedermayer
3e2b970b00
avformat/sbgdec: clamp end_ts 
Fixes: signed integer overflow: 9223372036851135042 + 15666854 cannot be represented in type 'long'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6573717339111424

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 981f5e46afa3673dfa43eb2bf5017680d5df25dd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:22 +02:00
Michael Niedermayer
77628600aa
avformat/rmdec: check tag_size 
Fixes: signed integer overflow: -2147483648 - 8 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-6598073725353984

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2cb7ee8a36bddd3425897135db514ca62fec6e44)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:22 +02:00
Michael Niedermayer
de79299bf0
avformat/nutdec: Check fields 
Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6566001610719232

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2c146406eac06f3d3cd3d981c29e7affd834cb4d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:21 +02:00
Michael Niedermayer
1c3c25491a
avformat/flvdec: Use 64bit for sum_flv_tag_size 
Fixes: signed integer overflow: 2138820085 + 16130322 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_LIVE_FLV_fuzzer-6704728165187584

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7124f10c1d521096042ba3c9c519828147f78c46)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:21 +02:00
Michael Niedermayer
740a71b583
avformat/jacosubdec: Fix overflow in get_shift() 
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_JACOSUB_fuzzer-6722544461283328
Fixes: signed integer overflow: 48214448 * 60 cannot be represented in type 'int'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b1a68127bbcd3d638363fa0249982c494e87c9e2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:21 +02:00
Michael Niedermayer
4038dfc1d1
avformat/genh: Check nb_channels for IMA ADPCM 
The check could be made more strict

Fixes: signed integer overflow: 36 * 538976288 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_GENH_fuzzer-6539389873815552

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0345a885455dea52fcc570b97f5dc5c75372a39c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:20 +02:00
Michael Niedermayer
c38fde3b9d
avformat/dxa: avoid bpc overflows 
Fixes: signed integer overflow: 2147483647 + 32 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_DXA_fuzzer-6639823726706688

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 93db0f0740cacd64ae07b5e8606b70021e48d364)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:20 +02:00
Michael Niedermayer
48acb06c78
avformat/dhav: Use 64bit seek_back 
Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_DHAV_fuzzer-6604736532447232

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 10453f5192869b63b071aee3962ae2c712f9bfd3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:20 +02:00
Michael Niedermayer
ef0a505126
avformat/cafdec: Check that nb_frasmes fits within 64bit 
Fixes: signed integer overflow: 1099511693312 * 538976288 cannot be represented in type 'long'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6565048815845376

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d4bb4e375975dc0d31d5309106cf6ee0ed75140f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:19 +02:00
Michael Niedermayer
01834eaec2
avformat/asfdec_o: Limit packet offset 
avoids overflows with it

Fixes: signed integer overflow: 9223372036846866010 + 4294967047 cannot be represented in type 'long'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-6538296768987136
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-657169555665715

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 736e9e69d5dbbe1d81885dfef59917eb915d2f96)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:19 +02:00
Michael Niedermayer
08047db178
avformat/apm: Use 64bit for bit_rate computation 
Fixes: signed integer overflow: -1155522528 * 4 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_APM_fuzzer-6580670570299392

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5b23cab5c769d6611a3fe111546d65809046a4d8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:19 +02:00
Michael Niedermayer
ca55032020
avformat/ape: Check frames size 
Fixes: signed integer overflow: 9223372036854775806 + 3 cannot be represented in type 'long'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_APE_fuzzer-6389264140599296

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d0349c9929e2891c90011a83152624d5cf18e628)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:19 +02:00
Michael Niedermayer
c9bb4e3bcc
avformat/icodec: Check nb_pal 
Fixes: signed integer overflow: 538976288 * 4 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ICO_fuzzer-6690068904935424

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit db73ae0dc114aa6fae08e69f977944f056a24995)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:18 +02:00
Michael Niedermayer
14787c60ec
avformat/aiffdec: Use 64bit for block_duration use 
Fixes: signed integer overflow: 3 * -2147483648 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6668935979728896

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9303ba272e988d87084880c57056b750cc5ffd08)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:18 +02:00
Michael Niedermayer
4143d0a33a
avformat/aiffdec: Check block_duration 
Fixes: signed integer overflow: 3 * -2147483648 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6668935979728896

