virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-24 13:56:33 +02:00
Code Issues Releases Activity
91,026 Commits 37 Branches 400 Tags
Commit Graph

91026 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Niedermayer
21732c1adc avcodec/cscd: Check output buffer size for lzo. 
Fixes: Timeout
Fixes: 8665/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CSCD_fuzzer-5768442610188288

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
(cherry picked from commit 78167b498f53c36c31105a2bf11e90b03637598f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-07-16 19:02:12 +02:00
Michael Niedermayer
d00548f2c1 avcodec/escape124: Check buf_size against num_superblocks 
Fixes: Timeout
Fixes: 8722/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ESCAPE124_fuzzer-4843268402577408

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6677c98626489edfdb4b49b4f66ca91867768a9f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-07-16 19:02:12 +02:00
Michael Niedermayer
10e5302db4 avcodec/h264_parser: Reduce needed history for parsing mb index 
This fixes a bug/regression with very small packets
Fixes: output_file

Regression since: 0782fb6bcb32fe3ab956a99af4cc472ff81da0c2

Reported-by: Thierry Foucu <tfoucu@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d25c945247979a88fac6bb3b7a26370262b96ef1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-07-16 19:02:12 +02:00
Michael Niedermayer
84280dc7cf avcodec/magicyuv: Check bits left in flags&1 branch 
Fixes: Timeout
Fixes: 8690/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MAGICYUV_fuzzer-6542020913922048

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7719b8ccc790b6e1325af0afe2b65e2334a7173c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-07-16 19:02:12 +02:00
Michael Niedermayer
2c404cc11a avcodec/mjpegdec: Check for end of bitstream in ljpeg_decode_rgb_scan() 
Fixes: Timeout
Fixes: 8648/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5108395525799936

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 540e8c2d641bf90fc28e47e170f8c0b1962197e9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-07-16 19:02:12 +02:00
Marton Balint
acb7907319 ffmpeg: fix -stream_loop with multiple inputs 
The input thread needs to be properly cleaned up and re-initalized before we
can start reading again in threaded mode. (Threaded input reading is used when
there is mode than one input file).

Fixes ticket #6121 and #7043.

Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit da36bcbeb78c78e493d18d3cd3ac92ea401e7031)
 2018-07-08 12:52:49 +02:00
Marton Balint
2c138c2d8c ffmpeg: factorize input thread creation and destruction 
Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit b181cd359b872283d5fcaf7c553bbad88517c78b)
 2018-07-08 12:52:40 +02:00
Aman Gupta
b5106c5aa2 avformat/mpegts: parse large PMTs with multiple tables 
In 9152c1e4955, the mpegts parser was taught how to parse
PMT sections which contained multiple tables. That commit
fixed parsing of PMT packets from some cable providers,
which included a special SCTE table (0xc0) before the
standard program map table (0x2).

Sometimes, however, the combined 0xc0 and 0x2 tables are
larger than a single TS packet (188 bytes). The mpegts parser
already attempts to parse sections which span multiple packets,
but still assumed that the split section only contained one
table.

This patch fixes parsing of such a sample[1].

Before:

    Input #0, mpegts, from 'combined-pmt-tids-split.ts':
      Duration: 00:00:01.26, start: 39188.931756, bitrate: 597 kb/s
      Program 1
      No Program
        Stream #0:0[0xeff]: Audio: ac3, 48000 Hz, mono, fltp, 64 kb/s
        Stream #0:1[0xefd]: Audio: mp3, 0 channels, fltp
        Stream #0:2[0xefe]: Unknown: none

After:

    Input #0, mpegts, from 'combined-pmt-tids-split.ts':
      Duration: 00:00:01.27, start: 39188.931756, bitrate: 589 kb/s
      Program 1
        Stream #0:0[0xefd]: Video: h264 ([27][0][0][0] / 0x001B), none, 59.94 fps, 59.94 tbr, 90k tbn, 180k tbc
        Stream #0:1[0xefe](eng): Audio: ac3 ([129][0][0][0] / 0x0081), 48000 Hz, stereo, fltp, 384 kb/s
        Stream #0:2[0xeff](spa): Audio: ac3 ([129][0][0][0] / 0x0081), 48000 Hz, mono, fltp, 64 kb/s
        Stream #0:3[0xf00]: Data: scte_35
        Stream #0:4[0xf01]: Unknown: none (ETV1 / 0x31565445)
        Stream #0:5[0xf02]: Unknown: none (ETV1 / 0x31565445)
        Stream #0:6[0xf03]: Unknown: none ([192][0][0][0] / 0x00C0)

With the patch, the PMT is parsed correctly so the streams are
created in the correct order, are associated with "Program 1",
and their codecs are set correctly.

[1] https://s3.amazonaws.com/tmm1/combined-pmt-tids-split.ts

Signed-off-by: Aman Gupta <aman@tmm1.net>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cd86c5dbcca5e79c979a6a04da25155ccf17f843)
 2018-06-18 12:05:41 -07:00
Aman Gupta
789bac72ed Revert "avcodec/mediacodecdec: wait on first frame after input buffers are full" 
@xyz reported a regression on his Sony Xperia Z3 Tablet Compact where
playback would intermittently fail to start, essentially deadlocking in
the decoder. Bisecting narrowed down the issue to this commit, which was
meant as an optimization but is not necessary.

This reverts commit a75bb5496ac6e7e194f1c6fd3b87f02a52e74adb.

Signed-off-by: Aman Gupta <aman@tmm1.net>
(cherry picked from commit 37c2cb6a68a4cbd746b0a56e38f28f7ee84e925f)
 2018-06-18 12:01:12 -07:00
Thomas Guillem
33fcbb4372 avcodec/videotoolboxenc: fix invalid session on iOS 
Cf. comment. Restart the VT session when the APP goes from foreground to
background and vice versa.

Signed-off-by: Aman Gupta <aman@tmm1.net>
(cherry picked from commit 513e6a30fb013ca34812ccaaf3d090680ac868c5)
 2018-06-18 11:49:38 -07:00
Thomas Guillem
a56eb4d56c avcodec/videotoolboxenc: split initialization 
Split vtenc_init() into vtenc_init() (VTEncContext initialization) and
vtenc_configure_encoder() (creates the vt session).

This commit will allow to restart the vt session while encoding.

Signed-off-by: Aman Gupta <aman@tmm1.net>
(cherry picked from commit 9e11d27c25bf9bbd53fa23e892946752096f378b)
 2018-06-18 11:49:38 -07:00
Thomas Guillem
70799fae35 avcodec/videotoolboxenc: fix mutex/cond leak in error path 
The leak could happen when the vtenc_create_encoder() function failed.

Signed-off-by: Aman Gupta <aman@tmm1.net>
(cherry picked from commit ce2330bdf896458131fcd00f9284c31617adcf01)
 2018-06-18 11:49:38 -07:00
Michael Niedermayer
e049f7c24f Update for 4.0.1 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
n4.0.1 		2018-06-16 00:18:40 +02:00
Michael Niedermayer
83a737aa70 avcodec/aacdec_fixed: Fix undefined integer overflow in apply_independent_coupling_fixed() 
Fixes: signed integer overflow: 1195517 * 2048 cannot be represented in type 'int'
Fixes: 8636/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-4695836326887424

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8bd514d9343746566b123275f8b6d0e9c11ec2b0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-15 22:31:13 +02:00
Michael Niedermayer
2deeb2eaef avcodec/dirac_dwt_template: Fix undefined behavior in interleave() 
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 8697/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5197148130902016

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 575d8ca0260fabac29e5b3541154633569ce2b5d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-15 22:31:13 +02:00
Michael Niedermayer
9eaf908897 avutil/common: Fix undefined behavior in av_clip_uintp2_c() 
Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 8521/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5639024952737792

