[FFmpeg-cvslog] lavfi/colorspace: move some functions to common file
ffmpeg | branch: master | Ruiling Song | Tue Jan 22
14:27:01 2019 +0800| [d0f3798b4e7f9ec3142f74946f7de41b9e3485cb] | committer:
Ruiling Song
lavfi/colorspace: move some functions to common file
These functions can be reused by other colorspace filters,
so move them to common file. No functional changes.
Signed-off-by: Ruiling Song
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d0f3798b4e7f9ec3142f74946f7de41b9e3485cb
---
libavfilter/colorspace.c| 71
libavfilter/colorspace.h| 4 +++
libavfilter/vf_colorspace.c | 80 +++--
3 files changed, 79 insertions(+), 76 deletions(-)
diff --git a/libavfilter/colorspace.c b/libavfilter/colorspace.c
index c6682216d6..19616e4f12 100644
--- a/libavfilter/colorspace.c
+++ b/libavfilter/colorspace.c
@@ -93,6 +93,77 @@ void ff_fill_rgb2xyz_table(const struct PrimaryCoefficients
*coeffs,
rgb2xyz[2][1] *= sg;
rgb2xyz[2][2] *= sb;
}
+static const double ycgco_matrix[3][3] =
+{
+{ 0.25, 0.5, 0.25 },
+{ -0.25, 0.5, -0.25 },
+{ 0.5, 0, -0.5 },
+};
+
+static const double gbr_matrix[3][3] =
+{
+{ 0,1, 0 },
+{ 0, -0.5, 0.5 },
+{ 0.5, -0.5, 0 },
+};
+
+/*
+ * All constants explained in e.g.
https://linuxtv.org/downloads/v4l-dvb-apis/ch02s06.html
+ * The older ones (bt470bg/m) are also explained in their respective ITU docs
+ * (e.g.
https://www.itu.int/dms_pubrec/itu-r/rec/bt/R-REC-BT.470-5-199802-S!!PDF-E.pdf)
+ * whereas the newer ones can typically be copied directly from wikipedia :)
+ */
+static const struct LumaCoefficients luma_coefficients[AVCOL_SPC_NB] = {
+[AVCOL_SPC_FCC]= { 0.30, 0.59, 0.11 },
+[AVCOL_SPC_BT470BG]= { 0.299, 0.587, 0.114 },
+[AVCOL_SPC_SMPTE170M] = { 0.299, 0.587, 0.114 },
+[AVCOL_SPC_BT709] = { 0.2126, 0.7152, 0.0722 },
+[AVCOL_SPC_SMPTE240M] = { 0.212, 0.701, 0.087 },
+[AVCOL_SPC_YCOCG] = { 0.25, 0.5,0.25 },
+[AVCOL_SPC_RGB]= { 1, 1, 1 },
+[AVCOL_SPC_BT2020_NCL] = { 0.2627, 0.6780, 0.0593 },
+[AVCOL_SPC_BT2020_CL] = { 0.2627, 0.6780, 0.0593 },
+};
+
+const struct LumaCoefficients *ff_get_luma_coefficients(enum AVColorSpace csp)
+{
+const struct LumaCoefficients *coeffs;
+
+if (csp >= AVCOL_SPC_NB)
+return NULL;
+coeffs = _coefficients[csp];
+if (!coeffs->cr)
+return NULL;
+
+return coeffs;
+}
+
+void ff_fill_rgb2yuv_table(const struct LumaCoefficients *coeffs,
+ double rgb2yuv[3][3])
+{
+double bscale, rscale;
+
+// special ycgco matrix
+if (coeffs->cr == 0.25 && coeffs->cg == 0.5 && coeffs->cb == 0.25) {
+memcpy(rgb2yuv, ycgco_matrix, sizeof(double) * 9);
+return;
+} else if (coeffs->cr == 1 && coeffs->cg == 1 && coeffs->cb == 1) {
+memcpy(rgb2yuv, gbr_matrix, sizeof(double) * 9);
+return;
+}
+
+rgb2yuv[0][0] = coeffs->cr;
+rgb2yuv[0][1] = coeffs->cg;
+rgb2yuv[0][2] = coeffs->cb;
+bscale = 0.5 / (coeffs->cb - 1.0);
+rscale = 0.5 / (coeffs->cr - 1.0);
+rgb2yuv[1][0] = bscale * coeffs->cr;
+rgb2yuv[1][1] = bscale * coeffs->cg;
+rgb2yuv[1][2] = 0.5;
+rgb2yuv[2][0] = 0.5;
+rgb2yuv[2][1] = rscale * coeffs->cg;
+rgb2yuv[2][2] = rscale * coeffs->cb;
+}
double ff_determine_signal_peak(AVFrame *in)
{
diff --git a/libavfilter/colorspace.h b/libavfilter/colorspace.h
index 936681815a..459a5df60d 100644
--- a/libavfilter/colorspace.h
+++ b/libavfilter/colorspace.h
@@ -44,6 +44,10 @@ void ff_fill_rgb2xyz_table(const struct PrimaryCoefficients
*coeffs,
const struct WhitepointCoefficients *wp,
double rgb2xyz[3][3]);
+const struct LumaCoefficients *ff_get_luma_coefficients(enum AVColorSpace csp);
+void ff_fill_rgb2yuv_table(const struct LumaCoefficients *coeffs,
+ double rgb2yuv[3][3]);
+
double ff_determine_signal_peak(AVFrame *in);
void ff_update_hdr_metadata(AVFrame *in, double peak);
diff --git a/libavfilter/vf_colorspace.c b/libavfilter/vf_colorspace.c
index f8d1ecdf4a..2120199bee 100644
--- a/libavfilter/vf_colorspace.c
+++ b/libavfilter/vf_colorspace.c
@@ -170,78 +170,6 @@ typedef struct ColorSpaceContext {
// FIXME dithering if bitdepth goes down?
// FIXME bitexact for fate integration?
-static const double ycgco_matrix[3][3] =
-{
-{ 0.25, 0.5, 0.25 },
-{ -0.25, 0.5, -0.25 },
-{ 0.5, 0, -0.5 },
-};
-
-static const double gbr_matrix[3][3] =
-{
-{ 0,1, 0 },
-{ 0, -0.5, 0.5 },
-{ 0.5, -0.5, 0 },
-};
-
-/*
- * All constants explained in e.g.
https://linuxtv.org/downloads/v4l-dvb-apis/ch02s06.html
- * The older ones (bt470bg/m) are also explained in their respective ITU docs
- * (e.g.
https://www.itu.int/dms_pubrec/itu-r/rec/bt/R-REC-BT.470-5-199802-S!!PDF-E.pdf)
- * whereas the newer ones can
[FFmpeg-cvslog] lavfi/colorspace_common: add ifdef check to be more compatible.
ffmpeg | branch: master | Ruiling Song | Mon Jan 21
15:44:04 2019 +0800| [b073fb9eeae8f021a4e18886ccf73cda9f67b00c] | committer:
Ruiling Song
lavfi/colorspace_common: add ifdef check to be more compatible.
Some filters may not need to do linearize/delinearize, thus
will even not define them. Add ifdef check, so they could easily
re-use the .cl file.
Signed-off-by: Ruiling Song
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b073fb9eeae8f021a4e18886ccf73cda9f67b00c
---
libavfilter/opencl/colorspace_common.cl | 14 --
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/libavfilter/opencl/colorspace_common.cl
b/libavfilter/opencl/colorspace_common.cl
index 1d68a546c7..ac911f03ef 100644
--- a/libavfilter/opencl/colorspace_common.cl
+++ b/libavfilter/opencl/colorspace_common.cl
@@ -124,10 +124,14 @@ float3 yuv2rgb(float y, float u, float v) {
float3 yuv2lrgb(float3 yuv) {
float3 rgb = yuv2rgb(yuv.x, yuv.y, yuv.z);
+#ifdef linearize
float r = linearize(rgb.x);
float g = linearize(rgb.y);
float b = linearize(rgb.z);
return (float3)(r, g, b);
+#else
+return rgb;
+#endif
}
float3 rgb2yuv(float r, float g, float b) {
@@ -151,19 +155,25 @@ float rgb2y(float r, float g, float b) {
}
float3 lrgb2yuv(float3 c) {
+#ifdef delinearize
float r = delinearize(c.x);
float g = delinearize(c.y);
float b = delinearize(c.z);
-
return rgb2yuv(r, g, b);
+#else
+return rgb2yuv(c.x, c.y, c.z);
+#endif
}
float lrgb2y(float3 c) {
+#ifdef delinearize
float r = delinearize(c.x);
float g = delinearize(c.y);
float b = delinearize(c.z);
-
return rgb2y(r, g, b);
+#else
+return rgb2y(c.x, c.y, c.z);
+#endif
}
float3 lrgb2lrgb(float3 c) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] lavu/opencl: replace va_ext.h with standard name
ffmpeg | branch: master | Ruiling Song | Fri Nov 23 13:39:12 2018 +0800| [61cb505d18b8a335bd118d88c05b9daf40eb5f9b] | committer: Ruiling Song lavu/opencl: replace va_ext.h with standard name Khronos OpenCL header (https://github.com/KhronosGroup/OpenCL-Headers) uses cl_va_api_media_sharing_intel.h. And Intel's official OpenCL driver for Intel GPU (https://github.com/intel/compute-runtime) was compiled against Khronos OpenCL header. So it's better to align with Khronos. Signed-off-by: Ruiling Song > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=61cb505d18b8a335bd118d88c05b9daf40eb5f9b --- configure| 2 +- libavutil/hwcontext_opencl.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/configure b/configure index a817479559..331393f8d5 100755 --- a/configure +++ b/configure @@ -6472,7 +6472,7 @@ fi if enabled_all opencl vaapi ; then enabled opencl_drm_beignet && enable opencl_vaapi_beignet -check_type "CL/cl.h CL/va_ext.h" "clCreateFromVA_APIMediaSurfaceINTEL_fn" && +check_type "CL/cl.h CL/cl_va_api_media_sharing_intel.h" "clCreateFromVA_APIMediaSurfaceINTEL_fn" && enable opencl_vaapi_intel_media fi diff --git a/libavutil/hwcontext_opencl.c b/libavutil/hwcontext_opencl.c index d3df6221c4..b116c5b708 100644 --- a/libavutil/hwcontext_opencl.c +++ b/libavutil/hwcontext_opencl.c @@ -50,7 +50,7 @@ #include #endif #include -#include +#include #include "hwcontext_vaapi.h" #endif ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] lavfi/opencl: add ff_opencl_print_const_matrix_3x3()
ffmpeg | branch: master | Ruiling Song | Tue Jan 22
14:47:54 2019 +0800| [2593122a167de3294abd5b9cf04df5b8072ee3ed] | committer:
Ruiling Song
lavfi/opencl: add ff_opencl_print_const_matrix_3x3()
This is used to print a 3x3 matrix into a part of OpenCL
source code.
Signed-off-by: Ruiling Song
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2593122a167de3294abd5b9cf04df5b8072ee3ed
---
libavfilter/opencl.c | 13 +
libavfilter/opencl.h | 8
2 files changed, 21 insertions(+)
diff --git a/libavfilter/opencl.c b/libavfilter/opencl.c
index ac5eec68c6..95f0bfc604 100644
--- a/libavfilter/opencl.c
+++ b/libavfilter/opencl.c
@@ -337,3 +337,16 @@ int ff_opencl_filter_work_size_from_image(AVFilterContext
*avctx,
return 0;
}
+
+void ff_opencl_print_const_matrix_3x3(AVBPrint *buf, const char *name_str,
+ double mat[3][3])
+{
+int i, j;
+av_bprintf(buf, "__constant float %s[9] = {\n", name_str);
+for (i = 0; i < 3; i++) {
+for (j = 0; j < 3; j++)
+av_bprintf(buf, " %.5ff,", mat[i][j]);
+av_bprintf(buf, "\n");
+}
+av_bprintf(buf, "};\n");
+}
diff --git a/libavfilter/opencl.h b/libavfilter/opencl.h
index 1b7f117865..0b06232ade 100644
--- a/libavfilter/opencl.h
+++ b/libavfilter/opencl.h
@@ -25,6 +25,7 @@
// it was introduced in OpenCL 2.0.
#define CL_USE_DEPRECATED_OPENCL_1_2_APIS
+#include "libavutil/bprint.h"
#include "libavutil/buffer.h"
#include "libavutil/hwcontext.h"
#include "libavutil/hwcontext_opencl.h"
@@ -124,5 +125,12 @@ int ff_opencl_filter_work_size_from_image(AVFilterContext
*avctx,
size_t *work_size,
AVFrame *frame, int plane,
int block_alignment);
+/**
+ * Print a 3x3 matrix into a buffer as __constant array, which could
+ * be included in an OpenCL program.
+*/
+
+void ff_opencl_print_const_matrix_3x3(AVBPrint *buf, const char *name_str,
+ double mat[3][3]);
#endif /* AVFILTER_OPENCL_H */
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] lavfi/tonemap_opencl: reuse color matrix calculation from colorspace.c
ffmpeg | branch: master | Ruiling Song | Tue Jan 22
15:01:56 2019 +0800| [8b951cd4752c8db2b4532fae9fb300d422950cdd] | committer:
Ruiling Song
lavfi/tonemap_opencl: reuse color matrix calculation from colorspace.c
Signed-off-by: Ruiling Song
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8b951cd4752c8db2b4532fae9fb300d422950cdd
---
libavfilter/opencl/colorspace_common.cl | 25 -
libavfilter/vf_tonemap_opencl.c | 64 +++--
2 files changed, 29 insertions(+), 60 deletions(-)
diff --git a/libavfilter/opencl/colorspace_common.cl
b/libavfilter/opencl/colorspace_common.cl
index 94a4dd0e0e..1d68a546c7 100644
--- a/libavfilter/opencl/colorspace_common.cl
+++ b/libavfilter/opencl/colorspace_common.cl
@@ -39,31 +39,6 @@ constant const float ST2084_C1 = 0.8359375f;
constant const float ST2084_C2 = 18.8515625f;
constant const float ST2084_C3 = 18.6875f;
-__constant float yuv2rgb_bt2020[] = {
-1.0f, 0.0f, 1.4746f,
-1.0f, -0.16455f, -0.57135f,
-1.0f, 1.8814f, 0.0f
-};
-
-__constant float yuv2rgb_bt709[] = {
-1.0f, 0.0f, 1.5748f,
-1.0f, -0.18732f, -0.46812f,
-1.0f, 1.8556f, 0.0f
-};
-
-__constant float rgb2yuv_bt709[] = {
-0.2126f, 0.7152f, 0.0722f,
--0.11457f, -0.38543f, 0.5f,
-0.5f, -0.45415f, -0.04585f
-};
-
-__constant float rgb2yuv_bt2020[] ={
-0.2627f, 0.678f, 0.0593f,
--0.1396f, -0.36037f, 0.5f,
-0.5f, -0.4598f, -0.0402f,
-};
-
-
float get_luma_dst(float3 c) {
return luma_dst.x * c.x + luma_dst.y * c.y + luma_dst.z * c.z;
}
diff --git a/libavfilter/vf_tonemap_opencl.c b/libavfilter/vf_tonemap_opencl.c
index ae3f98d817..315ead49d4 100644
--- a/libavfilter/vf_tonemap_opencl.c
+++ b/libavfilter/vf_tonemap_opencl.c
@@ -18,7 +18,6 @@
#include
#include "libavutil/avassert.h"
-#include "libavutil/bprint.h"
#include "libavutil/common.h"
#include "libavutil/imgutils.h"
#include "libavutil/mem.h"
@@ -35,7 +34,6 @@
// TODO:
// - separate peak-detection from tone-mapping kernel to solve
//one-frame-delay issue.
-// - import colorspace matrix generation from vf_colorspace.c
// - more format support
#define DETECTION_FRAMES 63
@@ -73,16 +71,6 @@ typedef struct TonemapOpenCLContext {
cl_memutil_mem;
} TonemapOpenCLContext;
-static const char *yuv_coff[AVCOL_SPC_NB] = {
-[AVCOL_SPC_BT709] = "rgb2yuv_bt709",
-[AVCOL_SPC_BT2020_NCL] = "rgb2yuv_bt2020",
-};
-
-static const char *rgb_coff[AVCOL_SPC_NB] = {
-[AVCOL_SPC_BT709] = "yuv2rgb_bt709",
-[AVCOL_SPC_BT2020_NCL] = "yuv2rgb_bt2020",
-};
-
static const char *linearize_funcs[AVCOL_TRC_NB] = {
[AVCOL_TRC_SMPTE2084] = "eotf_st2084",
[AVCOL_TRC_ARIB_STD_B67] = "inverse_oetf_hlg",
@@ -93,11 +81,6 @@ static const char *delinearize_funcs[AVCOL_TRC_NB] = {
[AVCOL_TRC_BT2020_10] = "inverse_eotf_bt1886",
};
-static const struct LumaCoefficients luma_coefficients[AVCOL_SPC_NB] = {
-[AVCOL_SPC_BT709] = { 0.2126, 0.7152, 0.0722 },
-[AVCOL_SPC_BT2020_NCL] = { 0.2627, 0.6780, 0.0593 },
-};
-
static const struct PrimaryCoefficients primaries_table[AVCOL_PRI_NB] = {
[AVCOL_PRI_BT709] = { 0.640, 0.330, 0.300, 0.600, 0.150, 0.060 },
[AVCOL_PRI_BT2020] = { 0.708, 0.292, 0.170, 0.797, 0.131, 0.046 },
@@ -137,8 +120,8 @@ static int tonemap_opencl_init(AVFilterContext *avctx)
{
TonemapOpenCLContext *ctx = avctx->priv;
int rgb2rgb_passthrough = 1;
-double rgb2rgb[3][3];
-struct LumaCoefficients luma_src, luma_dst;
+double rgb2rgb[3][3], rgb2yuv[3][3], yuv2rgb[3][3];
+const struct LumaCoefficients *luma_src, *luma_dst;
cl_int cle;
int err;
AVBPrint header;
@@ -215,27 +198,37 @@ static int tonemap_opencl_init(AVFilterContext *avctx)
if (rgb2rgb_passthrough)
av_bprintf(, "#define RGB2RGB_PASSTHROUGH\n");
-else {
-av_bprintf(, "__constant float rgb2rgb[9] = {\n");
-av_bprintf(, "%.4ff, %.4ff, %.4ff,\n",
- rgb2rgb[0][0], rgb2rgb[0][1], rgb2rgb[0][2]);
-av_bprintf(, "%.4ff, %.4ff, %.4ff,\n",
- rgb2rgb[1][0], rgb2rgb[1][1], rgb2rgb[1][2]);
-av_bprintf(, "%.4ff, %.4ff, %.4ff};\n",
- rgb2rgb[2][0], rgb2rgb[2][1], rgb2rgb[2][2]);
+else
+ff_opencl_print_const_matrix_3x3(, "rgb2rgb", rgb2rgb);
+
+
+luma_src = ff_get_luma_coefficients(ctx->colorspace_in);
+if (!luma_src) {
+err = AVERROR(EINVAL);
+av_log(avctx, AV_LOG_ERROR, "unsupported input colorspace %d (%s)\n",
+ ctx->colorspace_in, av_color_space_name(ctx->colorspace_in));
+goto fail;
}
-av_bprintf(, "#define rgb_matrix %s\n",
- rgb_coff[ctx->colorspace_in]);
-av_bprintf(, "#define yuv_matrix %s\n",
- yuv_coff[ctx->colorspace_out]);
+luma_dst = ff_get_luma_coefficients(ctx->colorspace_out);
+if (!luma_dst) {
+err = AVERROR(EINVAL);
+av_log(avctx,
[FFmpeg-cvslog] MAINTAINERS: remove myself as mailing list maintainer
ffmpeg | branch: master | Lou Logan | Thu Mar 21 11:34:13 2019 -0800| [73661740862286464513e2792a31813d383c6afa] | committer: Lou Logan MAINTAINERS: remove myself as mailing list maintainer Refer to Michael, compn, or Baptiste. Signed-off-by: Lou Logan > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=73661740862286464513e2792a31813d383c6afa --- MAINTAINERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MAINTAINERS b/MAINTAINERS index 0545b87e55..88b0109f22 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -53,7 +53,7 @@ Communication website Deby Barbara Lepage fate.ffmpeg.org Timothy Gu Trac bug trackerAlexander Strasser, Michael Niedermayer, Carl Eugen Hoyos -mailing lists Baptiste Coudurier, Lou Logan +mailing lists Baptiste Coudurier Google+ Paul B Mahol, Michael Niedermayer, Alexander Strasser Twitter Lou Logan, Reynaldo H. Verdejo Pinochet Launchpad Timothy Gu ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] doc/mailing-list-faq: ffmpeg-devel is now subscription only
ffmpeg | branch: master | Lou Logan | Thu Mar 21 11:26:11 2019
-0800| [171f8ee40bd77eebe0cf18315a370e097833cd1b] | committer: Lou Logan
doc/mailing-list-faq: ffmpeg-devel is now subscription only
Nobody is going to check the queue anymore, so users must now subscribe to
send messages to ffmpeg-devel. This will prevent orphaned/ignored messages
from rotting in the abandoned queue. This matches the behavior of ffmpeg-user
and libav-user.