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1c2b6265c87417033f990fa4a14da9d4008320a4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:18 +02:00
Michael Niedermayer
a3d59e33d9
avformat/mxfdec: only probe max run in 
Suggested-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1182bbb2c3226260ed672920251e3410bde8c6c9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:17 +02:00
Michael Niedermayer
89c2911a3c
avformat/mxfdec: Check run_in is within 65536 
Fixes: signed integer overflow: 9223372036854775807 - -2146905566 cannot be represented in type 'long'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-6570996594769920

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7786097825d9e3f02b4574c1924c28818eb83340)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:17 +02:00
Michael Niedermayer
04a2dd8054
avcodec/mjpegdec: Check for unsupported bayer case 
Fixes: out of array access
Fixes: 51462/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-662559341582745

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit dd81cc22b3dd5bd6badf012b4fe4c19e062650f4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:17 +02:00
Michael Niedermayer
c15b355eb5
avcodec/apedec: Fix integer overflow in filter_3800() 
Fixes: signed integer overflow: -2147448926 + -198321 cannot be represented in type 'int'
Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5739619273015296
Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-6744428485672960

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f05247f6a4698c14f1cd523daa90188f50dcf6ad)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:16 +02:00
Michael Niedermayer
5a944b3a98
avcodec/tta: Check 24bit scaling for overflow 
Fixes: signed integer overflow: -8427924 * 256 cannot be represented in type 'int'
Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5409428670644224

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3993345f915bccceee315f44d412445346990e14)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:16 +02:00
Michael Niedermayer
03c168869e
avcodec/mobiclip: Check quantizer for overflow 
Fixes: signed integer overflow: 127 + 2147483536 cannot be represented in type 'int'
Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOBICLIP_fuzzer-6014034970804224

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 677e27a9afa7305a918336699b377fd5b42cc299)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:16 +02:00
Michael Niedermayer
4e07d4a1ee
avcodec/exr: Check preview psize 
Fixes: signed integer overflow: 17121181824 * 538976288 cannot be represented in type 'long long'
Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5915330316206080

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ac26712e35f5ebc726d1be14bb4a420949e66604)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:15 +02:00
Michael Niedermayer
8f483d42e0
avcodec/tiff: Fix loop detection 
Fixes regression with tickets/4364/L1004220.DNG

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 43a4854510a3d596e114d899177a5b3b323ca9fb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:15 +02:00
Michael Niedermayer
47e510aa0c
libavformat/hls: Free keys 
Fixes: memleak
Fixes: 50703/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-6399058578636800

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Steven Liu <lingjiujianke@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d32a9f3137c91de86547601a38fea0693c3497f1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:15 +02:00
Michael Niedermayer
b877696f16
avcodec/fmvc: Move frame allocation to a later stage 
This way more things are checked before allocation

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9783749c66bf6ca2ce7a6db4c74957fe77cbe803)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:14 +02:00
Michael Niedermayer
82207ef266
avfilter/vf_showinfo: remove backspaces 
They mess with storing editing and comparing the results

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 31581ae7ee6d007f2f2dcd16de5df991ba7aa1b6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:14 +02:00
Michael Niedermayer
58c5976ca0
avcodec/speedhq: Check width 
Fixes: out of array access
Fixes: 50014/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SPEEDHQ_fuzzer-4748914632294400

Alternatively the buffer size can be increased

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f0395f9ef6051315973f1fdded1804f81458566d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:14 +02:00
Michael Niedermayer
344c1134a9
avcodec/bink: disallow odd positioned scaled blocks 
Fixes: out of array access
Fixes: 47911/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-6194020855971840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b14104a6376cd774b08cbe5fda56b34320a41b2e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-09-24 22:58:13 +02:00
James Almer
746a210630 avformat/cafenc: derive Opus frame size from the relevant stream parameters 
Use the stream duration as last resort, as an off-by-one result of the
"st->duration / (caf->packets - 1)" calculation can break playback on some
devices.
Also, don't write the sample_rate value propagated by encoders like libopus.
The sample rate of the audio fed to it is irrelevant after being encoded.

Fixes ticket #9930.

Signed-off-by: James Almer <jamrial@gmail.com>
 2022-09-24 12:20:24 -03:00
Andreas Rheinhardt
f202a1fdf7 avformat/dashdec: Fix crash on invalid input/ENOMEM, fix leak 
In case a SupplementalProperty node exists in an adaptationset,
it is searched for a "schemeIdUri" property via xmlGetProp().
Whatever xmlGetProp() returns is then compared via av_strcasecmp()
to a string literal. xmlGetProp() can return NULL, namely in case
no "schemeIdUri" exists and (given that this string is allocated)
presumably also on allocation failure. No check for NULL is done,
so this may crash.