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit aa41d322be71106ce147445f2b42bb763f1eff86)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-15 22:31:13 +02:00
Michael Niedermayer
1ca157b026 fftools/ffmpeg: Fallback to duration if sample rate is unavailable 
Regression since: af1761f7
Fixes: Division by 0
Fixes: ffmpeg_crash_1

Found-by: Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu with AFLSmart
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 16d8b13b3b26c19d7f8856e039fe6662d96b4ff3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-15 22:31:13 +02:00
Michael Niedermayer
f36128518b avformat/mov: Only set pkt->duration to non negative values 
Reviewed-by: Sasi Inguva <isasi@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8176799f31b23849382623f0f9001acc5edf7c76)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-15 22:31:13 +02:00
Michael Niedermayer
897524954b avcodec/mpeg4videodec: Clear bits_per_raw_sample if it has originated from a previous instance 
Fixes: assertion failure
Fixes: ffmpeg_crash_5.avi

Found-by: Thuan Pham <thuanpv@comp.nus.edu.sg>, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu with AFLSmart
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2fc108f60f98cd00813418a8754a46476b404a3c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-15 22:31:13 +02:00
Timo Teräs
f0e4bc61e3 avformat/movenc: fix recognization of cover image streams 
For chapter images, the mov demux produces streams with disposition set
to attached_pic+timed_thumbnails. This patch fixes to properly recognize
streams that should be encoded as cover image (ones with only and only
attached_pic disposition set).

Signed-off-by: Timo Teräs <timo.teras@iki.fi>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2223811b015926fec68473a08016d40cea0989b2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-15 22:31:13 +02:00
Timo Teräs
36628bd215 avformat/movenc: properly handle cover image codecs 
Find codec tag for attached images using appropriate list of
supported image formats.

This fixes writing the cover image to m4v/m4a and other container
formats that do not allow these codecs as a track.

Signed-off-by: Timo Teräs <timo.teras@iki.fi>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 12205d2c896b7edbc929d4886e7bfda4b53538e5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-15 22:31:13 +02:00
Michael Niedermayer
e42ab0115e avcodec/h264_slice: Fix overflow in recovery_frame computation 
Fixes: signed integer overflow: 15 + 2147483646 cannot be represented in type 'int'
Fixes: 8381/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-6225533137321984

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8c20ea8ee0f3f0b27aca0204c6dfaa4ac137e34e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-15 22:31:13 +02:00
Michael Niedermayer
10f68641ae avcodec/h264_ps: Move MAX_LOG2_MAX_FRAME_NUM to header so it can be used in h264_sei 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b796c5ae9299c795cba0d16ce1d8eef05488953b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-15 22:31:13 +02:00
Michael Niedermayer
f0a10f6376 avcodec/h264_mc_template: Only prefetch motion if the list is used. 
Fixes: index 59 out of bounds for type 'H264Ref [48]'
Fixes: 8232/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5703295145345024

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8b55591757244d8244a2be369c2b54c9ae79b02a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-15 22:31:13 +02:00
Michael Niedermayer
0b4d76d891 avcodec/xwddec: Use ff_set_dimensions() 
Fixes: OOM
Fixes: 8178/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XWD_fuzzer-4844793342459904

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c2852e4e00de4073ff7de82d41cb3368702686e8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-15 22:31:13 +02:00
Michael Niedermayer
4fa2078217 avcodec/wavpack: Fix overflow in adding tail 
Fixes: signed integer overflow: 2146907204 + 26846088 cannot be represented in type 'int'
Fixes: 8105/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVPACK_fuzzer-6233036682166272

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d13379fb79708f550460dd6d698023bf26f968d5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-15 22:31:13 +02:00
Michael Niedermayer
081874a050 avcodec/shorten: Fix multiple integer overflows 
Fixes: signed integer overflow: 3 * 1006632960 cannot be represented in type 'int'
Fixes: 8278/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5692857166856192