Also, this addresses some other nits.
Signed-off-by: Lou Logan
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=171f8ee40bd77eebe0cf18315a370e097833cd1b
---
doc/mailing-list-faq.texi | 22 --
1 file changed, 12 insertions(+), 10 deletions(-)
diff --git a/doc/mailing-list-faq.texi b/doc/mailing-list-faq.texi
index 3f2be1071a..132c037554 100644
--- a/doc/mailing-list-faq.texi
+++ b/doc/mailing-list-faq.texi
@@ -64,10 +64,6 @@ Email @email{ffmpeg-devel@@ffmpeg.org} to send a message to
the
ffmpeg-devel mailing list.
@end itemize
-Note that the ffmpeg-devel mailing list does not require you to subscribe
-to send a message or patch, but ffmpeg-user and libav-user do require
-subscription.
-
@chapter Subscribing / Unsubscribing
@anchor{How do I subscribe?}
@@ -94,6 +90,9 @@ The process is the same for the other mailing lists.
Please avoid asking a mailing list admin to unsubscribe you unless you
are absolutely unable to do so by yourself. See @ref{Who do I contact if I
have a problem with the mailing list?}
+Note that it is possible to temporarily halt message delivery (vacation mode).
+See @ref{How do I disable mail delivery without unsubscribing?}
+
@chapter Moderation Queue
@anchor{Why is my message awaiting moderator approval?}
@section Why is my message awaiting moderator approval?
@@ -116,7 +115,8 @@ or is abusive towards others).
@section How long does it take for my message in the moderation queue to be
approved?
-The queue is usually checked daily to several times a week.
+The queue is not checked on a regular basis. You can ask on the
+@t{#ffmpeg-devel} IRC channel on Freenode for someone to approve your message.
@anchor{How do I delete my message in the moderation queue?}
@section How do I delete my message in the moderation queue?
@@ -157,11 +157,12 @@ Perform a site search using your favorite search engine.
Example:
You can ask for help in the official @t{#ffmpeg} IRC channel on Freenode.
-Some users prefer the third-party Nabble interface which presents the
-mailing lists in a typical forum layout.
+Some users prefer the third-party @url{http://www.ffmpeg-archive.org/, Nabble}
+interface which presents the mailing lists in a typical forum layout.
-There are also numerous third-party help sites such as Super User and
-r/ffmpeg on reddit.
+There are also numerous third-party help sites such as
+@url{https://superuser.com/tags/ffmpeg, Super User} and
+@url{https://www.reddit.com/r/ffmpeg/, r/ffmpeg on reddit}.
@anchor{What is top-posting?}
@section What is top-posting?
@@ -181,7 +182,7 @@ instead of attaching them.
Anywhere that is not too annoying for us to use.
Google Drive and Dropbox are acceptable if you need a file host, and
-0x0.st is good for files under 256 MiB.
+@url{https://0x0.st/, 0x0.st} is good for files under 256 MiB.
Small, short samples are preferred if possible.
@@ -228,6 +229,7 @@ or headers.
You can then filter the mailing list messages to their own folder.
+@anchor{How do I disable mail delivery without unsubscribing?}
@section How do I disable mail delivery without unsubscribing?
Sometimes you may want to temporarily stop receiving all mailing list
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/dfa: Check the chunk header is not truncated
ffmpeg | branch: release/4.0 | Michael Niedermayer |
Sun Mar 10 23:45:19 2019 +0100| [2a2bc7918727eb2d1baa8e2ea7e279d0d9b1] |
committer: Michael Niedermayer
avcodec/dfa: Check the chunk header is not truncated
Fixes: Timeout (11sec -> 3sec)
Fixes:
13218/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DFA_fuzzer-5661074316066816
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit f20760fadbc77483b9ff4b400b53ebb38ee33793)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2a2bc7918727eb2d1baa8e2ea7e279d0d9b1
---
libavcodec/dfa.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavcodec/dfa.c b/libavcodec/dfa.c
index 970175fb73..c6106b9397 100644
--- a/libavcodec/dfa.c
+++ b/libavcodec/dfa.c
@@ -355,6 +355,8 @@ static int dfa_decode_frame(AVCodecContext *avctx,
bytestream2_init(, avpkt->data, avpkt->size);
while (bytestream2_get_bytes_left() > 0) {
+if (bytestream2_get_bytes_left() < 12)
+return AVERROR_INVALIDDATA;
bytestream2_skip(, 4);
chunk_size = bytestream2_get_le32();
chunk_type = bytestream2_get_le32();
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/clearvideo: Check remaining data in P frames
ffmpeg | branch: release/4.0 | Michael Niedermayer |
Fri Mar 8 01:42:06 2019 +0100| [599cfce022b3d7f7b3641867254c7d8a2e027497] |
committer: Michael Niedermayer
avcodec/clearvideo: Check remaining data in P frames
Fixes: Timeout (19sec -> 419msec)
Fixes:
13411/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CLEARVIDEO_fuzzer-5733153811988480
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 41f93f941155f9f9dbb2d5e7f5d20b2238150836)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=599cfce022b3d7f7b3641867254c7d8a2e027497
---
libavcodec/clearvideo.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libavcodec/clearvideo.c b/libavcodec/clearvideo.c
index 5e2f019929..a533613a3e 100644
--- a/libavcodec/clearvideo.c
+++ b/libavcodec/clearvideo.c
@@ -558,6 +558,9 @@ static int clv_decode_frame(AVCodecContext *avctx, void
*data,
} else {
int plane;
+if (c->pmb_width * c->pmb_height > 8LL*(buf_size -
bytestream2_tell()))
+return AVERROR_INVALIDDATA;
+
if ((ret = ff_reget_buffer(avctx, c->pic)) < 0)
return ret;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/dvbsubdec: Check object position
ffmpeg | branch: release/4.0 | Michael Niedermayer |
Tue Mar 5 20:14:05 2019 +0100| [86af0e2a87321663b6c6f5538017dcb1726400c1] |
committer: Michael Niedermayer
avcodec/dvbsubdec: Check object position
Reference: ETSI EN 300 743 V1.2.1 7.2.2 Region composition segment
Fixes: Timeout
Fixes:
13325/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DVBSUB_fuzzer-5143979392237568
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit a8c5ae451184e879fc8ff1333c6f26f9542c8ebf)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=86af0e2a87321663b6c6f5538017dcb1726400c1
---
libavcodec/dvbsubdec.c | 7 +++
1 file changed, 7 insertions(+)
diff --git a/libavcodec/dvbsubdec.c b/libavcodec/dvbsubdec.c
index a657b1d3d0..6af6ef7b70 100644
--- a/libavcodec/dvbsubdec.c
+++ b/libavcodec/dvbsubdec.c
@@ -1261,6 +1261,13 @@ static int dvbsub_parse_region_segment(AVCodecContext
*avctx,
display->y_pos = AV_RB16(buf) & 0xfff;
buf += 2;
+if (display->x_pos >= region->width ||
+display->y_pos >= region->height) {
+av_log(avctx, AV_LOG_ERROR, "Object outside region\n");
+av_free(display);
+return AVERROR_INVALIDDATA;
+}
+
if ((object->type == 1 || object->type == 2) && buf+1 < buf_end) {
display->fgcolor = *buf++;
display->bgcolor = *buf++;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] Update for 4.0.4
ffmpeg | branch: release/4.0 | Michael Niedermayer |
Thu Mar 21 16:52:50 2019 +0100| [162b44e110cbb1f78014a971d5d3641cd30e3bc6] |
committer: Michael Niedermayer
Update for 4.0.4
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=162b44e110cbb1f78014a971d5d3641cd30e3bc6
---
Changelog| 84
RELEASE | 2 +-
doc/Doxyfile | 2 +-
3 files changed, 86 insertions(+), 2 deletions(-)
diff --git a/Changelog b/Changelog
index e3aa4e30a0..00ff5fe7d5 100644
--- a/Changelog
+++ b/Changelog
@@ -1,6 +1,90 @@
Entries are sorted chronologically from oldest to youngest within each release,
releases are sorted from youngest to oldest.
+version 4.0.4:
+- avcodec/dfa: Check the chunk header is not truncated
+- avcodec/clearvideo: Check remaining data in P frames
+- avcodec/dvbsubdec: Check object position
+- avcodec/cdgraphics: Use ff_set_dimensions()
+- avformat/gdv: Check fps
+- configure: use vpx_codec_vp8_dx/cx for libvpx-vp8 checking
+- configure: add missing pthreads extralibs dependency for libvpx-vp9
+- avcodec/mpeg4videodec: Check idx in mpeg4_decode_studio_block()
+- avcodec/dxv: Correct integer overflow in get_opcodes()
+- avcodec/scpr: Fix use of uninitialized variable
+- avcodec/qpeg: Limit copy in qpeg_decode_intra() to the available bytes
+- avcodec/aic: Check remaining bits in aic_decode_coeffs()
+- avcodec/gdv: Check for truncated tags in decompress_5()
+- avcodec/bethsoftvideo: Check block_type
+- avcodec/jpeg2000dwt: Fix integer overflow in dwt_decode97_int()
+- avcodec/error_resilience: Use a symmetric check for skipping MV estimation
+- avcodec/mlpdec: Insuffient typo
+- avcodec/zmbv: obtain frame later
+- avcodec/jvdec: Check available input space before decode8x8()
+- avcodec/h264_direct: Fix overflow in POC comparission
+- avformat/webmdashenc: Check id in adaption_sets
+- avformat/http: Fix Out-of-Bounds access in process_line()
+- avformat/ftp: Fix Out-of-Bounds Access and Information Leak in ftp.c:393
+- avcodec/htmlsubtitles: Fixes denial of service due to use of sscanf in inner
loop for handling braces
+- avcodec/htmlsubtitles: Fixes denial of service due to use of sscanf in inner
loop for tag scaning
+- avformat/matroskadec: Do not leak queued packets on sync errors
+- avcodec/mpeg4videodec: Clear interlaced_dct for studio profile
+- avformat/mov: Do not use reference stream in mov_read_sidx() if there is no
reference stream
+- avcodec/sbrdsp_fixed.c: remove input value limit for sbr_sum_square_c()
+- avformat/mov: validate chunk_count vs stsc_data
+- avformat/mov.c: require tfhd to begin parsing trun
+- avcodec/pgssubdec: Check for duplicate display segments
+- avformat/rtsp: Check number of streams in sdp_parse_line()
+- avformat/rtsp: Clear reply in every iteration in ff_rtsp_connect()
+- avcodec/fic: Check that there is input left in fic_decode_block()
+- avcodec/tiff: Check for 12bit gray fax
+- avutil/imgutils: Optimize memset_bytes() by using av_memcpy_backptr()
+- avutil/mem: Optimize fill32() by unrolling and using 64bit
+- configure: bump year
+- avcodec/diracdec: Check component quant
+- avcodec/tests/rangecoder: initialize array to avoid valgrind warning
+- avcodec/h264_slice: Fix integer overflow in implicit_weight_table()
+- avcodec/exr: set layer_match in all branches
+- avcodec/exr: Check for duplicate channel index
+- avcodec/4xm: Fix returned error codes
+- avformat/libopenmpt: Fix successfull typo
+- avcodec/v4l2_m2m: fix cant typo
+- avcodec/mjpegbdec: Fix some misplaced {} and spaces
+- avformat/wvdec: detect and error out on WavPack DSD files
+- avcodec/mips: Fix failed case: hevc-conformance-AMP_A_Samsung_* when enable
msa
+- avcodec/fic: Fail on invalid slice size/off
+- postproc/postprocess_template: remove FF_REG_sp from clobber list
+- postproc/postprocess_template: Avoid using %4 for the threshold compare
+- avcodec/rpza: Check that there is enough data for all the blocks
+- avcodec/rpza: Move frame allocation to a later point
+- avcodec/avcodec: Document the data type for AV_PKT_DATA_MPEGTS_STREAM_ID
+- avformat/mpegts: Fix side data type for stream id
+- tests/fate/filter-video: increase fuzz for fate-filter-refcmp-psnr-rgb
+- avcodec/mjpegdec: Fix indention of ljpeg_decode_yuv_scan()
+- lavf/id3v2: fail read_apic on EOF reading mimetype
+- avformat/nutenc: Document trailer index assert better
+- lavf/mov: ensure only one tkhd per trak
+- avcodec/clearvideo: Check remaining input bits in P macro block loop
+- avcodec/dxv: Check that there is enough data to decompress
+- avcodec/ppc/hevcdsp: Fix build failures with powerpc-linux-gnu-gcc-4.8 with
--disable-optimizations
+- avcodec/msvideo1: Check for too small dimensions
+- avcodec/wmv2dec: Skip I frame if its smaller than 1/8 of the minimal size
+- avcodec/msmpeg4dec: Skip frame if its smaller than 1/8 of the minimal size
+- avcodec/truemotion2rt: Fix rounding in input size check
+-
[FFmpeg-cvslog] avcodec/aic: Check remaining bits in aic_decode_coeffs()
ffmpeg | branch: release/4.0 | Michael Niedermayer | Mon Feb 25 13:26:25 2019 +0100| [ccf6ca1701d8e5e7ecc697c983a369e2e87680b8] | committer: Michael Niedermayer avcodec/aic: Check remaining bits in aic_decode_coeffs() Fixes: Timeout (78 seconds -> 2 seconds) Fixes: 13186/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AIC_fuzzer-5639516533030912 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 951bb7632fe6e3bb1a9c3b47610705871e471f34) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ccf6ca1701d8e5e7ecc697c983a369e2e87680b8 --- libavcodec/aic.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/aic.c b/libavcodec/aic.c index 9c6f806655..dc28c83661 100644 --- a/libavcodec/aic.c +++ b/libavcodec/aic.c @@ -208,6 +208,9 @@ static int aic_decode_coeffs(GetBitContext *gb, int16_t *dst, int mb, idx; unsigned val; +if (get_bits_left(gb) < 5) +return AVERROR_INVALIDDATA; + has_skips = get_bits1(gb); coeff_type = get_bits1(gb); coeff_bits = get_bits(gb, 3); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] configure: add missing pthreads extralibs dependency for libvpx-vp9
ffmpeg | branch: release/4.0 | Guo, Yejun | Tue Mar 5
06:09:11 2019 +0800| [01209d220b36e42a307233249f917e578ebacc4c] | committer:
Michael Niedermayer
configure: add missing pthreads extralibs dependency for libvpx-vp9
Signed-off-by: Guo, Yejun
Signed-off-by: James Almer
(cherry picked from commit 402bf262375dfecd0e90d7acc67c238abe952fc3)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=01209d220b36e42a307233249f917e578ebacc4c
---
configure | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/configure b/configure
index fca17e6d9c..9a6ccb39f1 100755
--- a/configure
+++ b/configure
@@ -6083,11 +6083,11 @@ enabled libvpx&& {
}
enabled libvpx_vp9_decoder && {
check_pkg_config libvpx_vp9_decoder "vpx >= 1.4.0" "vpx/vpx_decoder.h
vpx/vp8dx.h" vpx_codec_vp9_dx ||
-check_lib libvpx_vp9_decoder "vpx/vpx_decoder.h vpx/vp8dx.h"
"vpx_codec_vp9_dx VPX_IMG_FMT_HIGHBITDEPTH" "-lvpx $libm_extralibs"
+check_lib libvpx_vp9_decoder "vpx/vpx_decoder.h vpx/vp8dx.h"
"vpx_codec_vp9_dx VPX_IMG_FMT_HIGHBITDEPTH" "-lvpx $libm_extralibs
$pthreads_extralibs"
}
enabled libvpx_vp9_encoder && {
check_pkg_config libvpx_vp9_encoder "vpx >= 1.4.0" "vpx/vpx_encoder.h
vpx/vp8cx.h" vpx_codec_vp9_cx ||
-check_lib libvpx_vp9_encoder "vpx/vpx_encoder.h vpx/vp8cx.h"
"vpx_codec_vp9_cx VPX_IMG_FMT_HIGHBITDEPTH" "-lvpx $libm_extralibs"
+check_lib libvpx_vp9_encoder "vpx/vpx_encoder.h vpx/vp8cx.h"
"vpx_codec_vp9_cx VPX_IMG_FMT_HIGHBITDEPTH" "-lvpx $libm_extralibs
$pthreads_extralibs"
}
if disabled_all libvpx_vp8_decoder libvpx_vp9_decoder libvpx_vp8_encoder
libvpx_vp9_encoder; then
die "libvpx enabled but no supported decoders found"
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] configure: use vpx_codec_vp8_dx/cx for libvpx-vp8 checking
ffmpeg | branch: release/4.0 | Guo, Yejun | Tue Mar 5
06:09:18 2019 +0800| [33651c09407e83b011dab95e15b1519bf48cb32e] | committer:
Michael Niedermayer
configure: use vpx_codec_vp8_dx/cx for libvpx-vp8 checking
Signed-off-by: Guo, Yejun
Signed-off-by: James Almer
(cherry picked from commit d9b2668766e3e924d4ebb3c6531b449874e13666)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=33651c09407e83b011dab95e15b1519bf48cb32e
---
configure | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/configure b/configure
index 9a6ccb39f1..15e6c321b1 100755
--- a/configure
+++ b/configure
@@ -6073,12 +6073,12 @@ enabled libvorbis && require_pkg_config
libvorbis vorbis vorbis/codec.h
enabled libvpx&& {
enabled libvpx_vp8_decoder && {
check_pkg_config libvpx_vp8_decoder "vpx >= 1.4.0" "vpx/vpx_decoder.h
vpx/vp8dx.h" vpx_codec_vp8_dx ||
-check_lib libvpx_vp8_decoder "vpx/vpx_decoder.h vpx/vp8dx.h"
"vpx_codec_dec_init_ver VPX_IMG_FMT_HIGHBITDEPTH" -lvpx ||
+check_lib libvpx_vp8_decoder "vpx/vpx_decoder.h vpx/vp8dx.h"
"vpx_codec_vp8_dx VPX_IMG_FMT_HIGHBITDEPTH" "-lvpx $libm_extralibs
$pthreads_extralibs" ||
die "ERROR: libvpx decoder version must be >=1.4.0";
}
enabled libvpx_vp8_encoder && {
check_pkg_config libvpx_vp8_encoder "vpx >= 1.4.0" "vpx/vpx_encoder.h
vpx/vp8cx.h" vpx_codec_vp8_cx ||
-check_lib libvpx_vp8_encoder "vpx/vpx_encoder.h vpx/vp8cx.h"
"vpx_codec_enc_init_ver VPX_IMG_FMT_HIGHBITDEPTH" -lvpx ||
+check_lib libvpx_vp8_encoder "vpx/vpx_encoder.h vpx/vp8cx.h"
"vpx_codec_vp8_cx VPX_IMG_FMT_HIGHBITDEPTH" "-lvpx $libm_extralibs
$pthreads_extralibs" ||
die "ERROR: libvpx encoder version must be >=1.4.0";
}
enabled libvpx_vp9_decoder && {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/cdgraphics: Use ff_set_dimensions()
ffmpeg | branch: release/4.0 | Michael Niedermayer | Tue Mar 5 12:51:22 2019 +0100| [09b6cce9ba4935b9c50f7ca2aad1ed83c7ca6c38] | committer: Michael Niedermayer avcodec/cdgraphics: Use ff_set_dimensions() Fixes: Timeout (17 sec -> 65 milli sec) Fixes: 13264/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CDGRAPHICS_fuzzer-5711167941509120 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 9a9f0e239c1c6f5c96cc90ba673087f86ca1eabc) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=09b6cce9ba4935b9c50f7ca2aad1ed83c7ca6c38 --- libavcodec/cdgraphics.c | 5 + 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/libavcodec/cdgraphics.c b/libavcodec/cdgraphics.c index 87ad5e79f4..da6fb7af03 100644 --- a/libavcodec/cdgraphics.c +++ b/libavcodec/cdgraphics.c @@ -80,11 +80,8 @@ static av_cold int cdg_decode_init(AVCodecContext *avctx) return AVERROR(ENOMEM); cc->transparency = -1; -avctx->width = CDG_FULL_WIDTH; -avctx->height = CDG_FULL_HEIGHT; avctx->pix_fmt = AV_PIX_FMT_PAL8; - -return 0; +return ff_set_dimensions(avctx, CDG_FULL_WIDTH, CDG_FULL_HEIGHT); } static void cdg_border_preset(CDGraphicsContext *cc, uint8_t *data) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/gdv: Check fps
ffmpeg | branch: release/4.0 | Michael Niedermayer |
Tue Mar 5 00:48:18 2019 +0100| [1d77b60e3531917fe8fef217b54088154b61b675] |
committer: Michael Niedermayer
avformat/gdv: Check fps
Fixes: Division by 0
Fixes: ffmpeg_zero_division.bin
Found-by: Anatoly Trosinenko
Signed-off-by: Michael Niedermayer
(cherry picked from commit 38381400fca45d1ae6e7604335b507b7dc70a903)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1d77b60e3531917fe8fef217b54088154b61b675
---
libavformat/gdv.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libavformat/gdv.c b/libavformat/gdv.c
index a69c349cab..3ead383892 100644
--- a/libavformat/gdv.c
+++ b/libavformat/gdv.c
@@ -86,6 +86,9 @@ static int gdv_read_header(AVFormatContext *ctx)
vst->nb_frames = avio_rl16(pb);
fps = avio_rl16(pb);
+if (!fps)
+return AVERROR_INVALIDDATA;
+
snd_flags = avio_rl16(pb);