Furthermore, the string returned by xmlGetProp() needs to be freed
with xmlFree(), but this is not done either.

This commit fixes both of these issues; they existed since this code
has been added in 10d008f0fd9e713e290f626300d66382ad786c49.

This has been found while investigating ticket #9697. The continuous
leaks might very well be the reason behind the observed slowdown.

Reviewed-by: Steven Liu <lingjiujianke@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit 14b3830b33075e92f8e2766c0c53e8b6bc570c6c)
 2022-09-23 16:25:21 +02:00
Anton Khirnov
9772ba1b6a lavc/videotoolbox: do not pass AVCodecContext to decoder output callback 
The opaque parameter for the callback is set in videotoolbox_start(),
called when the hwaccel is initialized. When frame threading is used,
avctx will be the context corresponding to the frame thread currently
doing the decoding. Using this same codec context in all subsequent
invocations of the decoder callback (even those triggered by a different
frame thread) is unsafe, and broken after
cc867f2c09d2b69cee8a0eccd62aff002cbbfe11, since each frame thread now
cleans up its hwaccel state after decoding each frame.

Fix this by passing hwaccel_priv_data as the opaque parameter, which
exists in a single instance forwarded between all frame threads.

The only other use of AVCodecContext in the decoder output callback is
as a logging context. For this purpose, store a logging context in
hwaccel_priv_data.

(cherry picked from commit d7f4ad88a0df3c1339e142957bf2c40cd056b8ce)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
 2022-09-23 16:18:16 +02:00
Anton Khirnov
96c78e50a6 lavc/pthread_frame: always transfer stashed hwaccel state 
Fixes assertion failures after avcodec_flush_buffers(), where
stashed hwaccel state is present, but prev_thread is NULL.

Found-by: Wang Bin <wbsecg1@gmail.com>
(cherry picked from commit c504fb869264fbd8fba6e81c186b2f2848b62e26)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
 2022-09-23 16:17:52 +02:00
James Cowgill
2d04a18264 avcodec/arm/sbcenc: avoid callee preserved vfp registers 
When compiling FFmpeg with GCC-9, some very random segfaults were
observed in code which had previously called down into the SBC encoder
NEON assembly routines. This was caused by these functions clobbering
some of the vfp callee saved registers (d8 - d15 aka q4 - q7). GCC was
using these registers to save local variables, but after these
functions returned, they would contain garbage.

Fix by reallocating the registers in the two affected functions in
the following way:
 ff_sbc_analyze_4_neon: q2-q5 => q8-q11, then q1-q4 => q8-q11
 ff_sbc_analyze_8_neon: q2-q9 => q8-q15

The reason for using these replacements is to keep closely related
sets of registers consecutively numbered which hopefully makes the
code more easy to follow. Since this commit only reallocates
registers, it should have no performance impact.

Signed-off-by: James Cowgill <jcowgill@debian.org>
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 50a4dff69f6477b06f00eae1cac2a53ae22fe9a5)
Signed-off-by: Martin Storsjö <martin@martin.st>
 2022-09-20 11:20:52 +03:00
James Almer
425ffaec23 avformat/riffdec: don't unconditionally overwrite WAVEFORMATEXTENSIBLE layout 
Do it only if the value conflicts with the previous channels value.

Fixes ticket #9912

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 60d8c2019f59fcbeb597c900a56c8c4cd9ec8838)
 2022-09-11 09:56:37 -03:00
James Almer
fcbd9ec248 avfilter/vf_scale: overwrite the width and height expressions with the original values 
Instead of the potentially adjusted ones. Otherwise, if config_props() is
called again and if using force_original_aspect_ratio, the already adjusted
values could be altered again.

Example command line
scale=size=1920x1000:force_original_aspect_ratio=decrease:force_divisible_by=2

user value 1920x1000 -> 1920x798 on init_dict() -> 1918x798 on frame
change when eval_mode == EVAL_MODE_INIT, which after e645a1ddb9 could be at the
very first frame.