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f2abd36b3863188894fd21964c662b6c17268bfb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-15 22:31:13 +02:00
Michael Niedermayer
028a0c9148 avcodec/shorten: Fix undefined shift in fix_bitshift() 
Fixes: left shift of negative value -9
Fixes: 8571/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5715966875926528

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 606c7148231404544005c0827b83c165dd6b39a8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-15 22:31:13 +02:00
Michael Niedermayer
9a53e8572a avcodec/shorten: Fix a negative left shift in shorten_decode_frame() 
Fixes: left shift of negative value -9057
Fixes: 8527/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5666853924896768

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a711efe922b2bf1d363bdf7f8357656c3e35021e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-15 22:31:13 +02:00
Michael Niedermayer
3aa3b05d64 avcodec/shorten: Sanity check nmeans 
Fixes: OOM
Fixes: 8195/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5179785826271232

The reference software appears to use longs for 32bits and it uses int for nmeans
hinting that the intended maximum size was not 32bit.

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d91a0b503d7a886587281bc1ee42476aa5e89f85)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-15 22:31:13 +02:00
Michael Niedermayer
7a5ddf731b avcodec/shorten: Check non COMM chunk len before skip in decode_aiff_header() 
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 8024/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5109204648984576

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 424a81df107b63a166894a4aee3d27702ae3f459)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-15 22:31:13 +02:00
Michael Niedermayer
4b12afccb2 avcodec/mjpegdec: Fix integer overflow in ljpeg_decode_rgb_scan() 
Fixes: signed integer overflow: 32768 + 2147450880 cannot be represented in type 'int'
Fixes: 7885/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THP_fuzzer-5298834394578944

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 936f4a2c2e14ec753e8835f2e820b4cd9aec9a56)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-15 22:31:13 +02:00
Michael Niedermayer
b55c824ee7 avcodec/truemotion2: Fix overflow in tm2_apply_deltas() 
Fixes: signed integer overflow: 1077952576 + 1077952576 cannot be represented in type 'int'
Fixes: 7712/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5056281753681920

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 79c6047c3668c639f717b3a7001a34dddba0ede2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-15 22:31:13 +02:00
Michael Niedermayer
a90497c183 avcodec/opus_silk: Change silk_lsf2lpc() slightly toward silk/NLSF2A.c 
Fixes: runtime error: signed integer overflow: -1440457022 - 785819492 cannot be represented in type 'int'
Fixes: 7700/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_OPUS_fuzzer-6595838684954624

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e7dda51150b73e5fbdccf4c2d3a72e356980fba3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-15 22:31:13 +02:00
Michael Niedermayer
65b2b0d98a avcodec/amrwbdec: Fix division by 0 in find_hb_gain() 
This restructures the code slightly toward D_UTIL_dec_synthesis()

Fixes: 7420/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AMRWB_fuzzer-6577305112543232

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit dce80a4b47efaba97707bda781a9ee57f5a26974)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-15 22:31:13 +02:00
Michael Niedermayer
0097cc0ea3 avcodec/h263dec: Reinitialize idct context if it has not been setup for the active profile 
The profile after reading headers can be different from when the context was initialized

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 44a2415a6d94f841f2026bb70b8b3c19ba68aa72)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-15 22:31:13 +02:00
Michael Niedermayer
07767c704b avcodec/idctdsp: Clear idct/idct_add for studio profile 
This does not leave them "as before" which may be a value from a previous profile

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8c50d0cccfe4c9f25a8494f76da55dcdc2275058)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-15 22:31:13 +02:00
Michael Niedermayer
2e7830e5ff avformat/mov: replace a value error by clipping into valid range in mov_read_stsc() 
Fixes: #7165