if (snd_flags & 1) {
ast = avformat_new_stream(ctx, 0);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/qpeg: Limit copy in qpeg_decode_intra() to the available bytes
ffmpeg | branch: release/4.0 | Michael Niedermayer |
Sun Feb 24 00:44:40 2019 +0100| [36a1939b59f0a966cda4de8215621db626833694] |
committer: Michael Niedermayer
avcodec/qpeg: Limit copy in qpeg_decode_intra() to the available bytes
Fixes: Timeout (27 sec -> 39 milli sec)
Fixes:
13151/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QPEG_fuzzer-5717536023248896
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit b819472995f55e827d6bb70dcdd86d963f65ae31)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=36a1939b59f0a966cda4de8215621db626833694
---
libavcodec/qpeg.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavcodec/qpeg.c b/libavcodec/qpeg.c
index e1210c1972..10b55d2dff 100644
--- a/libavcodec/qpeg.c
+++ b/libavcodec/qpeg.c
@@ -90,6 +90,8 @@ static void qpeg_decode_intra(QpegContext *qctx, uint8_t *dst,
}
}
} else {
+if (bytestream2_get_bytes_left(>buffer) < copy)
+copy = bytestream2_get_bytes_left(>buffer);
for(i = 0; i < copy; i++) {
dst[filled++] = bytestream2_get_byte(>buffer);
if (filled >= width) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/dxv: Correct integer overflow in get_opcodes()
ffmpeg | branch: release/4.0 | Michael Niedermayer |
Sun Mar 3 00:47:47 2019 +0100| [63383dea3b16bcf47c362950a2da1177e2693923] |
committer: Michael Niedermayer
avcodec/dxv: Correct integer overflow in get_opcodes()
Fixes:
13099/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXV_fuzzer-5665598896340992
Fixes: signed integer overflow: 2147483647 + 7 cannot be represented in type
'int'
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 6e0b5d3a20e107860a34e90139b860d6b8219a1d)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=63383dea3b16bcf47c362950a2da1177e2693923
---
libavcodec/dxv.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libavcodec/dxv.c b/libavcodec/dxv.c
index bf53d7d706..aef5ec19dd 100644
--- a/libavcodec/dxv.c
+++ b/libavcodec/dxv.c
@@ -426,7 +426,8 @@ static int fill_optable(unsigned *table0, OpcodeTable
*table1, int nb_elements)
static int get_opcodes(GetByteContext *gb, uint32_t *table, uint8_t *dst, int
op_size, int nb_elements)
{
OpcodeTable optable[1024];
-int sum, x, val, lshift, rshift, ret, size_in_bits, i, idx;
+int sum, x, val, lshift, rshift, ret, i, idx;
+int64_t size_in_bits;
unsigned endoffset, newoffset, offset;
unsigned next;
uint8_t *src = (uint8_t *)gb->buffer;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/mpeg4videodec: Check idx in mpeg4_decode_studio_block()
ffmpeg | branch: release/4.0 | Michael Niedermayer |
Sun Mar 10 01:40:59 2019 +0100| [aadce82c585181168f3b7cdf260c3d461d4baa1b] |
committer: Michael Niedermayer
avcodec/mpeg4videodec: Check idx in mpeg4_decode_studio_block()
Fixes: Out of array access
Fixes:
13500/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5769760178962432
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Kieran Kunhya
Signed-off-by: Michael Niedermayer
(cherry picked from commit d227ed5d598340e719eff7156b1aa0a4469e9a6a)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=aadce82c585181168f3b7cdf260c3d461d4baa1b
---
libavcodec/mpeg4videodec.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/libavcodec/mpeg4videodec.c b/libavcodec/mpeg4videodec.c
index e0cfff170f..c9823807b5 100644
--- a/libavcodec/mpeg4videodec.c
+++ b/libavcodec/mpeg4videodec.c
@@ -1897,14 +1897,20 @@ static int mpeg4_decode_studio_block(MpegEncContext *s,
int32_t block[64], int n
code >>= 1;
run = (1 << (additional_code_len - 1)) + code;
idx += run;
+if (idx > 63)
+return AVERROR_INVALIDDATA;
j = scantable[idx++];
block[j] = sign ? 1 : -1;
} else if (group >= 13 && group <= 20) {
/* Level value (Table B.49) */
+if (idx > 63)
+return AVERROR_INVALIDDATA;
j = scantable[idx++];
block[j] = get_xbits(>gb, additional_code_len);
} else if (group == 21) {
/* Escape */
+if (idx > 63)
+return AVERROR_INVALIDDATA;
j = scantable[idx++];
additional_code_len = s->avctx->bits_per_raw_sample +
s->dct_precision + 4;
flc = get_bits(>gb, additional_code_len);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/error_resilience: Use a symmetric check for skipping MV estimation
ffmpeg | branch: release/4.0 | Michael Niedermayer |
Tue Feb 19 18:41:42 2019 +0100| [63957591e951b9aafb3f37551020841dca25a1cd] |
committer: Michael Niedermayer
avcodec/error_resilience: Use a symmetric check for skipping MV estimation
This speeds up the testcase by a factor of 4
Fixes: Timeout
Fixes:
13100/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV2_fuzzer-5767533905313792
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit e4289cb253e29e4d62dc46759eb1a45d8f6d82df)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=63957591e951b9aafb3f37551020841dca25a1cd
---
libavcodec/error_resilience.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/error_resilience.c b/libavcodec/error_resilience.c
index 1abae53f41..35d0c609e5 100644
--- a/libavcodec/error_resilience.c
+++ b/libavcodec/error_resilience.c
@@ -437,7 +437,7 @@ static void guess_mv(ERContext *s)
}
if ((!(s->avctx->error_concealment_EC_GUESS_MVS)) ||
-num_avail <= mb_width / 2) {
+num_avail <= FFMAX(mb_width, mb_height) / 2) {
for (mb_y = 0; mb_y < mb_height; mb_y++) {
for (mb_x = 0; mb_x < s->mb_width; mb_x++) {
const int mb_xy = mb_x + mb_y * s->mb_stride;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/zmbv: obtain frame later
ffmpeg | branch: release/4.0 | Michael Niedermayer |
Thu Feb 21 17:25:14 2019 +0100| [f32ce15f7c0beff43c060560de23daea2f353a7d] |
committer: Michael Niedermayer
avcodec/zmbv: obtain frame later
The frame is not needed that early so obtaining it later avoids
the costly operation in case other checks fail.
Fixes: Timeout (14sec -> 4sec)
Fixes:
13140/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ZMBV_fuzzer-5738330308739072
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Tomas Härdin
Signed-off-by: Michael Niedermayer
(cherry picked from commit 177b40890c6de8c6896e0a1d4a631ea1ca89c044)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f32ce15f7c0beff43c060560de23daea2f353a7d
---
libavcodec/zmbv.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/libavcodec/zmbv.c b/libavcodec/zmbv.c
index b994e96e95..6ef549dff1 100644
--- a/libavcodec/zmbv.c
+++ b/libavcodec/zmbv.c
@@ -519,9 +519,6 @@ static int decode_frame(AVCodecContext *avctx, void *data,
int *got_frame, AVPac
return AVERROR_INVALIDDATA;
}
-if ((ret = ff_get_buffer(avctx, frame, 0)) < 0)
-return ret;
-
if (c->comp == 0) { // uncompressed data
if (c->decomp_size < len) {
av_log(avctx, AV_LOG_ERROR, "Buffer too small\n");
@@ -547,6 +544,9 @@ static int decode_frame(AVCodecContext *avctx, void *data,
int *got_frame, AVPac
av_log(avctx, AV_LOG_ERROR, "decompressed size %d is incorrect,
expected %d\n", c->decomp_len, expected_size);
return AVERROR_INVALIDDATA;
}
+if ((ret = ff_get_buffer(avctx, frame, 0)) < 0)
+return ret;
+
if (c->flags & ZMBV_KEYFRAME) {
frame->key_frame = 1;
frame->pict_type = AV_PICTURE_TYPE_I;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/scpr: Fix use of uninitialized variable
ffmpeg | branch: release/4.0 | Michael Niedermayer |
Thu Feb 28 00:12:14 2019 +0100| [8f6d7a454a32d7dfb7985f9607d800061d047018] |
committer: Michael Niedermayer
avcodec/scpr: Fix use of uninitialized variable
Fixes: Undefined shift
Fixes:
12911/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-5677102915911680
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 53248acfb3b23007c89ae822d7bcae451272d5a7)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8f6d7a454a32d7dfb7985f9607d800061d047018
---
libavcodec/scpr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/scpr.c b/libavcodec/scpr.c
index d76148998b..4856095222 100644
--- a/libavcodec/scpr.c
+++ b/libavcodec/scpr.c
@@ -508,7 +508,7 @@ static int decompress_p(AVCodecContext *avctx,
{
SCPRContext *s = avctx->priv_data;
GetByteContext *gb = >gb;
-int ret, temp, min, max, x, y, cx = 0, cx1 = 0;
+int ret, temp = 0, min, max, x, y, cx = 0, cx1 = 0;
int backstep = linesize - avctx->width;
const int cxshift = s->cxshift;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/jvdec: Check available input space before decode8x8()
ffmpeg | branch: release/4.0 | Michael Niedermayer |
Thu Feb 21 01:09:43 2019 +0100| [ffaa3c3071ea979650ea1e5d90be465d5a8707b3] |
committer: Michael Niedermayer
avcodec/jvdec: Check available input space before decode8x8()
Fixes: Timeout (78 sec -> 15 millisec)
Fixes:
13147/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JV_fuzzer-5727107827630080
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 61523683c5a9bda9aaa7ae24764a3df0401a9877)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ffaa3c3071ea979650ea1e5d90be465d5a8707b3
---
libavcodec/jvdec.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/libavcodec/jvdec.c b/libavcodec/jvdec.c
index cbe83d3c10..4337d5681e 100644
--- a/libavcodec/jvdec.c
+++ b/libavcodec/jvdec.c
@@ -170,6 +170,11 @@ static int decode_frame(AVCodecContext *avctx, void *data,
int *got_frame,
GetBitContext gb;
init_get_bits(, buf, 8 * video_size);
+if (avctx->height/8 * (avctx->width/8) > 4 * video_size) {
+av_log(avctx, AV_LOG_ERROR, "Insufficient input data for
dimensions\n");
+return AVERROR_INVALIDDATA;
+}
+
for (j = 0; j < avctx->height; j += 8)
for (i = 0; i < avctx->width; i += 8)
decode8x8(,
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/mlpdec: Insuffient typo
ffmpeg | branch: release/4.0 | Michael Niedermayer |
Sat Feb 23 22:00:39 2019 +0100| [80c88154441007022eb57f48136d6d9eed3e691f] |
committer: Michael Niedermayer
avcodec/mlpdec: Insuffient typo
Signed-off-by: Michael Niedermayer
(cherry picked from commit fc32e08941ea2795a3096e7a4013843e9ebf5fe3)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=80c88154441007022eb57f48136d6d9eed3e691f
---
libavcodec/mlpdec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/mlpdec.c b/libavcodec/mlpdec.c
index 8caa266b7e..3139a0172f 100644
--- a/libavcodec/mlpdec.c
+++ b/libavcodec/mlpdec.c
@@ -1195,7 +1195,7 @@ static int read_access_unit(AVCodecContext *avctx, void*
data,
}
if (length < header_size + substr_header_size) {
-av_log(m->avctx, AV_LOG_ERROR, "Insuffient data for headers\n");
+av_log(m->avctx, AV_LOG_ERROR, "Insufficient data for headers\n");
goto error;
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/gdv: Check for truncated tags in decompress_5()
ffmpeg | branch: release/4.0 | Michael Niedermayer |
Mon Feb 25 01:26:30 2019 +0100| [87eecb7d854599221c4112a241a49e742f4d1f66] |
committer: Michael Niedermayer
avcodec/gdv: Check for truncated tags in decompress_5()
Testcase:
13169/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_GDV_fuzzer-5666354038833152
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 5cf42f65b60d226d1223d2100cb1d90402189275)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=87eecb7d854599221c4112a241a49e742f4d1f66
---
libavcodec/gdv.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavcodec/gdv.c b/libavcodec/gdv.c
index 79ca157dde..addd513091 100644
--- a/libavcodec/gdv.c
+++ b/libavcodec/gdv.c
@@ -244,6 +244,8 @@ static int decompress_5(AVCodecContext *avctx, unsigned
skip)
while (bytestream2_get_bytes_left_p(pb) > 0 &&
bytestream2_get_bytes_left(gb) > 0) {
int tag = read_bits2(, gb);
+if (bytestream2_get_bytes_left(gb) < 1)
+return AVERROR_INVALIDDATA;
if (tag == 0) {
bytestream2_put_byte(pb, bytestream2_get_byte(gb));
} else if (tag == 1) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/bethsoftvideo: Check block_type
ffmpeg | branch: release/4.0 | Michael Niedermayer | Sun Feb 24 23:39:44 2019 +0100| [24e4039c6fa152b40ff2ebb491f5ea9df88686aa] | committer: Michael Niedermayer avcodec/bethsoftvideo: Check block_type Fixes: Timeout (17 seconds -> 1 second) Fixes: 13184/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BETHSOFTVID_fuzzer-5711446296494080 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit b8ecadec0582a1521b5d0d253376966138e6ca78) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=24e4039c6fa152b40ff2ebb491f5ea9df88686aa --- libavcodec/bethsoftvideo.c | 5 + 1 file changed, 5 insertions(+) diff --git a/libavcodec/bethsoftvideo.c b/libavcodec/bethsoftvideo.c index 274516bf4d..e5a73f55a1 100644 --- a/libavcodec/bethsoftvideo.c +++ b/libavcodec/bethsoftvideo.c @@ -109,6 +109,11 @@ static int bethsoftvid_decode_frame(AVCodecContext *avctx, if(yoffset >= avctx->height) return AVERROR_INVALIDDATA; dst += vid->frame->linesize[0] * yoffset; +case VIDEO_P_FRAME: +case VIDEO_I_FRAME: +break; +default: +return AVERROR_INVALIDDATA; } // main code ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/jpeg2000dwt: Fix integer overflow in dwt_decode97_int()
ffmpeg | branch: release/4.0 | Michael Niedermayer | Tue Feb 19 00:05:51 2019 +0100| [4ee463b69f30c51d0665bfbd6b80364beb2ba65c] | committer: Michael Niedermayer avcodec/jpeg2000dwt: Fix integer overflow in dwt_decode97_int() Fixes: runtime error: signed integer overflow: 2147483598 + 128 cannot be represented in type 'int' Fixes: 12926/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5705100733972480 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 4801eea0d465cd54670e7c19322705544e3e7524) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4ee463b69f30c51d0665bfbd6b80364beb2ba65c --- libavcodec/jpeg2000dwt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/jpeg2000dwt.c b/libavcodec/jpeg2000dwt.c index ce1678a3d7..badf0f8cd0 100644 --- a/libavcodec/jpeg2000dwt.c +++ b/libavcodec/jpeg2000dwt.c @@ -531,7 +531,7 @@ static void dwt_decode97_int(DWTContext *s, int32_t *t) } for (i = 0; i < w * h; i++) -data[i] = (data[i] + ((1<>1)) >> I_PRESHIFT; +data[i] = (data[i] + ((1LL<>1)) >> I_PRESHIFT; } int ff_jpeg2000_dwt_init(DWTContext *s, int border[2][2], ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/h264_direct: Fix overflow in POC comparission
ffmpeg | branch: release/4.0 | Michael Niedermayer | Thu Feb 14 00:05:34 2019 +0100| [5f52e2c420e0f166d78b6a5d4e592c1483b5aad3] | committer: Michael Niedermayer avcodec/h264_direct: Fix overflow in POC comparission Fixes: runtime error: signed integer overflow: 2147421862 - -33624063 cannot be represented in type 'int' Fixes: 12885/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5733516975800320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 5ccf296e74725bc8bdfbfe500d0482daa200b6f3) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5f52e2c420e0f166d78b6a5d4e592c1483b5aad3 --- libavcodec/h264_direct.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/h264_direct.c b/libavcodec/h264_direct.c index ec9fca0350..a01d823e7a 100644 --- a/libavcodec/h264_direct.c +++ b/libavcodec/h264_direct.c @@ -156,8 +156,8 @@ void ff_h264_direct_ref_list_init(const H264Context *const h, H264SliceContext * av_log(h->avctx, AV_LOG_ERROR, "co located POCs unavailable\n"); sl->col_parity = 1; } else -sl->col_parity = (FFABS(col_poc[0] - cur_poc) >= - FFABS(col_poc[1] - cur_poc)); +sl->col_parity = (FFABS(col_poc[0] - (int64_t)cur_poc) >= + FFABS(col_poc[1] - (int64_t)cur_poc)); ref1sidx = sidx = sl->col_parity; // FL -> FL & differ parity ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/webmdashenc: Check id in adaption_sets
ffmpeg | branch: release/4.0 | Michael Niedermayer |
Wed Feb 13 10:15:04 2019 +0100| [f1263f5c7d656ddff75a1127aa45d346e35752fb] |
committer: Michael Niedermayer
avformat/webmdashenc: Check id in adaption_sets
Fixes: out of array access
Found-by: Wenxiang Qian
Signed-off-by: Michael Niedermayer
(cherry picked from commit b687b549aa0fb115861b1343208de8c2630803bf)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f1263f5c7d656ddff75a1127aa45d346e35752fb
---
libavformat/webmdashenc.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/libavformat/webmdashenc.c b/libavformat/webmdashenc.c
index 1280d8a763..26b8727304 100644
--- a/libavformat/webmdashenc.c
+++ b/libavformat/webmdashenc.c
@@ -466,6 +466,7 @@ static int parse_adaptation_sets(AVFormatContext *s)
continue;
else if (state == new_set && !strncmp(p, "id=", 3)) {
void *mem = av_realloc(w->as, sizeof(*w->as) * (w->nb_as + 1));
+const char *comma;
if (mem == NULL)
return AVERROR(ENOMEM);
w->as = mem;
@@ -474,6 +475,11 @@ static int parse_adaptation_sets(AVFormatContext *s)
w->as[w->nb_as - 1].streams = NULL;
p += 3; // consume "id="
q = w->as[w->nb_as - 1].id;
+comma = strchr(p, ',');
+if (!comma || comma - p >= sizeof(w->as[w->nb_as - 1].id)) {
+av_log(s, AV_LOG_ERROR, "'id' in 'adaptation_sets' is
malformed.\n");
+return AVERROR(EINVAL);
+}
while (*p != ',') *q++ = *p++;
*q = 0;
p++;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/ftp: Fix Out-of-Bounds Access and Information Leak in ftp.c:393
ffmpeg | branch: release/4.0 | Wenxiang Qian | Wed Feb 13
08:47:20 2019 +0100| [02518ba07fe6ec7295ac9f786965de72a02b6a4e] | committer:
Michael Niedermayer
avformat/ftp: Fix Out-of-Bounds Access and Information Leak in ftp.c:393
Signed-off-by: Michael Niedermayer
(cherry picked from commit a142ffdcaec06fcbf7d4b00dbb0e5ddfb9e3344d)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=02518ba07fe6ec7295ac9f786965de72a02b6a4e
---
libavformat/ftp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/ftp.c b/libavformat/ftp.c
index 35bfbd47ab..ba64abb429 100644
--- a/libavformat/ftp.c
+++ b/libavformat/ftp.c
@@ -389,7 +389,7 @@ static int ftp_file_size(FTPContext *s)
static const int size_codes[] = {213, 0};
snprintf(command, sizeof(command), "SIZE %s\r\n", s->path);
-if (ftp_send_command(s, command, size_codes, ) == 213 && res) {
+if (ftp_send_command(s, command, size_codes, ) == 213 && res &&
strlen(res) > 4) {
s->filesize = strtoll([4], NULL, 10);
} else {
s->filesize = -1;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/htmlsubtitles: Fixes denial of service due to use of sscanf in inner loop for handling braces
ffmpeg | branch: release/4.0 | Kevin Backhouse via RT
| Wed Feb 6 12:56:01 2019 +|
[7dc5c930354c4339ce36a6cc4f2113c9cfd294f5] | committer: Michael Niedermayer
avcodec/htmlsubtitles: Fixes denial of service due to use of sscanf in inner
loop for handling braces
Fixes: [Semmle Security Reports #19439]
Fixes: dos_sscanf2.mkv
Signed-off-by: Michael Niedermayer