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit d9e3cb7e73c77ccddc4d29ed5c1be3920f72c226)
 2022-09-06 15:29:05 -03:00
Anton Khirnov
35aa7e70e7 lavc/pthread_frame: avoid leaving stale hwaccel state in worker threads 
This state is not refcounted, so make sure it always has a well-defined
owner.

Remove the block added in 091341f2ab5bd35ca1a2aae90503adc74f8d3523, as
this commit also solves that issue in a more general way.

(cherry picked from commit cc867f2c09d2b69cee8a0eccd62aff002cbbfe11)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
 2022-09-06 09:19:09 +02:00
Andreas Rheinhardt
4424a6223b avutil/tests/.gitignore: Add channel_layout testtool 
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit f89949afed7a538db603f32d463fe9547bc439a7)
 2022-09-05 02:00:55 +02:00
Michael Niedermayer
1bad30dbe3
Update for 5.1.1 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
n5.1.1 		2022-08-31 18:10:03 +02:00
Michael Niedermayer
5c0309d278
avformat/asfdec_o: limit recursion depth in asf_read_unknown() 
The threshold of 5 is arbitrary, both smaller and larger should work fine

Fixes: Stack overflow
Fixes: 50603/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-6049302564175872

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1f1a368169ef9d945dc4b4764f5c60ba9bbc9134)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-08-31 18:06:17 +02:00
Michael Niedermayer
6f53f0d09e
avformat/mov: Check count sums in build_open_gop_key_points() 
Fixes: ffmpeg.md
Fixes: Out of array access
Fixes: CVE-2022-2566

Found-by: Andy Nguyen <theflow@google.com>
Found-by: 3pvd <3pvd@google.com>
Reviewed-by: Andy Nguyen <theflow@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c953baa084607dd1d84c3bfcce3cf6a87c3e6e05)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-08-28 23:07:07 +02:00
Michael Niedermayer
30bd4831e6
doc/git-howto.texi: Document commit signing 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ced0dc807eb67516b341d68f04ce5a87b02820de)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-08-28 23:07:07 +02:00
Michael Niedermayer
5a2bb10733
libavcodec/8bps: Check that line lengths fit within the buffer 
Fixes: Timeout
Fixes: undefined pointer arithmetic
Fixes: 50330/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EIGHTBPS_fuzzer-5436287485607936

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2316d5ec1a95b13ff9a0ce80409fa367a041966d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-08-28 23:07:07 +02:00
Michael Niedermayer
550fd2212d
avcodec/midivid: Perform lzss_uncompress() before ff_reget_buffer() 
This would avoid regeting the frame on lzss errors

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 628fb97efb0b6202e56fab89670406261bf86d85)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-08-28 23:07:06 +02:00
Michael Niedermayer
1cd07b178b
libavformat/iff: Check for overflow in body_end calculation 
Fixes: signed integer overflow: -6322983228386819992 - 5557477266266529857 cannot be represented in type 'long'
Fixes: 50112/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-6329186221948928

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bcb46903040e5a5199281f4ad0a1fdaf750ebc37)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-08-28 23:07:06 +02:00
Michael Niedermayer
59afc50ab4
avformat/avidec: Prevent entity expansion attacks 
Fixes: Timeout
Fixes no testcase, this is the same idea as similar attacks against XML parsers

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f3e823c2aa04d4f5571a5e04c27a244890704c8d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-08-28 23:07:06 +02:00
Michael Niedermayer
54971af920
avcodec/h263dec: Sanity check against minimal I/P frame size 
Fixes: Timeout
Fixes: 49718/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-4874987894341632

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ca4ff9c21cb77e024fa4ff5889826a8bee4d0e0a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-08-28 23:07:05 +02:00
Michael Niedermayer
8cf035cd88
avcodec/hevcdec: Check s->ref in the md5 path similar to hwaccel 
This is somewhat redundant with the is_decoded check. Maybe
there is a nicer solution

Fixes: Null pointer dereference
Fixes: 49584/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5297367351427072

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3b51e1992289383aa9f083c88e153e34b6412c89)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-08-28 23:07:05 +02:00
Michael Niedermayer
c8ee3f9f6f
avcodec/mpegaudiodec_template: use unsigned shift in handle_crc() 
Fixes: left shift of 192 by 24 places cannot be represented in type 'int'
Fixes: 49577/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MP1FLOAT_fuzzer-5205996678545408

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7086491fa0eca4ad647b5c9fae6d07344cc44ec0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2022-08-28 23:07:05 +02:00