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fe84f70819d6f5aab3c4823290e0d32b99d6de78)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-15 22:31:13 +02:00
Michael Niedermayer
4f644b2632 avformat/bintext: Reduce detection for random .bin files as it more likely is not a multimedia related file 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 919e37377a76f63d030d680fcb9506a3f8cc2d62)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-15 22:31:13 +02:00
Michael Niedermayer
1d01a3b34c avformat/mov: Break out early if chunk_count is 0 in mov_build_index() 
Without this some operations might overflow (undefined behavior)
even though the index adding loop would never execute

No testcase known

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 56e76bd0579cc7f7b28860885d9e569a39daf41b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-15 22:31:13 +02:00
Michael Niedermayer
2742cb10c7 avcodec/fic: Avoid some magic numbers related to cursors 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c6a11714c4b1227be62cbc36651ccfc415e8e623)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-15 22:31:13 +02:00
Michael Niedermayer
8229afc3a9 avcodec/mpeg4video: Detect reference studio streams as studio streams 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ba97d75ac6254db90c64d3c7aacdd0548dca7b24)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-15 22:31:13 +02:00
Michael Niedermayer
76f8c8cd05 avcodec/mpeg4videodec: Do not corrupt bits_per_raw_sample 
Reviewed-by: Kieran Kunhya <kierank@obe.tv>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9e5d0860c043ba5d1e48c0f8c42b0fe3b6cbeba4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-15 22:31:13 +02:00
Michael Niedermayer
786834a693 avcodec/mpeg4videode: Eliminate out of loop VOP startcode reading for studio profile 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9f73ae31e075104c7613d481a09a8b102e6449e9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-15 22:31:13 +02:00
Michael Niedermayer
f2c253f083 avcodec/g2meet: ask for sample with overflowing RGB 
Suggested-by: Tomas Härdin <tjoppen@acc.umu.se>

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ab834b8f36c8157b7015e849405cbf6ae21e672f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-15 22:31:13 +02:00
Michael Niedermayer
e26be20a27 avcodec/idctdsp: Transmit studio_profile to init instead of using AVCodecContext profile 
These 2 fields are not always the same, it is simpler to always use the same field
for detecting studio profile

Fixes: null pointer dereference
Fixes: ffmpeg_crash_3.avi

Found-by: Thuan Pham <thuanpv@comp.nus.edu.sg>, Marcel Böhme, Andrew Santosa and Alexandru RazvanCaciulescu with AFLSmart
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b3332a182f8ba33a34542e4a0370f38b914ccf7d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-15 22:31:13 +02:00
Michael Niedermayer
7b7c582c15 avcodec/ac3dec: Check that the number of channels with dependant streams is valid 
Fixes: left shift of 1 by 63 places cannot be represented in type 'long long'
Fixes: out of array access
Fixes: 7284/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AC3_fuzzer-5767914968842240

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e3275f937dc38e740c74539f2f6aad5bfdba2bf1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-15 22:31:13 +02:00
Michael Niedermayer
06b84f7271 avcodec/ac3dec: Fix null pointer dereference in ac3_decode_frame() 
Fixes: index 8 out of bounds for type 'uint8_t *[8]'
Fixes: 7273/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EAC3_fuzzer-6296497667702784

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e3f656f2dea6ef6e2a14e72931f3d6f205f732c8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-15 22:31:13 +02:00
Michael Niedermayer
f974cc9830 avcodec/aacdec_fixed: use 64bit to avoid overflow in rounding in apply_dependent_coupling_fixed() 
Fixes: signed integer overflow: -2141499320 + -14469590 cannot be represented in type 'int'
Fixes: 7351/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-6351214791884800

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 90475db97e2e5931d295df6ab86519fa2e14d259)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-15 22:31:13 +02:00
Michael Niedermayer
af0ba288e7 oavcodec/aacpsdsp_template: Use unsigned for hs0X to prevent undefined behavior 
Fixes: signed integer overflow: 1073741842 + 1784008138 cannot be represented in type 'int'
Fixes: 6792/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5677589835284480

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 62cb6fadf33de6db386deac92853d4b95c930015)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2018-06-15 22:31:13 +02:00