(cherry picked from commit 894995c41e0795c7a44f81adc4838dedc3932e65)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7dc5c930354c4339ce36a6cc4f2113c9cfd294f5
---
libavcodec/htmlsubtitles.c | 23 +--
1 file changed, 21 insertions(+), 2 deletions(-)
diff --git a/libavcodec/htmlsubtitles.c b/libavcodec/htmlsubtitles.c
index c0cfccfb16..d9221ba16b 100644
--- a/libavcodec/htmlsubtitles.c
+++ b/libavcodec/htmlsubtitles.c
@@ -24,6 +24,7 @@
#include "libavutil/common.h"
#include "libavutil/parseutils.h"
#include "htmlsubtitles.h"
+#include
static int html_color_parse(void *log_ctx, const char *str)
{
@@ -44,14 +45,32 @@ static void rstrip_spaces_buf(AVBPrint *buf)
buf->str[--buf->len] = 0;
}
+/*
+ * Fast code for scanning text enclosed in braces. Functionally
+ * equivalent to this sscanf call:
+ *
+ * sscanf(in, "{\\an%*1u}%n", ) >= 0 && len > 0
+ */
+static int scanbraces(const char* in) {
+if (strncmp(in, "{\\an", 4) != 0) {
+return 0;
+}
+if (!isdigit(in[4])) {
+return 0;
+}
+if (in[5] != '}') {
+return 0;
+}
+return 1;
+}
+
/* skip all {\xxx} substrings except for {\an%d}
and all microdvd like styles such as {Y:xxx} */
static void handle_open_brace(AVBPrint *dst, const char **inp, int *an, int
*closing_brace_missing)
{
-int len = 0;
const char *in = *inp;
-*an += sscanf(in, "{\\an%*1u}%n", ) >= 0 && len > 0;
+*an += scanbraces(in);
if (!*closing_brace_missing) {
if ( (*an != 1 && in[1] == '\\')
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/http: Fix Out-of-Bounds access in process_line()
ffmpeg | branch: release/4.0 | Wenxiang Qian | Wed Feb 13 08:54:08 2019 +0100| [4a9f11129697a03353ae58ae42d1c3248de3d0aa] | committer: Michael Niedermayer avformat/http: Fix Out-of-Bounds access in process_line() Signed-off-by: Michael Niedermayer (cherry picked from commit 85f91ed760a517c0d5fcf692d40a5a9d7efa9476) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4a9f11129697a03353ae58ae42d1c3248de3d0aa --- libavformat/http.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/http.c b/libavformat/http.c index 4fdb2f13f2..954eee3ba2 100644 --- a/libavformat/http.c +++ b/libavformat/http.c @@ -915,7 +915,7 @@ static int process_line(URLContext *h, char *line, int line_count, while (av_isspace(*p)) p++; resource = p; -while (!av_isspace(*p)) +while (*p && !av_isspace(*p)) p++; *(p++) = '\0'; av_log(h, AV_LOG_TRACE, "Requested resource: %s\n", resource); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/matroskadec: Do not leak queued packets on sync errors
ffmpeg | branch: release/4.0 | Michael Niedermayer | Wed Feb 6 15:29:38 2019 +0100| [c50ba3cb6cec30daa09bb579295ac619498de9ac] | committer: Michael Niedermayer avformat/matroskadec: Do not leak queued packets on sync errors Fixes: memleak Fixes: clusterfuzz-testcase-minimized-audio_decoder_fuzzer-5649187601121280 Reported-by: Chris Cunningham Tested-by: Chris Cunningham Signed-off-by: Michael Niedermayer (cherry picked from commit d1afa7284c3feba4debfebf1b9cf8ad67640e34a) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c50ba3cb6cec30daa09bb579295ac619498de9ac --- libavformat/matroskadec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index 1ded431b80..37c9a1c11e 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -3537,7 +3537,7 @@ static int matroska_read_packet(AVFormatContext *s, AVPacket *pkt) ret = matroska_resync(matroska, pos); } -return ret; +return 0; } static int matroska_read_seek(AVFormatContext *s, int stream_index, ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/htmlsubtitles: Fixes denial of service due to use of sscanf in inner loop for tag scaning
ffmpeg | branch: release/4.0 | Kevin Backhouse via RT
| Wed Feb 6 11:29:22 2019 +|
[381fa4a29d38e4ddef2a83876fb8f76e96f45a5d] | committer: Michael Niedermayer
avcodec/htmlsubtitles: Fixes denial of service due to use of sscanf in inner
loop for tag scaning
Fixes: [Semmle Security Reports #19438]
Fixes: dos_sscanf1.mkv
Signed-off-by: Michael Niedermayer
(cherry picked from commit 1f00c97bc3475c477f3c468cf2d924d5761d0982)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=381fa4a29d38e4ddef2a83876fb8f76e96f45a5d
---
libavcodec/htmlsubtitles.c | 30 +-
1 file changed, 29 insertions(+), 1 deletion(-)
diff --git a/libavcodec/htmlsubtitles.c b/libavcodec/htmlsubtitles.c
index fb9f900422..c0cfccfb16 100644
--- a/libavcodec/htmlsubtitles.c
+++ b/libavcodec/htmlsubtitles.c
@@ -75,6 +75,34 @@ struct font_tag {
};
/*
+ * Fast code for scanning the rest of a tag. Functionally equivalent to
+ * this sscanf call:
+ *
+ * sscanf(in, "%127[^<>]>%n", buffer, lenp) == 2
+ */
+static int scantag(const char* in, char* buffer, int* lenp) {
+int len;
+
+for (len = 0; len < 128; len++) {
+const char c = *in++;
+switch (c) {
+case '\0':
+return 0;
+case '<':
+return 0;
+case '>':
+buffer[len] = '\0';
+*lenp = len+1;
+return 1;
+default:
+break;
+}
+buffer[len] = c;
+}
+return 0;
+}
+
+/*
* The general politic of the convert is to mask unsupported tags or formatting
* errors (but still alert the user/subtitles writer with an error/warning)
* without dropping any actual text content for the final user.
@@ -155,7 +183,7 @@ int ff_htmlmarkup_to_ass(void *log_ctx, AVBPrint *dst,
const char *in)
len = 0;
-if (sscanf(in+tag_close+1, "%127[^<>]>%n", buffer, ) >= 1 &&
len > 0) {
+if (scantag(in+tag_close+1, buffer, ) && len > 0) {
const int skip = len + tag_close;
const char *tagname = buffer;
while (*tagname == ' ') {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/h264_slice: Fix integer overflow in implicit_weight_table()
ffmpeg | branch: release/4.0 | Michael Niedermayer |
Fri Jan 4 20:00:38 2019 +0100| [5a9170345a29f191269aab4999fac69ce3aa2d29] |
committer: Michael Niedermayer
avcodec/h264_slice: Fix integer overflow in implicit_weight_table()
Fixes: signed integer overflow: 2 * 2132811760 cannot be represented in type
'int'
Fixes:
11156/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-6237685933408256
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 77e56d74f972537aecd5bc2c5c4111e1d6ad0963)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5a9170345a29f191269aab4999fac69ce3aa2d29
---
libavcodec/h264_slice.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/h264_slice.c b/libavcodec/h264_slice.c
index d71ddbe9ba..0790f32a43 100644
--- a/libavcodec/h264_slice.c
+++ b/libavcodec/h264_slice.c
@@ -671,7 +671,7 @@ static void implicit_weight_table(const H264Context *h,
H264SliceContext *sl, in
cur_poc = h->cur_pic_ptr->field_poc[h->picture_structure - 1];
}
if (sl->ref_count[0] == 1 && sl->ref_count[1] == 1 && !FRAME_MBAFF(h)
&&
-sl->ref_list[0][0].poc + (int64_t)sl->ref_list[1][0].poc == 2 *
cur_poc) {
+sl->ref_list[0][0].poc + (int64_t)sl->ref_list[1][0].poc == 2LL *
cur_poc) {
sl->pwt.use_weight= 0;
sl->pwt.use_weight_chroma = 0;
return;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avutil/mem: Optimize fill32() by unrolling and using 64bit
ffmpeg | branch: release/4.0 | Michael Niedermayer |
Thu Jan 17 22:35:10 2019 +0100| [63de02051d72cf42e19465300ef8f75d91d261c1] |
committer: Michael Niedermayer
avutil/mem: Optimize fill32() by unrolling and using 64bit
Reviewed-by: Marton Balint
Signed-off-by: Michael Niedermayer
(cherry picked from commit 12b1338be376a3e5fb606d9fe41b58dc4a9e62c7)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=63de02051d72cf42e19465300ef8f75d91d261c1
---
libavutil/mem.c | 12
1 file changed, 12 insertions(+)
diff --git a/libavutil/mem.c b/libavutil/mem.c
index 6149755a6b..88fe09b179 100644
--- a/libavutil/mem.c
+++ b/libavutil/mem.c
@@ -399,6 +399,18 @@ static void fill32(uint8_t *dst, int len)
{
uint32_t v = AV_RN32(dst - 4);
+#if HAVE_FAST_64BIT
+uint64_t v2= v + ((uint64_t)v<<32);
+while (len >= 32) {
+AV_WN64(dst , v2);
+AV_WN64(dst+ 8, v2);
+AV_WN64(dst+16, v2);
+AV_WN64(dst+24, v2);
+dst += 32;
+len -= 32;
+}
+#endif
+
while (len >= 4) {
AV_WN32(dst, v);
dst += 4;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/sbrdsp_fixed.c: remove input value limit for sbr_sum_square_c()
ffmpeg | branch: release/4.0 | Michael Niedermayer |
Sun Feb 3 15:13:03 2019 +0100| [d5a946615ffc7d7f63485b67ce61f0c9b9fab6cb] |
committer: Michael Niedermayer
avcodec/sbrdsp_fixed.c: remove input value limit for sbr_sum_square_c()
Fixes: 1377/clusterfuzz-testcase-minimized-5487049807233024
Fixes: assertion failure in sbr_sum_square_c()
Signed-off-by: Michael Niedermayer
(cherry picked from commit 4cde7e62dbaa63eda173e8d24a97d273890f282c)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d5a946615ffc7d7f63485b67ce61f0c9b9fab6cb
---
libavcodec/sbrdsp_fixed.c | 34 +++---
1 file changed, 19 insertions(+), 15 deletions(-)
diff --git a/libavcodec/sbrdsp_fixed.c b/libavcodec/sbrdsp_fixed.c
index 57d98da979..91fa664c08 100644
--- a/libavcodec/sbrdsp_fixed.c
+++ b/libavcodec/sbrdsp_fixed.c
@@ -34,32 +34,36 @@
static SoftFloat sbr_sum_square_c(int (*x)[2], int n)
{
SoftFloat ret;
-uint64_t accu, round;
+uint64_t accu = 0, round;
uint64_t accu0 = 0, accu1 = 0, accu2 = 0, accu3 = 0;
int i, nz, nz0;
unsigned u;
+nz = 0;
for (i = 0; i < n; i += 2) {
-// Larger values are inavlid and could cause overflows of accu.
-av_assert2(FFABS(x[i + 0][0]) >> 30 == 0);
accu0 += (int64_t)x[i + 0][0] * x[i + 0][0];
-av_assert2(FFABS(x[i + 0][1]) >> 30 == 0);
accu1 += (int64_t)x[i + 0][1] * x[i + 0][1];
-av_assert2(FFABS(x[i + 1][0]) >> 30 == 0);
accu2 += (int64_t)x[i + 1][0] * x[i + 1][0];
-av_assert2(FFABS(x[i + 1][1]) >> 30 == 0);
accu3 += (int64_t)x[i + 1][1] * x[i + 1][1];
+if ((accu0|accu1|accu2|accu3) > UINT64_MAX -
INT32_MIN*(int64_t)INT32_MIN || i+2>=n) {
+accu0 >>= nz;
+accu1 >>= nz;
+accu2 >>= nz;
+accu3 >>= nz;
+while ((accu0|accu1|accu2|accu3) > (UINT64_MAX - accu) >> 2) {
+accu0 >>= 1;
+accu1 >>= 1;
+accu2 >>= 1;
+accu3 >>= 1;
+accu >>= 1;
+nz ++;
+}
+accu += accu0 + accu1 + accu2 + accu3;
+accu0 = accu1 = accu2 = accu3 = 0;
+}
}
-nz0 = 15;
-while ((accu0|accu1|accu2|accu3) >> 62) {
-accu0 >>= 1;
-accu1 >>= 1;
-accu2 >>= 1;
-accu3 >>= 1;
-nz0 --;
-}
-accu = accu0 + accu1 + accu2 + accu3;
+nz0 = 15 - nz;
u = accu >> 32;
if (u) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/tests/rangecoder: initialize array to avoid valgrind warning
ffmpeg | branch: release/4.0 | Michael Niedermayer |
Fri Jan 4 02:46:29 2019 +0100| [bf83eadbccbe9536cd71582d0fc3601b9e80bc6c] |
committer: Michael Niedermayer
avcodec/tests/rangecoder: initialize array to avoid valgrind warning
Found-by: jamrial
Signed-off-by: Michael Niedermayer
(cherry picked from commit c15972f0af7679b466dd4a10a54ab2f04f9372c8)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bf83eadbccbe9536cd71582d0fc3601b9e80bc6c
---
libavcodec/tests/rangecoder.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/tests/rangecoder.c b/libavcodec/tests/rangecoder.c
index 2da5c0ce33..3a8ba6759c 100644
--- a/libavcodec/tests/rangecoder.c
+++ b/libavcodec/tests/rangecoder.c
@@ -29,7 +29,7 @@
int main(void)
{
RangeCoder c;
-uint8_t b[9 * SIZE];
+uint8_t b[9 * SIZE] = {0};
uint8_t r[9 * SIZE];
int i;
uint8_t state[10];
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avutil/imgutils: Optimize memset_bytes() by using av_memcpy_backptr()
ffmpeg | branch: release/4.0 | Michael Niedermayer |
Tue Dec 25 23:15:20 2018 +0100| [f5c6d42124a4ef8c71b8bd5f9ce078384655daf6] |
committer: Michael Niedermayer
avutil/imgutils: Optimize memset_bytes() by using av_memcpy_backptr()
This is strongly based on code by Marton Balint, and depends on the previous
commit
Fixes: Timeout
Fixes:
11502/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WCMV_fuzzer-5664893810769920
Before: Executed
clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WCMV_fuzzer-5664893810769920
in 11209 ms
After: Executed
clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WCMV_fuzzer-5664893810769920
in 4104 ms
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Marton Balint
Signed-off-by: Michael Niedermayer
(cherry picked from commit f64c0dffa13e6263de3fdff0058ab2fdb03ac1d6)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f5c6d42124a4ef8c71b8bd5f9ce078384655daf6
---
libavutil/imgutils.c | 27 +--
1 file changed, 5 insertions(+), 22 deletions(-)
diff --git a/libavutil/imgutils.c b/libavutil/imgutils.c
index 4938a7ef67..afc73e2def 100644
--- a/libavutil/imgutils.c
+++ b/libavutil/imgutils.c
@@ -501,7 +501,6 @@ int av_image_copy_to_buffer(uint8_t *dst, int dst_size,
static void memset_bytes(uint8_t *dst, size_t dst_size, uint8_t *clear,
size_t clear_size)
{
-size_t pos = 0;
int same = 1;
int i;
@@ -521,28 +520,12 @@ static void memset_bytes(uint8_t *dst, size_t dst_size,
uint8_t *clear,
if (clear_size == 1) {
memset(dst, clear[0], dst_size);
dst_size = 0;
-} else if (clear_size == 2) {
-uint16_t val = AV_RN16(clear);
-for (; dst_size >= 2; dst_size -= 2) {
-AV_WN16(dst, val);
-dst += 2;
-}
-} else if (clear_size == 4) {
-uint32_t val = AV_RN32(clear);
-for (; dst_size >= 4; dst_size -= 4) {
-AV_WN32(dst, val);
-dst += 4;
-}
-} else if (clear_size == 8) {
-uint32_t val = AV_RN64(clear);
-for (; dst_size >= 8; dst_size -= 8) {
-AV_WN64(dst, val);
-dst += 8;
-}
+} else {
+if (clear_size > dst_size)
+clear_size = dst_size;
+memcpy(dst, clear, clear_size);
+av_memcpy_backptr(dst + clear_size, clear_size, dst_size - clear_size);
}
-
-for (; dst_size; dst_size--)
-*dst++ = clear[pos++ % clear_size];
}
// Maximum size in bytes of a plane element (usually a pixel, or multiple
pixels
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/mov: Do not use reference stream in mov_read_sidx() if there is no reference stream
ffmpeg | branch: release/4.0 | Michael Niedermayer |
Tue Feb 12 23:28:35 2019 +0100| [5f799f0cee95fc92fdcaba543f491be997f5c52a] |
committer: Michael Niedermayer
avformat/mov: Do not use reference stream in mov_read_sidx() if there is no
reference stream
Fixes: NULL pointer dereference
Fixes: clusterfuzz-testcase-minimized-audio_decoder_fuzzer-5634316373721088
Reported-by: Chris Cunningham
Signed-off-by: Michael Niedermayer
(cherry picked from commit b0d8b7cb8e86367178ef0c35dcae359d820c3b27)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5f799f0cee95fc92fdcaba543f491be997f5c52a
---
libavformat/mov.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/mov.c b/libavformat/mov.c
index 8e38ad2ff6..14a02dc4e6 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -5029,7 +5029,7 @@ static int mov_read_sidx(MOVContext *c, AVIOContext *pb,
MOVAtom atom)
}
}
}
-for (i = 0; i < c->fc->nb_streams; i++) {
+if (ref_st) for (i = 0; i < c->fc->nb_streams; i++) {
st = c->fc->streams[i];
sc = st->priv_data;
if (!sc->has_sidx) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/fic: Check that there is input left in fic_decode_block()
ffmpeg | branch: release/4.0 | Michael Niedermayer |
Wed Jan 23 00:30:53 2019 +0100| [c600c06af96e7cadae6b77e54b220c1c2a240a80] |
committer: Michael Niedermayer
avcodec/fic: Check that there is input left in fic_decode_block()
Fixes: Timeout
Fixes:
12450/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FIC_fuzzer-5661984622641152
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit db1c4acd02af4de5dfbea6012c296470679aa7a6)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c600c06af96e7cadae6b77e54b220c1c2a240a80
---
libavcodec/fic.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libavcodec/fic.c b/libavcodec/fic.c
index 0b491ef7de..b7b834596b 100644
--- a/libavcodec/fic.c
+++ b/libavcodec/fic.c
@@ -139,6 +139,9 @@ static int fic_decode_block(FICContext *ctx, GetBitContext
*gb,
{
int i, num_coeff;
+if (get_bits_left(gb) < 8)
+return AVERROR_INVALIDDATA;
+
/* Is it a skip block? */
if (get_bits1(gb)) {
*is_p = 1;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/mpeg4videodec: Clear interlaced_dct for studio profile
ffmpeg | branch: release/4.0 | Michael Niedermayer | Fri Feb 15 01:57:09 2019 +0100| [8183623ca38cbeb5bceddc874f218fec66bd802b] | committer: Michael Niedermayer avcodec/mpeg4videodec: Clear interlaced_dct for studio profile Fixes: Out of array access Fixes: 13090/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5408668986638336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Kieran Kunhya Signed-off-by: Michael Niedermayer (cherry picked from commit 1f686d023b95219db933394a7704ad9aa5f01cbb) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8183623ca38cbeb5bceddc874f218fec66bd802b --- libavcodec/mpeg4videodec.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/mpeg4videodec.c b/libavcodec/mpeg4videodec.c index 1776efa9ae..e0cfff170f 100644 --- a/libavcodec/mpeg4videodec.c +++ b/libavcodec/mpeg4videodec.c @@ -2968,6 +2968,7 @@ static int decode_studio_vop_header(Mpeg4DecContext *ctx, GetBitContext *gb) return 0; s->partitioned_frame = 0; +s->interlaced_dct = 0; s->decode_mb = mpeg4_decode_studio_mb; decode_smpte_tc(ctx, gb); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/rtsp: Check number of streams in sdp_parse_line()
ffmpeg | branch: release/4.0 | Michael Niedermayer |
Fri Jan 25 21:30:04 2019 +0100| [a066fc25ca7a925b4ba28c6602dd45d98d943148] |
committer: Michael Niedermayer
avformat/rtsp: Check number of streams in sdp_parse_line()
Fixes: OOM
Found-by: Michael Hanselmann
Reviewed-by: Michael Hanselmann
Signed-off-by: Michael Niedermayer
(cherry picked from commit 497c9b0cce559d43607bbbd679fe42f1d7e9040e)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a066fc25ca7a925b4ba28c6602dd45d98d943148
---
libavformat/rtsp.c | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/libavformat/rtsp.c b/libavformat/rtsp.c
index 82c6c12af5..975637cf54 100644
--- a/libavformat/rtsp.c
+++ b/libavformat/rtsp.c
@@ -454,7 +454,10 @@ static void sdp_parse_line(AVFormatContext *s,
SDPParseState *s1,
} else if (!strcmp(st_type, "text")) {
codec_type = AVMEDIA_TYPE_SUBTITLE;
}
-if (codec_type == AVMEDIA_TYPE_UNKNOWN || !(rt->media_type_mask & (1
<< codec_type))) {
+if (codec_type == AVMEDIA_TYPE_UNKNOWN ||
+!(rt->media_type_mask & (1 << codec_type)) ||
+rt->nb_rtsp_streams >= s->max_streams
+) {
s1->skip_media = 1;
return;
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/mov.c: require tfhd to begin parsing trun
ffmpeg | branch: release/4.0 | chcunningham | Wed
Feb 6 16:12:51 2019 -0800| [12a09ce975145c2641877bb0253c0ad905a28f97] |
committer: Michael Niedermayer
avformat/mov.c: require tfhd to begin parsing trun
Detecting missing tfhd avoids re-using tfhd track info from the previous
moof. For files with multiple tracks, this may make a mess of the
avindex and fragindex, which can later trigger av_assert0 in
mov_read_trun().
Reviewed-by: Derek Buitenhuis
Signed-off-by: Michael Niedermayer
(cherry picked from commit 3ea87e5d9ea075d5b3c0f4f8c6c48e514b454cbe)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=12a09ce975145c2641877bb0253c0ad905a28f97
---
libavformat/isom.h | 1 +
libavformat/mov.c | 10 ++
2 files changed, 11 insertions(+)
diff --git a/libavformat/isom.h b/libavformat/isom.h
index 4da34142f0..0f81bef4cc 100644
--- a/libavformat/isom.h
+++ b/libavformat/isom.h
@@ -85,6 +85,7 @@ typedef struct MOVAtom {
struct MOVParseTableEntry;
typedef struct MOVFragment {
+int found_tfhd;
unsigned track_id;
uint64_t base_data_offset;
uint64_t moof_offset;
diff --git a/libavformat/mov.c b/libavformat/mov.c
index 1864810846..60ad594381 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -1368,6 +1368,9 @@ static void fix_frag_index_entries(MOVFragmentIndex
*frag_index, int index,
static int mov_read_moof(MOVContext *c, AVIOContext *pb, MOVAtom atom)
{
+// Set by mov_read_tfhd(). mov_read_trun() will reject files missing tfhd.
+c->fragment.found_tfhd = 0;
+
if (!c->has_looked_for_mfra && c->use_mfra_for > 0) {
c->has_looked_for_mfra = 1;
if (pb->seekable & AVIO_SEEKABLE_NORMAL) {
@@ -4531,6 +4534,8 @@ static int mov_read_tfhd(MOVContext *c, AVIOContext *pb,
MOVAtom atom)
MOVTrackExt *trex = NULL;
int flags, track_id, i;
+c->fragment.found_tfhd = 1;
+
avio_r8(pb); /* version */
flags = avio_rb24(pb);
@@ -4666,6 +4671,11 @@ static int mov_read_trun(MOVContext *c, AVIOContext *pb,
MOVAtom atom)
AVIndexEntry *new_entries;
MOVFragmentStreamInfo * frag_stream_info;
+if (!frag->found_tfhd) {
+av_log(c->fc, AV_LOG_ERROR, "trun track id unknown, no tfhd was
found\n");
+return AVERROR_INVALIDDATA;
+}
+
for (i = 0; i < c->fc->nb_streams; i++) {
if (c->fc->streams[i]->id == frag->track_id) {
st = c->fc->streams[i];
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/diracdec: Check component quant
ffmpeg | branch: release/4.0 | Michael Niedermayer |
Wed Nov 14 09:42:44 2018 +0100| [1e09bf4d10289d035916258862613241790c7225] |
committer: Michael Niedermayer
avcodec/diracdec: Check component quant
Fixes: Timeout
Fixes:
10708/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5730140957442048
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 28c96c2ce2781c2cd147a9f3c299e18ce1dc7ff8)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1e09bf4d10289d035916258862613241790c7225
---
libavcodec/diracdec.c | 4
1 file changed, 4 insertions(+)
diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c
index 9a417caec5..37c976def7 100644
--- a/libavcodec/diracdec.c
+++ b/libavcodec/diracdec.c
@@ -668,6 +668,10 @@ static void decode_component(DiracContext *s, int comp)
b->length = get_interleaved_ue_golomb(>gb);
if (b->length) {
b->quant = get_interleaved_ue_golomb(>gb);
+if (b->quant > (DIRAC_MAX_QUANT_INDEX - 1)) {
+av_log(s->avctx, AV_LOG_ERROR, "Unsupported quant %d\n",
b->quant);
+b->quant = 0;
+}
align_get_bits(>gb);
b->coeff_data = s->gb.buffer + get_bits_count(>gb)/8;
b->length = FFMIN(b->length, FFMAX(get_bits_left(>gb)/8,
0));
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/pgssubdec: Check for duplicate display segments
ffmpeg | branch: release/4.0 | Michael Niedermayer |
Tue Jan 29 01:06:01 2019 +0100| [b9269c960cae81b5cc503e6629892894380a5527] |
committer: Michael Niedermayer
avcodec/pgssubdec: Check for duplicate display segments
In such a duplication the previous gets overwritten and leaks
Fixes: memleak
Fixes:
12510/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PGSSUB_fuzzer-5694439226343424
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit e35c3d887b3e374c6a091342206a42da48785d70)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b9269c960cae81b5cc503e6629892894380a5527
---
libavcodec/pgssubdec.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/libavcodec/pgssubdec.c b/libavcodec/pgssubdec.c
index b897d72aab..8c10f6d573 100644
--- a/libavcodec/pgssubdec.c
+++ b/libavcodec/pgssubdec.c
@@ -676,6 +676,11 @@ static int decode(AVCodecContext *avctx, void *data, int
*data_size,
*/
break;
case DISPLAY_SEGMENT:
+if (*data_size) {
+av_log(avctx, AV_LOG_ERROR, "Duplicate display segment\n");
+ret = AVERROR_INVALIDDATA;
+break;
+}
ret = display_end_segment(avctx, data, buf, segment_length);
if (ret >= 0)
*data_size = ret;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/mov: validate chunk_count vs stsc_data
ffmpeg | branch: release/4.0 | chcunningham | Thu
Feb 7 14:58:17 2019 -0800| [32017af5ef62c9fccf33b4ee240e33da80c5eefa] |
committer: Michael Niedermayer
avformat/mov: validate chunk_count vs stsc_data
Bad content may contain stsc boxes with a first_chunk index that
exceeds stco.entries (chunk_count). This ammends the existing check to
include cases where chunk_count == 0. It also patches up the case
when stsc refers to unknown chunks, but stts has no samples (so we
can simply ignore stsc).
Signed-off-by: Michael Niedermayer
(cherry picked from commit 1c15449ca9a5bfa387868ac55628397273da761f)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=32017af5ef62c9fccf33b4ee240e33da80c5eefa
---
libavformat/mov.c | 14 --
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/libavformat/mov.c b/libavformat/mov.c
index 60ad594381..8e38ad2ff6 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -2692,8 +2692,11 @@ static inline int64_t
mov_get_stsc_samples(MOVStreamContext *sc, unsigned int in
if (mov_stsc_index_valid(index, sc->stsc_count))
chunk_count = sc->stsc_data[index + 1].first -
sc->stsc_data[index].first;
-else
+else {
+// Validation for stsc / stco happens earlier in mov_read_stsc +
mov_read_trak.
+av_assert0(sc->stsc_data[index].first <= sc->chunk_count);
chunk_count = sc->chunk_count - (sc->stsc_data[index].first - 1);
+}
return sc->stsc_data[index].count * (int64_t)chunk_count;
}
@@ -4157,6 +4160,13 @@ static int mov_read_trak(MOVContext *c, AVIOContext *pb,
MOVAtom atom)
c->trak_index = -1;
+// Here stsc refers to a chunk not described in stco. This is technically
invalid,
+// but we can overlook it (clearing stsc) whenever stts_count == 0
(indicating no samples).
+if (!sc->chunk_count && !sc->stts_count && sc->stsc_count) {
+sc->stsc_count = 0;
+av_freep(>stsc_data);
+}
+
/* sanity checks */
if ((sc->chunk_count && (!sc->stts_count || !sc->stsc_count ||
(!sc->sample_size && !sc->sample_count))) ||
@@ -4165,7 +4175,7 @@ static int mov_read_trak(MOVContext *c, AVIOContext *pb,
MOVAtom atom)
st->index);
return 0;
}
-if (sc->chunk_count && sc->stsc_count && sc->stsc_data[ sc->stsc_count - 1
].first > sc->chunk_count) {
+if (sc->stsc_count && sc->stsc_data[ sc->stsc_count - 1 ].first >
sc->chunk_count) {
av_log(c->fc, AV_LOG_ERROR, "stream %d, contradictionary STSC and
STCO\n",
st->index);
return AVERROR_INVALIDDATA;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/rtsp: Clear reply in every iteration in ff_rtsp_connect()
ffmpeg | branch: release/4.0 | Michael Niedermayer |
Mon Jan 28 00:53:22 2019 +0100| [636e66f3500108476ef6d251bf53587d1c7b86d5] |
committer: Michael Niedermayer
avformat/rtsp: Clear reply in every iteration in ff_rtsp_connect()
Fixes: Infinite loop
Found-by: Michael Hanselmann
Reviewed-by: Michael Hanselmann
Signed-off-by: Michael Niedermayer
(cherry picked from commit 0b50f27635f684ec0526e9975c9979f35bbf486b)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=636e66f3500108476ef6d251bf53587d1c7b86d5
---
libavformat/rtsp.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libavformat/rtsp.c b/libavformat/rtsp.c
index ceb770a3a4..82c6c12af5 100644
--- a/libavformat/rtsp.c
+++ b/libavformat/rtsp.c
@@ -1663,7 +1663,7 @@ int ff_rtsp_connect(AVFormatContext *s)
char tcpname[1024], cmd[2048], auth[128];
const char *lower_rtsp_proto = "tcp";
int port, err, tcp_fd;
-RTSPMessageHeader reply1 = {0}, *reply =
+RTSPMessageHeader reply1, *reply =
int lower_transport_mask = 0;
int default_port = RTSP_DEFAULT_PORT;
char real_challenge[64] = "";
@@ -1692,6 +1692,7 @@ int ff_rtsp_connect(AVFormatContext *s)
rt->lower_transport_mask &= (1 << RTSP_LOWER_TRANSPORT_NB) - 1;
redirect:
+memset(, 0, sizeof(reply1));
/* extract hostname and port */
av_url_split(proto, sizeof(proto), auth, sizeof(auth),
host, sizeof(host), , path, sizeof(path), s->url);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/tiff: Check for 12bit gray fax
ffmpeg | branch: release/4.0 | Michael Niedermayer |
Sat Jan 12 19:37:18 2019 +0100| [fcfa104b0e0521dfdb8e5d3d07b81f7552d00b2b] |
committer: Michael Niedermayer
avcodec/tiff: Check for 12bit gray fax
Fixes: Assertion failure
Fixes:
11898/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5759794191794176
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit ec28a85107cccece4dce17c0ccb633defe2d6e98)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fcfa104b0e0521dfdb8e5d3d07b81f7552d00b2b
---
libavcodec/tiff.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/tiff.c b/libavcodec/tiff.c
index 1b332a754d..9c13a758ee 100644
--- a/libavcodec/tiff.c
+++ b/libavcodec/tiff.c
@@ -571,7 +571,7 @@ static int tiff_unpack_strip(TiffContext *s, AVFrame *p,
uint8_t *dst, int strid
if (s->compr == TIFF_CCITT_RLE ||
s->compr == TIFF_G3||
s->compr == TIFF_G4) {
-if (is_yuv)
+if (is_yuv || p->format == AV_PIX_FMT_GRAY12)
return AVERROR_INVALIDDATA;
return tiff_unpack_fax(s, dst, stride, src, size, width, lines);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/exr: Check for duplicate channel index
ffmpeg | branch: release/4.0 | Michael Niedermayer |
Tue Dec 25 18:41:58 2018 +0100| [6c2b4c716b1b5a0a2b8ec98465abcd85f6ccf9a5] |
committer: Michael Niedermayer
avcodec/exr: Check for duplicate channel index
Fixes: Out of memory
Fixes:
11582/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5730204559867904
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit f9728feaf90eb7493f8872356f54150efafb59cc)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6c2b4c716b1b5a0a2b8ec98465abcd85f6ccf9a5
---
libavcodec/exr.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/libavcodec/exr.c b/libavcodec/exr.c
index 5253cc3f13..13755e1e6e 100644
--- a/libavcodec/exr.c
+++ b/libavcodec/exr.c
@@ -1463,6 +1463,11 @@ static int decode_header(EXRContext *s, AVFrame *frame)
}
s->pixel_type = current_pixel_type;
s->channel_offsets[channel_index] =
s->current_channel_offset;
+} else if (channel_index >= 0) {
+av_log(s->avctx, AV_LOG_ERROR,
+"Multiple channels with index %d.\n",
channel_index);
+ret = AVERROR_INVALIDDATA;
+goto fail;
}
s->channels = av_realloc(s->channels,
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/exr: set layer_match in all branches
ffmpeg | branch: release/4.0 | Michael Niedermayer |
Tue Dec 25 21:30:54 2018 +0100| [11e8ea4d0a8531f26af161a9893057ce1e5d6af3] |
committer: Michael Niedermayer
avcodec/exr: set layer_match in all branches
Otherwise it is left to the value from the previous iteration
Signed-off-by: Michael Niedermayer
(cherry picked from commit 433d2ae4353f3c513a45780845d9d8ca252cd4dc)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=11e8ea4d0a8531f26af161a9893057ce1e5d6af3
---
libavcodec/exr.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/libavcodec/exr.c b/libavcodec/exr.c
index 13755e1e6e..0f8b0fda9f 100644
--- a/libavcodec/exr.c
+++ b/libavcodec/exr.c
@@ -1389,6 +1389,7 @@ static int decode_header(EXRContext *s, AVFrame *frame)
if (*ch_gb.buffer == '.')
ch_gb.buffer++; /* skip dot if not given */
} else {
+layer_match = 0;
av_log(s->avctx, AV_LOG_INFO,
"Channel doesn't match layer : %s.\n",
ch_gb.buffer);
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] configure: bump year
ffmpeg | branch: release/4.0 | James Almer | Tue Jan 1 15:26:31 2019 -0300| [48ca78728afcbaf22f78942a5d6aee912c297c01] | committer: Michael Niedermayer configure: bump year Happy new year! (cherry picked from commit 3209d7b3930bab554bf7d97d8041d9d0b88423a8) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=48ca78728afcbaf22f78942a5d6aee912c297c01 --- configure | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure b/configure index 172611bb4a..fca17e6d9c 100755 --- a/configure +++ b/configure @@ -7155,7 +7155,7 @@ cat > $TMPH
[FFmpeg-cvslog] avformat/wvdec: detect and error out on WavPack DSD files
ffmpeg | branch: release/4.0 | David Bryant | Tue Nov 20
21:00:47 2018 -0800| [cdf1dc136caa5844d4b8c024b35a36aa76e0f545] | committer:
Michael Niedermayer
avformat/wvdec: detect and error out on WavPack DSD files
Not currently supported.
(cherry picked from commit db109373d87b1fa5fe9f3d027d1bb752f725b74a)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cdf1dc136caa5844d4b8c024b35a36aa76e0f545
---
libavformat/wvdec.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/libavformat/wvdec.c b/libavformat/wvdec.c
index 82526563ec..2060523c3b 100644
--- a/libavformat/wvdec.c
+++ b/libavformat/wvdec.c
@@ -40,6 +40,7 @@ enum WV_FLAGS {
WV_HBAL = 0x0400,
WV_MCINIT = 0x0800,
WV_MCEND = 0x1000,
+WV_DSD= 0x8000,
};
static const int wv_rates[16] = {
@@ -97,6 +98,11 @@ static int wv_read_block_header(AVFormatContext *ctx,
AVIOContext *pb)
return ret;
}
+if (wc->header.flags & WV_DSD) {
+avpriv_report_missing_feature(ctx, "WV DSD");
+return AVERROR_PATCHWELCOME;
+}
+
if (wc->header.version < 0x402 || wc->header.version > 0x410) {
avpriv_report_missing_feature(ctx, "WV version 0x%03X",
wc->header.version);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] postproc/postprocess_template: remove FF_REG_sp from clobber list
ffmpeg | branch: release/4.0 | Michael Niedermayer | Thu Dec 20 22:40:06 2018 +0100| [33555963259c51263ea622434726574d1fd6fedb] | committer: Michael Niedermayer postproc/postprocess_template: remove FF_REG_sp from clobber list Future gcc may no longer support this Tested-by: James Almer Signed-off-by: Michael Niedermayer (cherry picked from commit c1cbeb87db4bfc6e281e4254a6c7fdd3854fc9b9) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=33555963259c51263ea622434726574d1fd6fedb --- libpostproc/postprocess_template.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libpostproc/postprocess_template.c b/libpostproc/postprocess_template.c index 485eb5cfc0..b0adfd168c 100644 --- a/libpostproc/postprocess_template.c +++ b/libpostproc/postprocess_template.c @@ -1317,7 +1317,7 @@ DERING_CORE((%0, %1, 8) ,(%%FF_REGd, %1, 4),%%mm2,%%mm4,%%mm0,%%mm3,%%mm5, "1:\n\t" : : "r" (src), "r" ((x86_reg)stride), "m" (c->pQPb), "m"(c->pQPb2), "q"(tmp) NAMED_CONSTRAINTS_ADD(deringThreshold,b00,b02,b08) -: "%"FF_REG_a, "%"FF_REG_d, "%"FF_REG_sp +: "%"FF_REG_a, "%"FF_REG_d ); #else // HAVE_7REGS && (TEMPLATE_PP_MMXEXT || TEMPLATE_PP_3DNOW) int y; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/mpegts: Fix side data type for stream id
ffmpeg | branch: release/4.0 | Michael Niedermayer |
Fri Dec 7 21:51:48 2018 +0100| [d0e900187c2df1df183eb3f5cdd77048338cfd44] |
committer: Michael Niedermayer
avformat/mpegts: Fix side data type for stream id
Signed-off-by: Michael Niedermayer
(cherry picked from commit ab1319d82f0c77308792fa2d88cbfc73c3e47cb7)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d0e900187c2df1df183eb3f5cdd77048338cfd44
---
libavformat/mpegts.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/mpegts.c b/libavformat/mpegts.c
index a21668d3c1..92baca61a4 100644
--- a/libavformat/mpegts.c
+++ b/libavformat/mpegts.c
@@ -900,7 +900,7 @@ static void new_data_packet(const uint8_t *buffer, int len,
AVPacket *pkt)
static int new_pes_packet(PESContext *pes, AVPacket *pkt)
{
-char *sd;
+uint8_t *sd;
av_init_packet(pkt);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/4xm: Fix returned error codes
ffmpeg | branch: release/4.0 | Michael Niedermayer |
Mon Dec 31 18:11:44 2018 +0100| [96ef96f6ba8f43e00b631506b78fc6afcbe4e3f8] |
committer: Michael Niedermayer
avcodec/4xm: Fix returned error codes
Reviewed-by: Paul B Mahol
Signed-off-by: Michael Niedermayer
(cherry picked from commit 07607a1db879d0d96e2c91e1354bc4e425937d3a)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=96ef96f6ba8f43e00b631506b78fc6afcbe4e3f8
---
libavcodec/4xm.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/4xm.c b/libavcodec/4xm.c
index 5547dfd87f..8e05a4c366 100644
--- a/libavcodec/4xm.c
+++ b/libavcodec/4xm.c
@@ -498,7 +498,7 @@ static int decode_i_block(FourXContext *f, int16_t *block)
if (get_bits_left(>gb) < 2){
av_log(f->avctx, AV_LOG_ERROR, "%d bits left before
decode_i_block()\n", get_bits_left(>gb));
-return -1;
+return AVERROR_INVALIDDATA;
}
/* DC coef */
@@ -732,7 +732,7 @@ static int decode_i2_frame(FourXContext *f, const uint8_t
*buf, int length)
for (x = 0; x < width; x += 16) {
unsigned int color[4] = { 0 }, bits;
if (buf_end - buf < 8)
-return -1;
+return AVERROR_INVALIDDATA;
// warning following is purely guessed ...
color[0] = bytestream2_get_le16u();
color[1] = bytestream2_get_le16u();
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/fic: Fail on invalid slice size/off
ffmpeg | branch: release/4.0 | Michael Niedermayer |
Sun Dec 16 21:43:07 2018 +0100| [67bc75d5b1bc48ee29c9bc9ac07a7ecbafdd7a8a] |
committer: Michael Niedermayer
avcodec/fic: Fail on invalid slice size/off
Fixes: Timeout
Fixes:
11486/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FIC_fuzzer-5677133863583744
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 30a7a81cdc2ee2eac6d3271439c43f11b7327b3e)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=67bc75d5b1bc48ee29c9bc9ac07a7ecbafdd7a8a
---
libavcodec/fic.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavcodec/fic.c b/libavcodec/fic.c
index c288c9771b..0b491ef7de 100644
--- a/libavcodec/fic.c
+++ b/libavcodec/fic.c
@@ -380,6 +380,8 @@ static int fic_decode_frame(AVCodecContext *avctx, void
*data,
slice_h = FFALIGN(avctx->height - ctx->slice_h * (nslices -
1), 16);
} else {
slice_size = AV_RB32(src + tsize + FIC_HEADER_SIZE + slice * 4 +
4);
+if (slice_size < slice_off)
+return AVERROR_INVALIDDATA;
}
if (slice_size < slice_off || slice_size > msize)
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/libopenmpt: Fix successfull typo
ffmpeg | branch: release/4.0 | Michael Niedermayer |
Fri Dec 28 22:22:52 2018 +0100| [ab0a8e477242c0cf2c7fa509a11ac27fdbcdb932] |
committer: Michael Niedermayer
avformat/libopenmpt: Fix successfull typo
Reviewed-by: Lou Logan
Signed-off-by: Michael Niedermayer
(cherry picked from commit 571af98a5959d72c65a6753eb8e82cde407f4cd0)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ab0a8e477242c0cf2c7fa509a11ac27fdbcdb932
---
libavformat/libopenmpt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/libopenmpt.c b/libavformat/libopenmpt.c
index 0fff702a36..a334270847 100644
--- a/libavformat/libopenmpt.c
+++ b/libavformat/libopenmpt.c
@@ -259,7 +259,7 @@ static int read_probe_openmpt(AVProbeData *p)
} else {
/* The file extension is unknown and we have very few data
* bytes available. libopenmpt cannot decide anything here,
- * and returning any score > 0 would result in successfull
+ * and returning any score > 0 would result in successful
* probing of random data.
*/
return 0;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/v4l2_m2m: fix cant typo
ffmpeg | branch: release/4.0 | Michael Niedermayer | Fri Dec 28 22:22:53 2018 +0100| [472498ed473f28d4c634d47255a74e8b7fb270e1] | committer: Michael Niedermayer avcodec/v4l2_m2m: fix cant typo Reviewed-by: Lou Logan Signed-off-by: Michael Niedermayer (cherry picked from commit 062bf5639359e183e016bcb795ac10735f83e863) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=472498ed473f28d4c634d47255a74e8b7fb270e1 --- libavcodec/v4l2_m2m.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/v4l2_m2m.h b/libavcodec/v4l2_m2m.h index 452bf0d9bc..0d4671beb1 100644 --- a/libavcodec/v4l2_m2m.h +++ b/libavcodec/v4l2_m2m.h @@ -104,7 +104,7 @@ int ff_v4l2_m2m_codec_init(AVCodecContext *avctx); int ff_v4l2_m2m_codec_end(AVCodecContext *avctx); /** - * Reinitializes the V4L2m2mContext when the driver cant continue processing + * Reinitializes the V4L2m2mContext when the driver cannot continue processing * with the capture parameters. * * @param[in] ctx The V4L2m2mContext instantiated by the encoder/decoder. @@ -114,7 +114,7 @@ int ff_v4l2_m2m_codec_end(AVCodecContext *avctx); int ff_v4l2_m2m_codec_reinit(V4L2m2mContext *ctx); /** - * Reinitializes the V4L2m2mContext when the driver cant continue processing + * Reinitializes the V4L2m2mContext when the driver cannot continue processing * with the any of the current V4L2Contexts (ie, changes in output and capture). * * @param[in] ctx The V4L2m2mContext instantiated by the encoder/decoder. ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/mjpegbdec: Fix some misplaced {} and spaces
ffmpeg | branch: release/4.0 | Michael Niedermayer |
Fri Dec 28 22:22:56 2018 +0100| [541b627962562015f3bd48a0f5617ab4a89d6263] |
committer: Michael Niedermayer
avcodec/mjpegbdec: Fix some misplaced {} and spaces
Reviewed-by: Derek Buitenhuis
Signed-off-by: Michael Niedermayer
(cherry picked from commit 11a8d2ccab1fe165eef4578c048d38731dbe1d6f)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=541b627962562015f3bd48a0f5617ab4a89d6263
---
libavcodec/mjpegbdec.c | 24 +---
1 file changed, 9 insertions(+), 15 deletions(-)
diff --git a/libavcodec/mjpegbdec.c b/libavcodec/mjpegbdec.c
index a858707d54..8583fcb4f9 100644
--- a/libavcodec/mjpegbdec.c
+++ b/libavcodec/mjpegbdec.c
@@ -70,8 +70,7 @@ read_header:
skip_bits(, 32); /* reserved zeros */
-if (get_bits_long(, 32) != MKBETAG('m','j','p','g'))
-{
+if (get_bits_long(, 32) != MKBETAG('m','j','p','g')) {
av_log(avctx, AV_LOG_WARNING, "not mjpeg-b (bad fourcc)\n");
return AVERROR_INVALIDDATA;
}
@@ -85,19 +84,17 @@ read_header:
dqt_offs = read_offs(avctx, , buf_end - buf_ptr, "dqt is %d and size
is %d\n");
av_log(avctx, AV_LOG_DEBUG, "dqt offs: 0x%"PRIx32"\n", dqt_offs);
-if (dqt_offs)
-{
+if (dqt_offs) {
init_get_bits(>gb, buf_ptr+dqt_offs, (buf_end -
(buf_ptr+dqt_offs))*8);
s->start_code = DQT;
if (ff_mjpeg_decode_dqt(s) < 0 &&
(avctx->err_recognition & AV_EF_EXPLODE))
- return AVERROR_INVALIDDATA;
+return AVERROR_INVALIDDATA;
}
dht_offs = read_offs(avctx, , buf_end - buf_ptr, "dht is %d and size
is %d\n");
av_log(avctx, AV_LOG_DEBUG, "dht offs: 0x%"PRIx32"\n", dht_offs);
-if (dht_offs)
-{
+if (dht_offs) {
init_get_bits(>gb, buf_ptr+dht_offs, (buf_end -
(buf_ptr+dht_offs))*8);
s->start_code = DHT;
ff_mjpeg_decode_dht(s);
@@ -105,8 +102,7 @@ read_header:
sof_offs = read_offs(avctx, , buf_end - buf_ptr, "sof is %d and size
is %d\n");
av_log(avctx, AV_LOG_DEBUG, "sof offs: 0x%"PRIx32"\n", sof_offs);
-if (sof_offs)
-{
+if (sof_offs) {
init_get_bits(>gb, buf_ptr+sof_offs, (buf_end -
(buf_ptr+sof_offs))*8);
s->start_code = SOF0;
if (ff_mjpeg_decode_sof(s) < 0)
@@ -117,25 +113,23 @@ read_header:
av_log(avctx, AV_LOG_DEBUG, "sos offs: 0x%"PRIx32"\n", sos_offs);
sod_offs = read_offs(avctx, , buf_end - buf_ptr, "sof is %d and size
is %d\n");
av_log(avctx, AV_LOG_DEBUG, "sod offs: 0x%"PRIx32"\n", sod_offs);
-if (sos_offs)
-{
+if (sos_offs) {
init_get_bits(>gb, buf_ptr + sos_offs,
8 * FFMIN(field_size, buf_end - buf_ptr - sos_offs));
s->mjpb_skiptosod = (sod_offs - sos_offs - show_bits(>gb, 16));
s->start_code = SOS;
if (ff_mjpeg_decode_sos(s, NULL, 0, NULL) < 0 &&
(avctx->err_recognition & AV_EF_EXPLODE))
- return AVERROR_INVALIDDATA;
+return AVERROR_INVALIDDATA;
}
if (s->interlaced) {
s->bottom_field ^= 1;
/* if not bottom field, do not output image yet */
-if (s->bottom_field != s->interlace_polarity && second_field_offs)
-{
+if (s->bottom_field != s->interlace_polarity && second_field_offs) {
buf_ptr = buf + second_field_offs;
goto read_header;
-}
+}
}
//XXX FIXME factorize, this looks very similar to the EOI code
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/nutenc: Document trailer index assert better
ffmpeg | branch: release/4.0 | Michael Niedermayer |
Fri Dec 14 21:52:09 2018 +0100| [b80d504412334a7341b15491b7327531a669e430] |
committer: Michael Niedermayer
avformat/nutenc: Document trailer index assert better
Reviewed-by: Paul B Mahol
Signed-off-by: Michael Niedermayer
(cherry picked from commit 3a95b73abc868995b08ca2b4d8bbf2cda43184f8)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b80d504412334a7341b15491b7327531a669e430
---
libavformat/nutenc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/nutenc.c b/libavformat/nutenc.c
index a92ff55c01..e9a3bb49db 100644
--- a/libavformat/nutenc.c
+++ b/libavformat/nutenc.c
@@ -1172,7 +1172,7 @@ static int nut_write_trailer(AVFormatContext *s)
ret = avio_open_dyn_buf(_bc);
if (ret >= 0 && nut->sp_count) {
-av_assert1(nut->write_index);
+av_assert1(nut->write_index); // sp_count should be 0 if no index is
going to be written
write_index(nut, dyn_bc);
put_packet(nut, bc, dyn_bc, 1, INDEX_STARTCODE);
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/msmpeg4dec: Skip frame if its smaller than 1/8 of the minimal size
ffmpeg | branch: release/4.0 | Michael Niedermayer |
Thu Nov 29 02:32:10 2018 +0100| [ee20d64bec7e78cc1b3552cc12029c4252bd7958] |
committer: Michael Niedermayer
avcodec/msmpeg4dec: Skip frame if its smaller than 1/8 of the minimal size
Frames that small are not valid and of limited use for error concealment, while
being very computationally intensive to process.
Fixes: Timeout
Fixes:
11318/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSMPEG4V1_fuzzer-5710884555456512
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 09ec182864d41c990bc18f620eabb77444aeff57)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ee20d64bec7e78cc1b3552cc12029c4252bd7958
---
libavcodec/msmpeg4dec.c | 8
1 file changed, 8 insertions(+)
diff --git a/libavcodec/msmpeg4dec.c b/libavcodec/msmpeg4dec.c
index 457a37e745..16b67192b5 100644
--- a/libavcodec/msmpeg4dec.c
+++ b/libavcodec/msmpeg4dec.c
@@ -412,6 +412,14 @@ int ff_msmpeg4_decode_picture_header(MpegEncContext * s)
{
int code;
+// at minimum one bit per macroblock is required at least in a valid frame,
+// we discard frames much smaller than this. Frames smaller than 1/8 of the
+// smallest "black/skip" frame generally contain not much recoverable
content
+// while at the same time they have the highest computational requirements
+// per byte
+if (get_bits_left(>gb) * 8LL < (s->width+15)/16 * ((s->height+15)/16))
+return AVERROR_INVALIDDATA;
+
if(s->msmpeg4_version==1){
int start_code = get_bits_long(>gb, 32);
if(start_code!=0x0100){
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/mips: Fix failed case: hevc-conformance-AMP_A_Samsung_* when enable msa
ffmpeg | branch: release/4.0 | gxw | Mon Dec 24
14:07:44 2018 +0800| [4dbfbcef16703ed44c1c1605827cb27945a3c897] | committer:
Michael Niedermayer
avcodec/mips: Fix failed case: hevc-conformance-AMP_A_Samsung_* when enable msa
The AV_INPUT_BUFFER_PADDING_SIZE has been increased to 64, but the value is
still 32
in function ff_hevc_sao_edge_filter_8_msa. So, use AV_INPUT_BUFFER_PADDING_SIZE
directly.
Also, use MAX_PB_SIZE directly instead of 64. Fate tests passed.
Reviewed-by: Derek Buitenhuis
Signed-off-by: Michael Niedermayer
(cherry picked from commit f652c7a45c60427db0a89fae665e63b546af6ebb)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4dbfbcef16703ed44c1c1605827cb27945a3c897
---
libavcodec/mips/hevc_lpf_sao_msa.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/mips/hevc_lpf_sao_msa.c
b/libavcodec/mips/hevc_lpf_sao_msa.c
index 5b5537a264..adcafde621 100644
--- a/libavcodec/mips/hevc_lpf_sao_msa.c
+++ b/libavcodec/mips/hevc_lpf_sao_msa.c
@@ -2630,7 +2630,7 @@ void ff_hevc_sao_edge_filter_8_msa(uint8_t *dst, uint8_t
*src,
int16_t *sao_offset_val,
int eo, int width, int height)
{
-ptrdiff_t stride_src = (2 * 64 + 32) / sizeof(uint8_t);
+ptrdiff_t stride_src = (2 * MAX_PB_SIZE + AV_INPUT_BUFFER_PADDING_SIZE) /
sizeof(uint8_t);
switch (eo) {
case 0:
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/ppc/hevcdsp: Fix build failures with powerpc-linux-gnu-gcc-4.8 with --disable-optimizations
ffmpeg | branch: release/4.0 | Michael Niedermayer |
Tue Dec 4 16:29:40 2018 +0100| [7070de99c082c89c8f940fe8c7cd4bdc25ceb59b] |
committer: Michael Niedermayer
avcodec/ppc/hevcdsp: Fix build failures with powerpc-linux-gnu-gcc-4.8 with
--disable-optimizations
The affected functions could also be changed into macros, this is the
smaller change to fix it though. And avoids (probably) less readable macros
The extra code should be optimized out when optimizations are done as all values
are known at build after inlining.
Signed-off-by: Michael Niedermayer
(cherry picked from commit 2c64a6bcd280c64997e6c4799bc89c0a9393bbf3)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7070de99c082c89c8f940fe8c7cd4bdc25ceb59b
---
libavcodec/ppc/hevcdsp.c | 17 +++--
1 file changed, 15 insertions(+), 2 deletions(-)
diff --git a/libavcodec/ppc/hevcdsp.c b/libavcodec/ppc/hevcdsp.c
index 4b1037d792..42a5bc487d 100644
--- a/libavcodec/ppc/hevcdsp.c
+++ b/libavcodec/ppc/hevcdsp.c
@@ -57,7 +57,13 @@ static void transform4x4(vec_s16 src_01, vec_s16 src_23,
vec_s32 res[4],
e1 = vec_msums(src_02, trans4[2], zero);
o1 = vec_msums(src_13, trans4[3], zero);
-add = vec_sl(vec_splat_s32(1), vec_splat_u32(shift - 1));
+switch(shift) {
+case 7: add = vec_sl(vec_splat_s32(1), vec_splat_u32( 7 - 1)); break;
+case 10: add = vec_sl(vec_splat_s32(1), vec_splat_u32(10 - 1)); break;
+case 12: add = vec_sl(vec_splat_s32(1), vec_splat_u32(12 - 1)); break;
+default: abort();
+}
+
e0 = vec_add(e0, add);
e1 = vec_add(e1, add);
@@ -70,7 +76,14 @@ static void transform4x4(vec_s16 src_01, vec_s16 src_23,
vec_s32 res[4],
static void scale(vec_s32 res[4], vec_s16 res_packed[2], int shift)
{
int i;
-vec_u32 v_shift = vec_splat_u32(shift);
+vec_u32 v_shift;
+
+switch(shift) {
+case 7: v_shift = vec_splat_u32(7) ; break;
+case 10: v_shift = vec_splat_u32(10); break;
+case 12: v_shift = vec_splat_u32(12); break;
+default: abort();
+}
for (i = 0; i < 4; i++)
res[i] = vec_sra(res[i], v_shift);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/rpza: Move frame allocation to a later point
ffmpeg | branch: release/4.0 | Michael Niedermayer |
Sun Dec 16 19:04:56 2018 +0100| [5161e1e6104154988d751ce60cbf859d5f453fd8] |
committer: Michael Niedermayer
avcodec/rpza: Move frame allocation to a later point
This will allow performing some fast checks before the slow allocation
Signed-off-by: Michael Niedermayer
(cherry picked from commit 8a708aa99cb0e8d76e52117b1fd89d221f0055e9)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5161e1e6104154988d751ce60cbf859d5f453fd8
---
libavcodec/rpza.c | 14 --
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/libavcodec/rpza.c b/libavcodec/rpza.c
index b71ebd1cbe..cffbfe4416 100644
--- a/libavcodec/rpza.c
+++ b/libavcodec/rpza.c
@@ -73,13 +73,12 @@ typedef struct RpzaContext {
static int rpza_decode_stream(RpzaContext *s)
{
int width = s->avctx->width;
-int stride = s->frame->linesize[0] / 2;
-int row_inc = stride - 4;
+int stride, row_inc, ret;
int chunk_size;
uint16_t colorA = 0, colorB;
uint16_t color4[4];
uint16_t ta, tb;
-uint16_t *pixels = (uint16_t *)s->frame->data[0];
+uint16_t *pixels;
int row_ptr = 0;
int pixel_ptr = 0;
@@ -106,6 +105,12 @@ static int rpza_decode_stream(RpzaContext *s)
/* Number of 4x4 blocks in frame. */
total_blocks = ((s->avctx->width + 3) / 4) * ((s->avctx->height + 3) / 4);
+if ((ret = ff_reget_buffer(s->avctx, s->frame)) < 0)
+return ret;
+pixels = (uint16_t *)s->frame->data[0];
+stride = s->frame->linesize[0] / 2;
+row_inc = stride - 4;
+
/* Process chunk data */
while (bytestream2_get_bytes_left(>gb)) {
uint8_t opcode = bytestream2_get_byte(>gb); /* Get opcode */
@@ -256,9 +261,6 @@ static int rpza_decode_frame(AVCodecContext *avctx,
bytestream2_init(>gb, avpkt->data, avpkt->size);
-if ((ret = ff_reget_buffer(avctx, s->frame)) < 0)
-return ret;
-
ret = rpza_decode_stream(s);
if (ret < 0)
return ret;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] tests/fate/filter-video: increase fuzz for fate-filter-refcmp-psnr-rgb
ffmpeg | branch: release/4.0 | Michael Niedermayer | Thu Dec 6 21:51:22 2018 +0100| [965eddc7ed0c38bcb18b7fb7278c80def5bffd0e] | committer: Michael Niedermayer tests/fate/filter-video: increase fuzz for fate-filter-refcmp-psnr-rgb Fixes: test failure on powerpc Signed-off-by: Michael Niedermayer (cherry picked from commit f8f762c300e29d80ece363edc08e137b371d909f) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=965eddc7ed0c38bcb18b7fb7278c80def5bffd0e --- tests/fate/filter-video.mak | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/fate/filter-video.mak b/tests/fate/filter-video.mak index 17d6363678..0a9bf93513 100644 --- a/tests/fate/filter-video.mak +++ b/tests/fate/filter-video.mak @@ -767,7 +767,7 @@ fate-filter-meta-4560-rotate0: CMD = framecrc -flags +bitexact -c:a aac_fixed -i REFCMP_DEPS = FFMPEG LAVFI_INDEV TESTSRC2_FILTER AVGBLUR_FILTER METADATA_FILTER FATE_FILTER_SAMPLES-$(call ALLYES, $(REFCMP_DEPS) PSNR_FILTER) += fate-filter-refcmp-psnr-rgb -fate-filter-refcmp-psnr-rgb: CMD = refcmp_metadata psnr rgb24 0.001 +fate-filter-refcmp-psnr-rgb: CMD = refcmp_metadata psnr rgb24 0.002 FATE_FILTER_SAMPLES-$(call ALLYES, $(REFCMP_DEPS) PSNR_FILTER) += fate-filter-refcmp-psnr-yuv fate-filter-refcmp-psnr-yuv: CMD = refcmp_metadata psnr yuv422p 0.0015 ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/clearvideo: Check remaining input bits in P macro block loop
ffmpeg | branch: release/4.0 | Michael Niedermayer |
Thu Dec 6 01:19:37 2018 +0100| [50ee16431c56562225cde14f4250e60e86dbfd9c] |
committer: Michael Niedermayer
avcodec/clearvideo: Check remaining input bits in P macro block loop
Fixes: Timeout
Fixes:
11083/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CLEARVIDEO_fuzzer-5657180351496192
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 7aaab127bebb33003105a620736d6cae8c45a6e5)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=50ee16431c56562225cde14f4250e60e86dbfd9c
---
libavcodec/clearvideo.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavcodec/clearvideo.c b/libavcodec/clearvideo.c
index 6061cb571e..5e2f019929 100644
--- a/libavcodec/clearvideo.c
+++ b/libavcodec/clearvideo.c
@@ -573,6 +573,8 @@ static int clv_decode_frame(AVCodecContext *avctx, void
*data,
for (j = 0; j < c->pmb_height; j++) {
for (i = 0; i < c->pmb_width; i++) {
+if (get_bits_left(>gb) <= 0)
+return AVERROR_INVALIDDATA;
if (get_bits1(>gb)) {
MV mv = mvi_predict(>mvi, i, j, zero_mv);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/wmv2dec: Skip I frame if its smaller than 1/8 of the minimal size
ffmpeg | branch: release/4.0 | Michael Niedermayer | Tue Nov 27 23:37:03 2018 +0100| [f3095068d85d61d97418a723b2c655b731dd1ecb] | committer: Michael Niedermayer avcodec/wmv2dec: Skip I frame if its smaller than 1/8 of the minimal size Frames that small are not valid and of limited use for error concealment, while being very computationally intensive to process. Fixes: Timeout Fixes: 11168/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV2_fuzzer-573378203278 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit d6f4341522c3eafb046c47b115d79ce684a899fc) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f3095068d85d61d97418a723b2c655b731dd1ecb --- libavcodec/wmv2dec.c | 8 1 file changed, 8 insertions(+) diff --git a/libavcodec/wmv2dec.c b/libavcodec/wmv2dec.c index ea0e0594b5..a99da25deb 100644 --- a/libavcodec/wmv2dec.c +++ b/libavcodec/wmv2dec.c @@ -166,6 +166,14 @@ int ff_wmv2_decode_secondary_picture_header(MpegEncContext *s) } s->dc_table_index = get_bits1(>gb); + +// at minimum one bit per macroblock is required at least in a valid frame, +// we discard frames much smaller than this. Frames smaller than 1/8 of the +// smallest "black/skip" frame generally contain not much recoverable content +// while at the same time they have the highest computational requirements +// per byte +if (get_bits_left(>gb) * 8LL < (s->width+15)/16 * ((s->height+15)/16)) +return AVERROR_INVALIDDATA; } s->inter_intra_pred = 0; s->no_rounding = 1; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] postproc/postprocess_template: Avoid using %4 for the threshold compare
ffmpeg | branch: release/4.0 | Michael Niedermayer | Thu Dec 20 22:40:05 2018 +0100| [3006a5675c7bfabfa92cb5c940bfb40d8f90e908] | committer: Michael Niedermayer postproc/postprocess_template: Avoid using %4 for the threshold compare This avoids problems if %4 is the stack pointer the constraints do not allow %4 to be the stack pointer but gcc 9 may no longer support specifying such constraints Signed-off-by: Michael Niedermayer (cherry picked from commit 4325527e1c4fd2da119e81933172065ee1274eda) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3006a5675c7bfabfa92cb5c940bfb40d8f90e908 --- libpostproc/postprocess_template.c | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libpostproc/postprocess_template.c b/libpostproc/postprocess_template.c index 0a43989266..485eb5cfc0 100644 --- a/libpostproc/postprocess_template.c +++ b/libpostproc/postprocess_template.c @@ -1184,10 +1184,10 @@ FIND_MIN_MAX((%0, %1, 8)) #endif "movq %%mm6, %%mm0 \n\t" // max "psubb %%mm7, %%mm6 \n\t" // max - min -"push %4 \n\t" -"movd %%mm6, %k4\n\t" -"cmpb "MANGLE(deringThreshold)", %b4\n\t" -"pop %4 \n\t" +"push %%"FF_REG_a" \n\t" +"movd %%mm6, %%eax \n\t" +"cmpb "MANGLE(deringThreshold)", %%al \n\t" +"pop %%"FF_REG_a" \n\t" " jb 1f \n\t" PAVGB(%%mm0, %%mm7) // a=(max + min)/2 "punpcklbw %%mm7, %%mm7 \n\t" ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/cavsdec: Propagate error codes inside decode_mb_i()
ffmpeg | branch: release/4.0 | Michael Niedermayer |
Sun Nov 4 20:00:16 2018 +0100| [92382748e4ad67588af31fc4624a4fcb2dfce441] |
committer: Michael Niedermayer
avcodec/cavsdec: Propagate error codes inside decode_mb_i()
Fixes: Timeout
Fixes:
10702/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CAVS_fuzzer-5669940938407936
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit c1cee0565692c541f589aefd7f375d37f55b9d94)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=92382748e4ad67588af31fc4624a4fcb2dfce441
---
libavcodec/cavsdec.c | 29 +
1 file changed, 21 insertions(+), 8 deletions(-)
diff --git a/libavcodec/cavsdec.c b/libavcodec/cavsdec.c
index c7fff67c06..5f3b354518 100644
--- a/libavcodec/cavsdec.c
+++ b/libavcodec/cavsdec.c
@@ -591,14 +591,21 @@ static int decode_residual_block(AVSContext *h,
GetBitContext *gb,
}
-static inline void decode_residual_chroma(AVSContext *h)
+static inline int decode_residual_chroma(AVSContext *h)
{
-if (h->cbp & (1 << 4))
-decode_residual_block(h, >gb, chroma_dec, 0,
+if (h->cbp & (1 << 4)) {
+int ret = decode_residual_block(h, >gb, chroma_dec, 0,
ff_cavs_chroma_qp[h->qp], h->cu, h->c_stride);
-if (h->cbp & (1 << 5))
-decode_residual_block(h, >gb, chroma_dec, 0,
+if (ret < 0)
+return ret;
+}
+if (h->cbp & (1 << 5)) {
+int ret = decode_residual_block(h, >gb, chroma_dec, 0,
ff_cavs_chroma_qp[h->qp], h->cv, h->c_stride);
+if (ret < 0)
+return ret;
+}
+return 0;
}
static inline int decode_residual_inter(AVSContext *h)
@@ -649,6 +656,7 @@ static int decode_mb_i(AVSContext *h, int cbp_code)
uint8_t top[18];
uint8_t *left = NULL;
uint8_t *d;
+int ret;
ff_cavs_init_mb(h);
@@ -692,8 +700,11 @@ static int decode_mb_i(AVSContext *h, int cbp_code)
ff_cavs_load_intra_pred_luma(h, top, , block);
h->intra_pred_l[h->pred_mode_Y[scan3x3[block]]]
(d, top, left, h->l_stride);
-if (h->cbp & (1l_stride);
+if (h->cbp & (1l_stride);
+if (ret < 0)
+return ret;
+}
}
/* chroma intra prediction */
@@ -703,7 +714,9 @@ static int decode_mb_i(AVSContext *h, int cbp_code)
h->intra_pred_c[pred_mode_uv](h->cv, >top_border_v[h->mbx * 10],
h->left_border_v, h->c_stride);
-decode_residual_chroma(h);
+ret = decode_residual_chroma(h);
+if (ret < 0)
+return ret;
ff_cavs_filter(h, I_8X8);
set_mv_intra(h);
return 0;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/mpegaudio_parser: Consume more than 0 bytes in case of the unsupported mp3adu case
ffmpeg | branch: release/4.0 | Michael Niedermayer | Sun Oct 28 21:08:39 2018 +0100| [9664c3a4d40edb77d8e0b7a8b490a5b0d4843e50] | committer: Michael Niedermayer avcodec/mpegaudio_parser: Consume more than 0 bytes in case of the unsupported mp3adu case Fixes: Timeout Fixes: 10966/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MP3ADU_fuzzer-5348695024336896 Fixes: 10969/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MP3ADUFLOAT_fuzzer-5691669402877952 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit df91af140c5543cfbbed187f696e79b554d2c135) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9664c3a4d40edb77d8e0b7a8b490a5b0d4843e50 --- libavcodec/mpegaudio_parser.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/mpegaudio_parser.c b/libavcodec/mpegaudio_parser.c index a109f12701..1005e89aae 100644 --- a/libavcodec/mpegaudio_parser.c +++ b/libavcodec/mpegaudio_parser.c @@ -101,7 +101,7 @@ static int mpegaudio_parse(AVCodecParserContext *s1, "MP3ADU full parser"); *poutbuf = NULL; *poutbuf_size = 0; -return 0; /* parsers must not return error codes */ +return buf_size; /* parsers must not return error codes */ } break; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] fftools/ffmpeg: Repair reinit_filter feature
ffmpeg | branch: release/4.0 | Michael Niedermayer |
Tue Nov 13 20:29:40 2018 +0100| [dab6409d84a798a778d827e5fccaf618c3449acc] |
committer: Michael Niedermayer
fftools/ffmpeg: Repair reinit_filter feature
Signed-off-by: Michael Niedermayer
(cherry picked from commit 35040048793bc5d19942277fe17d1235e915a7d8)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=dab6409d84a798a778d827e5fccaf618c3449acc
---
fftools/ffmpeg.c | 10 +++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/fftools/ffmpeg.c b/fftools/ffmpeg.c
index c0214c42d8..d436a0e71c 100644
--- a/fftools/ffmpeg.c
+++ b/fftools/ffmpeg.c
@@ -2121,9 +2121,6 @@ static int ifilter_send_frame(InputFilter *ifilter,
AVFrame *frame)
/* determine if the parameters for this input changed */
need_reinit = ifilter->format != frame->format;
-if (!!ifilter->hw_frames_ctx != !!frame->hw_frames_ctx ||
-(ifilter->hw_frames_ctx && ifilter->hw_frames_ctx->data !=
frame->hw_frames_ctx->data))
-need_reinit = 1;
switch (ifilter->ist->st->codecpar->codec_type) {
case AVMEDIA_TYPE_AUDIO:
@@ -2137,6 +2134,13 @@ static int ifilter_send_frame(InputFilter *ifilter,
AVFrame *frame)
break;
}
+if (!ifilter->ist->reinit_filters && fg->graph)
+need_reinit = 0;
+
+if (!!ifilter->hw_frames_ctx != !!frame->hw_frames_ctx ||
+(ifilter->hw_frames_ctx && ifilter->hw_frames_ctx->data !=
frame->hw_frames_ctx->data))
+need_reinit = 1;
+
if (need_reinit) {
ret = ifilter_parameters_from_frame(ifilter, frame);
if (ret < 0)
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/pngdec: Check compression method
ffmpeg | branch: release/4.0 | Michael Niedermayer |
Fri Nov 9 03:12:45 2018 +0100| [0e11b29834484233461b031bacf6ff92ecd87920] |
committer: Michael Niedermayer
avcodec/pngdec: Check compression method
method 0 (inflate/deflate) is the only specified in the specification and the
only supported
Fixes: Timeout
Fixes:
10976/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PNG_fuzzer-5729372588736512
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 1f99674cc33f4c37def0a206e31ad7c4c1af)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0e11b29834484233461b031bacf6ff92ecd87920
---
libavcodec/pngdec.c | 4
1 file changed, 4 insertions(+)
diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c
index f93f200bb1..f761f2f7d9 100644
--- a/libavcodec/pngdec.c
+++ b/libavcodec/pngdec.c
@@ -578,6 +578,10 @@ static int decode_ihdr_chunk(AVCodecContext *avctx,
PNGDecContext *s,
}
s->color_type = bytestream2_get_byte(>gb);
s->compression_type = bytestream2_get_byte(>gb);
+if (s->compression_type) {
+av_log(avctx, AV_LOG_ERROR, "Invalid compression method %d\n",
s->compression_type);
+goto error;
+}
s->filter_type = bytestream2_get_byte(>gb);
s->interlace_type = bytestream2_get_byte(>gb);
bytestream2_skip(>gb, 4); /* crc */
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/avcodec: Document the data type for AV_PKT_DATA_MPEGTS_STREAM_ID
ffmpeg | branch: release/4.0 | Michael Niedermayer |
Fri Dec 7 21:52:30 2018 +0100| [b29b6afdfbbf2d4cdbc13f6c61be8bcc89cec5a2] |
committer: Michael Niedermayer
avcodec/avcodec: Document the data type for AV_PKT_DATA_MPEGTS_STREAM_ID
Signed-off-by: Michael Niedermayer
(cherry picked from commit 68e011e4103b9cb5ac2d152d73ca8393065a33fb)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b29b6afdfbbf2d4cdbc13f6c61be8bcc89cec5a2
---
libavcodec/avcodec.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/avcodec.h b/libavcodec/avcodec.h
index fb0c6fae70..0139d72091 100644
--- a/libavcodec/avcodec.h
+++ b/libavcodec/avcodec.h
@@ -1312,7 +1312,7 @@ enum AVPacketSideDataType {
AV_PKT_DATA_METADATA_UPDATE,
/**
- * MPEGTS stream ID, this is required to pass the stream ID
+ * MPEGTS stream ID as uint8_t, this is required to pass the stream ID
* information from the demuxer to the corresponding muxer.
*/
AV_PKT_DATA_MPEGTS_STREAM_ID,
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/mjpegdec: Fix indention of ljpeg_decode_yuv_scan()
ffmpeg | branch: release/4.0 | Michael Niedermayer |
Tue Dec 18 14:27:48 2018 +0100| [bd9525b4bf1445059ab85c616ba9f103084c0493] |
committer: Michael Niedermayer
avcodec/mjpegdec: Fix indention of ljpeg_decode_yuv_scan()
Reviewed-by: Paul B Mahol
Signed-off-by: Michael Niedermayer
(cherry picked from commit ea30ac1e408246382796f61d645d1e087aed390a)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bd9525b4bf1445059ab85c616ba9f103084c0493
---
libavcodec/mjpegdec.c | 32
1 file changed, 16 insertions(+), 16 deletions(-)
diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index 5e784d980c..58c4c053a9 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -1201,25 +1201,25 @@ static int ljpeg_decode_yuv_scan(MJpegDecodeContext *s,
int predictor,
|| v * mb_y + y >= s->height) {
// Nothing to do
} else if (bits<=8) {
-ptr = s->picture_ptr->data[c] + (linesize * (v * mb_y
+ y)) + (h * mb_x + x); //FIXME optimize this crap
-if(y==0 && toprow){
-if(x==0 && leftcol){
-pred= 1 << (bits - 1);
-}else{
-pred= ptr[-1];
-}
-}else{
-if(x==0 && leftcol){
-pred= ptr[-linesize];
+ptr = s->picture_ptr->data[c] + (linesize * (v *
mb_y + y)) + (h * mb_x + x); //FIXME optimize this crap
+if(y==0 && toprow){
+if(x==0 && leftcol){
+pred= 1 << (bits - 1);
+}else{
+pred= ptr[-1];
+}
}else{
-PREDICT(pred, ptr[-linesize-1],
ptr[-linesize], ptr[-1], predictor);
+if(x==0 && leftcol){
+pred= ptr[-linesize];
+}else{
+PREDICT(pred, ptr[-linesize-1],
ptr[-linesize], ptr[-1], predictor);
+}
}
-}
-if (s->interlaced && s->bottom_field)
-ptr += linesize >> 1;
-pred &= mask;
-*ptr= pred + ((unsigned)dc << point_transform);
+if (s->interlaced && s->bottom_field)
+ptr += linesize >> 1;
+pred &= mask;
+*ptr= pred + ((unsigned)dc << point_transform);
}else{
ptr16 = (uint16_t*)(s->picture_ptr->data[c] +
2*(linesize * (v * mb_y + y)) + 2*(h * mb_x + x)); //FIXME optimize this crap
if(y==0 && toprow){
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] lavf/mov: ensure only one tkhd per trak
ffmpeg | branch: release/4.0 | chcunningham | Thu
Dec 13 13:58:40 2018 -0800| [5d9daae62b9c1a669a504433b78d5a3e75409089] |
committer: Michael Niedermayer
lavf/mov: ensure only one tkhd per trak
Chromium fuzzing produced a whacky file with extra tkhds. This caused
an AVStream that was already in use to be corrupted by assigning it a
new id, which blows up later in mov_read_trun because the
MOVFragmentStreamInfo.index_entry now points OOB.
Reviewed-by: Baptiste Coudurier
Signed-off-by: Michael Niedermayer
(cherry picked from commit c9f7b6f7a9fdffa0ab8f3aa84a1f701cf5b3a6e9)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5d9daae62b9c1a669a504433b78d5a3e75409089
---
libavformat/mov.c | 12 +++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/libavformat/mov.c b/libavformat/mov.c
index bd9b302e74..1864810846 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -1325,6 +1325,10 @@ static int update_frag_index(MOVContext *c, int64_t
offset)
return -1;
for (i = 0; i < c->fc->nb_streams; i++) {
+// Avoid building frag index if streams lack track id.
+if (c->fc->streams[i]->id < 0)
+return AVERROR_INVALIDDATA;
+
frag_stream_info[i].id = c->fc->streams[i]->id;
frag_stream_info[i].sidx_pts = AV_NOPTS_VALUE;
frag_stream_info[i].tfdt_dts = AV_NOPTS_VALUE;
@@ -4136,7 +4140,7 @@ static int mov_read_trak(MOVContext *c, AVIOContext *pb,
MOVAtom atom)
st = avformat_new_stream(c->fc, NULL);
if (!st) return AVERROR(ENOMEM);
-st->id = c->fc->nb_streams;
+st->id = -1;
sc = av_mallocz(sizeof(MOVStreamContext));
if (!sc) return AVERROR(ENOMEM);
@@ -4420,6 +4424,11 @@ static int mov_read_tkhd(MOVContext *c, AVIOContext *pb,
MOVAtom atom)
st = c->fc->streams[c->fc->nb_streams-1];
sc = st->priv_data;
+// Each stream (trak) should have exactly 1 tkhd. This catches bad files
and
+// avoids corrupting AVStreams mapped to an earlier tkhd.
+if (st->id != -1)
+return AVERROR_INVALIDDATA;
+
version = avio_r8(pb);
flags = avio_rb24(pb);
st->disposition |= (flags & MOV_TKHD_FLAG_ENABLED) ?
AV_DISPOSITION_DEFAULT : 0;
@@ -4686,6 +4695,7 @@ static int mov_read_trun(MOVContext *c, AVIOContext *pb,
MOVAtom atom)
break;
}
}
+av_assert0(index_entry_pos <= st->nb_index_entries);
avio_r8(pb); /* version */
flags = avio_rb24(pb);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/mpeg4videodec: Clear partitioned frame in decode_studio_vop_header()
ffmpeg | branch: release/4.0 | Michael Niedermayer | Sun Nov 4 19:02:55 2018 +0100| [86ba4473fa3095b8eb07900d64845bd24302f84a] | committer: Michael Niedermayer avcodec/mpeg4videodec: Clear partitioned frame in decode_studio_vop_header() partitioned_frame is also set/cleared in decode_vop_header() Fixes: out of array read Fixes: 9789/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5638681627983872 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 074187d599a2ece2bdf77bd08b4b797c5800eda6) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=86ba4473fa3095b8eb07900d64845bd24302f84a --- libavcodec/mpeg4videodec.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/mpeg4videodec.c b/libavcodec/mpeg4videodec.c index 8064f1eb40..1776efa9ae 100644 --- a/libavcodec/mpeg4videodec.c +++ b/libavcodec/mpeg4videodec.c @@ -2967,6 +2967,7 @@ static int decode_studio_vop_header(Mpeg4DecContext *ctx, GetBitContext *gb) if (get_bits_left(gb) <= 32) return 0; +s->partitioned_frame = 0; s->decode_mb = mpeg4_decode_studio_mb; decode_smpte_tc(ctx, gb); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] lavf/id3v2: fail read_apic on EOF reading mimetype
ffmpeg | branch: release/4.0 | chcunningham | Fri
Dec 14 13:44:07 2018 -0800| [e02f55a3c5c3761ddcbd326c62bdf571bb2be0b4] |
committer: Michael Niedermayer
lavf/id3v2: fail read_apic on EOF reading mimetype
avio_read may return EOF, leaving the mimetype array unitialized. fail
early when this occurs to avoid using the array in an unitialized state.
Reviewed-by: Tomas Härdin
Signed-off-by: Michael Niedermayer
(cherry picked from commit ee1e39a576977fd38c3b94fc56125d31d38833e9)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e02f55a3c5c3761ddcbd326c62bdf571bb2be0b4
---
libavformat/id3v2.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/libavformat/id3v2.c b/libavformat/id3v2.c
index f7de26a1d8..5fe055b591 100644
--- a/libavformat/id3v2.c
+++ b/libavformat/id3v2.c
@@ -590,7 +590,7 @@ static void read_apic(AVFormatContext *s, AVIOContext *pb,
int taglen,
int isv34)
{
int enc, pic_type;
-char mimetype[64];
+char mimetype[64] = {0};
const CodecMime *mime = ff_id3v2_mime_tags;
enum AVCodecID id = AV_CODEC_ID_NONE;
ID3v2ExtraMetaAPIC *apic = NULL;
@@ -612,7 +612,9 @@ static void read_apic(AVFormatContext *s, AVIOContext *pb,
int taglen,
if (isv34) {
taglen -= avio_get_str(pb, taglen, mimetype, sizeof(mimetype));
} else {
-avio_read(pb, mimetype, 3);
+if (avio_read(pb, mimetype, 3) < 0)
+goto fail;
+
mimetype[3] = 0;
taglen-= 3;
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/rpza: Check that there is enough data for all the blocks
ffmpeg | branch: release/4.0 | Michael Niedermayer | Sun Dec 16 19:13:27 2018 +0100| [90d73a207c6a8d7abe67114e143f06d11d519eeb] | committer: Michael Niedermayer avcodec/rpza: Check that there is enough data for all the blocks Fixes: Timeout Fixes: 11547/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RPZA_fuzzer-5678435842654208 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit e63517e00a1a8375c7fb3b8c4c64c9a7c3da713e) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=90d73a207c6a8d7abe67114e143f06d11d519eeb --- libavcodec/rpza.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/rpza.c b/libavcodec/rpza.c index cffbfe4416..8e1efa2445 100644 --- a/libavcodec/rpza.c +++ b/libavcodec/rpza.c @@ -105,6 +105,9 @@ static int rpza_decode_stream(RpzaContext *s) /* Number of 4x4 blocks in frame. */ total_blocks = ((s->avctx->width + 3) / 4) * ((s->avctx->height + 3) / 4); +if (total_blocks / 32 > bytestream2_get_bytes_left(>gb)) +return AVERROR_INVALIDDATA; + if ((ret = ff_reget_buffer(s->avctx, s->frame)) < 0) return ret; pixels = (uint16_t *)s->frame->data[0]; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/truemotion2rt: Fix rounding in input size check
ffmpeg | branch: release/4.0 | Michael Niedermayer | Sat Nov 17 09:24:30 2018 +0100| [773f58229ff07c940ccab0ceaa65b679cd7bff6d] | committer: Michael Niedermayer avcodec/truemotion2rt: Fix rounding in input size check Fixes: Timeout Fixes: 11332/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2RT_fuzzer-5678456612847616 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 7f22a4ebc97817fd0968f5ea8295c9a59a6292e0) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=773f58229ff07c940ccab0ceaa65b679cd7bff6d --- libavcodec/truemotion2rt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/truemotion2rt.c b/libavcodec/truemotion2rt.c index 9df0b527bb..e3ab998fda 100644 --- a/libavcodec/truemotion2rt.c +++ b/libavcodec/truemotion2rt.c @@ -116,7 +116,7 @@ static int truemotion2rt_decode_frame(AVCodecContext *avctx, void *data, if (ret < 0) return ret; -if (avctx->width / s->hscale * avctx->height * s->delta_size > avpkt->size * 8LL * 4) +if ((avctx->width + s->hscale - 1)/ s->hscale * avctx->height * s->delta_size > avpkt->size * 8LL * 4) return AVERROR_INVALIDDATA; ret = init_get_bits8(gb, avpkt->data + ret, avpkt->size - ret); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/truemotion2: fix integer overflows in tm2_low_chroma()
ffmpeg | branch: release/4.0 | Michael Niedermayer |
Sat Nov 17 00:38:53 2018 +0100| [040aa140748af9a546f6a2961a329263cd248f03] |
committer: Michael Niedermayer
avcodec/truemotion2: fix integer overflows in tm2_low_chroma()
Fixes:
11295/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-4888953459572736
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 2ae39d795613f3c6925c59852b625029b747fe42)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=040aa140748af9a546f6a2961a329263cd248f03
---
libavcodec/truemotion2.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/libavcodec/truemotion2.c b/libavcodec/truemotion2.c
index b689efdb99..2945d9948d 100644
--- a/libavcodec/truemotion2.c
+++ b/libavcodec/truemotion2.c
@@ -480,7 +480,7 @@ static inline void tm2_high_chroma(int *data, int stride,
int *last, unsigned *C
}
}
-static inline void tm2_low_chroma(int *data, int stride, int *clast, int *CD,
int *deltas, int bx)
+static inline void tm2_low_chroma(int *data, int stride, int *clast, unsigned
*CD, int *deltas, int bx)
{
int t;
int l;
@@ -490,8 +490,8 @@ static inline void tm2_low_chroma(int *data, int stride,
int *clast, int *CD, in
prev = clast[-3];
else
prev = 0;
-t= (CD[0] + CD[1]) >> 1;
-l= (prev - CD[0] - CD[1] + clast[1]) >> 1;
+t= (int)(CD[0] + CD[1]) >> 1;
+l= (int)(prev - CD[0] - CD[1] + clast[1]) >> 1;
CD[1]= CD[0] + CD[1] - t;
CD[0]= t;
clast[0] = l;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/dxv: Check that there is enough data to decompress
ffmpeg | branch: release/4.0 | Michael Niedermayer |
Sat Dec 1 21:41:01 2018 +0100| [ff8ba749b439cd1c232cd7f30ba5e4e1d3d8c20a] |
committer: Michael Niedermayer
avcodec/dxv: Check that there is enough data to decompress
Fixes: Timeout
Fixes:
10979/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXV_fuzzer-6178582203203584
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 2bc3811c0d6b34e43a55a7541722761f548628d0)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ff8ba749b439cd1c232cd7f30ba5e4e1d3d8c20a
---
libavcodec/dxv.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/libavcodec/dxv.c b/libavcodec/dxv.c
index 08aca73b1f..bf53d7d706 100644
--- a/libavcodec/dxv.c
+++ b/libavcodec/dxv.c
@@ -1192,6 +1192,12 @@ static int dxv_decode(AVCodecContext *avctx, void *data,
ret = decompress_tex(avctx);
if (ret < 0)
return ret;
+{
+int w_block = avctx->coded_width / ctx->texture_block_w;
+int h_block = avctx->coded_height / ctx->texture_block_h;
+if (w_block * h_block * ctx->tex_step > ctx->tex_size * 8LL)
+return AVERROR_INVALIDDATA;
+}
tframe.f = data;
ret = ff_thread_get_buffer(avctx, , 0);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/shorten: Fix integer overflow with offset
ffmpeg | branch: release/4.0 | Michael Niedermayer | Fri Nov 9 19:59:27 2018 +0100| [4b0d040e1837df21674815b0781baec80d577df2] | committer: Michael Niedermayer avcodec/shorten: Fix integer overflow with offset Fixes: signed integer overflow: -1625810908 - 582229060 cannot be represented in type 'int' Fixes: 10977/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5732602018267136 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 2f888771cd1ce8d68d4b18a1009650c1f260aaf2) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4b0d040e1837df21674815b0781baec80d577df2 --- libavcodec/shorten.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/shorten.c b/libavcodec/shorten.c index 4b45e6d6dc..4134af74cf 100644 --- a/libavcodec/shorten.c +++ b/libavcodec/shorten.c @@ -382,7 +382,7 @@ static int decode_subframe_lpc(ShortenContext *s, int command, int channel, /* subtract offset from previous samples to use in prediction */ if (command == FN_QLPC && coffset) for (i = -pred_order; i < 0; i++) -s->decoded[channel][i] -= coffset; +s->decoded[channel][i] -= (unsigned)coffset; /* decode residual and do LPC prediction */ init_sum = pred_order ? (command == FN_QLPC ? s->lpcqoffset : 0) : coffset; @@ -397,7 +397,7 @@ static int decode_subframe_lpc(ShortenContext *s, int command, int channel, /* add offset to current samples */ if (command == FN_QLPC && coffset) for (i = 0; i < s->blocksize; i++) -s->decoded[channel][i] += coffset; +s->decoded[channel][i] += (unsigned)coffset; return 0; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/msvideo1: Check for too small dimensions
ffmpeg | branch: release/4.0 | Michael Niedermayer |
Sat Dec 1 22:16:19 2018 +0100| [c3e263b862ec8ae187aa56d9bfc75fb5666996f4] |
committer: Michael Niedermayer
avcodec/msvideo1: Check for too small dimensions
Such low resolution would result in empty output as a minimum of 4x4 is needed
We could also check for multiple of 4 dimensions but that is not needed
Fixes: Timeout
Fixes:
11191/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSVIDEO1_fuzzer-5739529588178944
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 953bd58861ad933e614510140b05a61e3d1375be)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c3e263b862ec8ae187aa56d9bfc75fb5666996f4
---
libavcodec/msvideo1.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libavcodec/msvideo1.c b/libavcodec/msvideo1.c
index 29700f54b6..de048d8b6f 100644
--- a/libavcodec/msvideo1.c
+++ b/libavcodec/msvideo1.c
@@ -62,6 +62,9 @@ static av_cold int msvideo1_decode_init(AVCodecContext *avctx)
s->avctx = avctx;
+if (avctx->width < 4 || avctx->height < 4)
+return AVERROR_INVALIDDATA;
+
/* figure out the colorspace based on the presence of a palette */
if (s->avctx->bits_per_coded_sample == 8) {
s->mode_8bit = 1;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] h264_redundant_pps: Fix logging context
ffmpeg | branch: release/4.0 | Andreas Rheinhardt
| Fri Nov 9 06:31:38 2018 +0100|
[5bdc1e51fd3a57e5259279c950c47301a0aeaf7b] | committer: Michael Niedermayer
h264_redundant_pps: Fix logging context
The first element of H264RedundantPPSContext is not a pointer to an
AVClass as required.
Signed-off-by: Andreas Rheinhardt
Signed-off-by: Michael Niedermayer
(cherry picked from commit 6dafcb6fdb6271d35220b889833561705c2b366f)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5bdc1e51fd3a57e5259279c950c47301a0aeaf7b
---
libavcodec/h264_redundant_pps_bsf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/h264_redundant_pps_bsf.c
b/libavcodec/h264_redundant_pps_bsf.c
index 26baca84e3..46cd77a7c1 100644
--- a/libavcodec/h264_redundant_pps_bsf.c
+++ b/libavcodec/h264_redundant_pps_bsf.c
@@ -90,7 +90,7 @@ static int h264_redundant_pps_filter(AVBSFContext *bsf,
AVPacket *out)
if (nal->type == H264_NAL_PPS) {
h264_redundant_pps_fixup_pps(ctx, nal->content);
if (!au_has_sps) {
-av_log(ctx, AV_LOG_VERBOSE, "Deleting redundant PPS "
+av_log(bsf, AV_LOG_VERBOSE, "Deleting redundant PPS "
"at %"PRId64".\n", in->pts);
ff_cbs_delete_unit(ctx->input, au, i);
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] lavf: Constify the probe function argument.
ffmpeg | branch: master | Carl Eugen Hoyos | Thu Mar 21 01:18:37 2019 +0100| [4d8875ec23cf299277a0f028ea2ac99eb6f603c9] | committer: Carl Eugen Hoyos lavf: Constify the probe function argument. Reviewed-by: Lauri Kasanen Reviewed-by: Tomas Härdin > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4d8875ec23cf299277a0f028ea2ac99eb6f603c9 --- libavformat/3dostr.c | 2 +- libavformat/4xm.c | 2 +- libavformat/aacdec.c | 2 +- libavformat/aadec.c| 2 +- libavformat/ac3dec.c | 6 ++--- libavformat/acm.c | 2 +- libavformat/act.c | 2 +- libavformat/adp.c | 2 +- libavformat/ads.c | 2 +- libavformat/adxdec.c | 2 +- libavformat/aea.c | 2 +- libavformat/aiffdec.c | 2 +- libavformat/aixdec.c | 2 +- libavformat/amr.c | 6 ++--- libavformat/anm.c | 2 +- libavformat/apc.c | 2 +- libavformat/ape.c | 2 +- libavformat/apngdec.c | 2 +- libavformat/aqtitledec.c | 2 +- libavformat/asfdec_f.c | 2 +- libavformat/asfdec_o.c | 2 +- libavformat/assdec.c | 2 +- libavformat/astdec.c | 2 +- libavformat/au.c | 2 +- libavformat/avformat.h | 2 +- libavformat/avidec.c | 2 +- libavformat/avr.c | 2 +- libavformat/avs.c | 2 +- libavformat/bethsoftvid.c | 2 +- libavformat/bfi.c | 2 +- libavformat/bink.c | 2 +- libavformat/bintext.c | 6 ++--- libavformat/bit.c | 2 +- libavformat/boadec.c | 2 +- libavformat/brstm.c| 4 ++-- libavformat/c93.c | 2 +- libavformat/cafdec.c | 2 +- libavformat/cavsvideodec.c | 2 +- libavformat/cdxl.c | 2 +- libavformat/cinedec.c | 2 +- libavformat/codec2.c | 2 +- libavformat/concatdec.c| 2 +- libavformat/dashdec.c | 2 +- libavformat/davs2.c| 2 +- libavformat/dcstr.c| 2 +- libavformat/dfa.c | 2 +- libavformat/dhav.c | 2 +- libavformat/diracdec.c | 2 +- libavformat/dnxhddec.c | 2 +- libavformat/dsfdec.c | 2 +- libavformat/dsicin.c | 2 +- libavformat/dss.c | 2 +- libavformat/dtsdec.c | 2 +- libavformat/dtshddec.c | 2 +- libavformat/dv.c | 2 +- libavformat/dvbsub.c | 2 +- libavformat/dvbtxt.c | 2 +- libavformat/dxa.c | 2 +- libavformat/eacdata.c | 2 +- libavformat/electronicarts.c | 2 +- libavformat/epafdec.c | 2 +- libavformat/ffmetadec.c| 2 +- libavformat/fitsdec.c | 2 +- libavformat/flacdec.c | 4 ++-- libavformat/flic.c | 2 +- libavformat/flvdec.c | 6 ++--- libavformat/frmdec.c | 2 +- libavformat/fsb.c | 2 +- libavformat/gdv.c | 2 +- libavformat/genh.c | 2 +- libavformat/gifdec.c | 2 +- libavformat/gsmdec.c | 2 +- libavformat/gxf.c | 2 +- libavformat/h261dec.c | 2 +- libavformat/h263dec.c | 2 +- libavformat/h264dec.c | 2 +- libavformat/hcom.c | 2 +- libavformat/hevcdec.c | 2 +- libavformat/hls.c | 2 +- libavformat/hnm.c | 2 +- libavformat/icodec.c | 2 +- libavformat/idcin.c| 2 +- libavformat/idroqdec.c | 2 +- libavformat/iff.c | 2 +- libavformat/ilbc.c | 2 +- libavformat/img2_alias_pix.c | 2 +- libavformat/img2_brender_pix.c | 2 +- libavformat/img2dec.c | 54 +- libavformat/ingenientdec.c | 2 +- libavformat/ipmovie.c | 2 +- libavformat/ircamdec.c | 2 +- libavformat/iss.c | 2 +- libavformat/iv8.c | 2 +- libavformat/ivfdec.c | 2 +- libavformat/jacosubdec.c | 2 +- libavformat/jvdec.c| 2 +- libavformat/libgme.c | 2 +- libavformat/libmodplug.c | 2 +- libavformat/libopenmpt.c | 2 +- libavformat/lmlm4.c| 2 +- libavformat/loasdec.c | 2 +- libavformat/lrcdec.c | 2 +- libavformat/lvfdec.c | 2 +- libavformat/lxfdec.c | 2 +- libavformat/m4vdec.c | 2 +- libavformat/matroskadec.c | 2 +- libavformat/mgsts.c| 2 +- libavformat/microdvddec.c | 2 +- libavformat/mj2kdec.c | 2 +- libavformat/mlpdec.c | 6 ++--- libavformat/mlvdec.c | 2 +- libavformat/mm.c | 2 +- libavformat/mmf.c | 2 +- libavformat/mov.c | 2 +-
[FFmpeg-cvslog] avcodec/dfa: Check the chunk header is not truncated
ffmpeg | branch: release/4.1 | Michael Niedermayer |
Sun Mar 10 23:45:19 2019 +0100| [b429df281d50e960fb7f44659cac393a42cdfd35] |
committer: Michael Niedermayer
avcodec/dfa: Check the chunk header is not truncated
Fixes: Timeout (11sec -> 3sec)
Fixes:
13218/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DFA_fuzzer-5661074316066816
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit f20760fadbc77483b9ff4b400b53ebb38ee33793)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b429df281d50e960fb7f44659cac393a42cdfd35
---
libavcodec/dfa.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavcodec/dfa.c b/libavcodec/dfa.c
index 970175fb73..c6106b9397 100644
--- a/libavcodec/dfa.c
+++ b/libavcodec/dfa.c
@@ -355,6 +355,8 @@ static int dfa_decode_frame(AVCodecContext *avctx,
bytestream2_init(, avpkt->data, avpkt->size);
while (bytestream2_get_bytes_left() > 0) {
+if (bytestream2_get_bytes_left() < 12)
+return AVERROR_INVALIDDATA;
bytestream2_skip(, 4);
chunk_size = bytestream2_get_le32();
chunk_type = bytestream2_get_le32();
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] Changelog: update
ffmpeg | branch: release/4.1 | Michael Niedermayer | Thu Mar 21 09:02:44 2019 +0100| [a7cb7a2e4314956e06a351333ff8096fab9afa7f] | committer: Michael Niedermayer Changelog: update Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a7cb7a2e4314956e06a351333ff8096fab9afa7f --- Changelog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Changelog b/Changelog index 5d2d645d34..7df4e199bf 100644 --- a/Changelog +++ b/Changelog @@ -2,6 +2,9 @@ Entries are sorted chronologically from oldest to youngest within each release, releases are sorted from youngest to oldest. version 4.1.2: +- avcodec/dfa: Check the chunk header is not truncated +- avcodec/clearvideo: Check remaining data in P frames +- avcodec/hevcdec: decode at most one slice reporting being the first in the picture - avcodec/dvbsubdec: Check object position - avcodec/cdgraphics: Use ff_set_dimensions() - avformat/gdv: Check fps ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/clearvideo: Check remaining data in P frames
ffmpeg | branch: release/4.1 | Michael Niedermayer |
Fri Mar 8 01:42:06 2019 +0100| [7ce56329e71fc75512ef82f4794c43b629b8c488] |
committer: Michael Niedermayer
avcodec/clearvideo: Check remaining data in P frames
Fixes: Timeout (19sec -> 419msec)
Fixes:
13411/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CLEARVIDEO_fuzzer-5733153811988480
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 41f93f941155f9f9dbb2d5e7f5d20b2238150836)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7ce56329e71fc75512ef82f4794c43b629b8c488
---
libavcodec/clearvideo.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libavcodec/clearvideo.c b/libavcodec/clearvideo.c
index ad3012f7b7..82df8f3752 100644
--- a/libavcodec/clearvideo.c
+++ b/libavcodec/clearvideo.c
@@ -555,6 +555,9 @@ static int clv_decode_frame(AVCodecContext *avctx, void
*data,
} else {
int plane;
+if (c->pmb_width * c->pmb_height > 8LL*(buf_size -
bytestream2_tell()))
+return AVERROR_INVALIDDATA;
+
if ((ret = ff_reget_buffer(avctx, c->pic)) < 0)
return ret;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
