[FFmpeg-cvslog] avfilter/avf_avectorscope: set time_base to outlink
ffmpeg | branch: master | Paul B Mahol | Mon Apr 18 20:22:34 2022 +0200| [d41f85235dad4577c806381576821abe4f6ca97f] | committer: Paul B Mahol avfilter/avf_avectorscope: set time_base to outlink And rescale timestamps. > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d41f85235dad4577c806381576821abe4f6ca97f --- libavfilter/avf_avectorscope.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavfilter/avf_avectorscope.c b/libavfilter/avf_avectorscope.c index b873599ac7..200b2e452c 100644 --- a/libavfilter/avf_avectorscope.c +++ b/libavfilter/avf_avectorscope.c @@ -240,6 +240,7 @@ static int config_output(AVFilterLink *outlink) outlink->h = s->h; outlink->sample_aspect_ratio = (AVRational){1,1}; outlink->frame_rate = s->frame_rate; +outlink->time_base = av_inv_q(outlink->frame_rate); s->prev_x = s->hw = s->w / 2; s->prev_y = s->hh = s->mode == POLAR ? s->h - 1 : s->h / 2; @@ -273,7 +274,7 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *insamples) for (i = 0; i < outlink->h; i++) memset(s->outpicref->data[0] + i * s->outpicref->linesize[0], 0, outlink->w * 4); } -s->outpicref->pts = insamples->pts; +s->outpicref->pts = av_rescale_q(insamples->pts, inlink->time_base, outlink->time_base); av_frame_make_writable(s->outpicref); ff_filter_execute(ctx, fade, NULL, NULL, FFMIN(outlink->h, ff_filter_get_nb_threads(ctx))); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avfilter/avf_showvolume: set time_base to outlink
ffmpeg | branch: master | Paul B Mahol | Mon Apr 18 20:19:21 2022 +0200| [9f73c40d324211756ab6de3573495b5a12aeab9d] | committer: Paul B Mahol avfilter/avf_showvolume: set time_base to outlink And rescale timestamps. > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9f73c40d324211756ab6de3573495b5a12aeab9d --- libavfilter/avf_showvolume.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavfilter/avf_showvolume.c b/libavfilter/avf_showvolume.c index eb79a5ebdb..a930a1ee2a 100644 --- a/libavfilter/avf_showvolume.c +++ b/libavfilter/avf_showvolume.c @@ -213,6 +213,7 @@ static int config_output(AVFilterLink *outlink) outlink->sample_aspect_ratio = (AVRational){1,1}; outlink->frame_rate = s->frame_rate; +outlink->time_base = av_inv_q(outlink->frame_rate); for (ch = 0; ch < inlink->ch_layout.nb_channels; ch++) { int i; @@ -338,7 +339,7 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *insamples) } clear_picture(s, outlink); } -s->out->pts = insamples->pts; +s->out->pts = av_rescale_q(insamples->pts, inlink->time_base, outlink->time_base); if ((s->f < 1.) && (s->f > 0.)) { for (j = 0; j < outlink->h; j++) { ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/takdsp: Fix integer overflow in decorrelate_sf()
ffmpeg | branch: release/3.2 | Michael Niedermayer | Mon Mar 28 00:26:06 2022 +0200| [7221c80aae481d139db82dd628c28f5341578050] | committer: Michael Niedermayer avcodec/takdsp: Fix integer overflow in decorrelate_sf() Fixes: signed integer overflow: -101 * 71041254 cannot be represented in type 'int' Fixes: 45938/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TAK_fuzzer-4687974320701440 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 01d8c887f63bcb1f870034ed441504b3daffc645) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7221c80aae481d139db82dd628c28f5341578050 --- libavcodec/takdsp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/takdsp.c b/libavcodec/takdsp.c index 9cb8052596..a8f9dba342 100644 --- a/libavcodec/takdsp.c +++ b/libavcodec/takdsp.c @@ -65,7 +65,7 @@ static void decorrelate_sf(int32_t *p1, int32_t *p2, int length, int dshift, int for (i = 0; i < length; i++) { int32_t a = p1[i]; int32_t b = p2[i]; -b = (unsigned)(dfactor * (b >> dshift) + 128 >> 8) << dshift; +b = (unsigned)((int)(dfactor * (unsigned)(b >> dshift) + 128) >> 8) << dshift; p1[i] = b - a; } } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] configure: bump year
ffmpeg | branch: release/3.2 | Gyan Doshi | Sat Jan 1 00:47:41 2022 +0530| [a82872c2839660fad35dce157963781b708c4044] | committer: Michael Niedermayer configure: bump year (cherry picked from commit 2f6360ff21a98f9db6af3e0932d39f1dc7b47d6c) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a82872c2839660fad35dce157963781b708c4044 --- configure | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure b/configure index 245783d4de..194b639f38 100755 --- a/configure +++ b/configure @@ -6703,7 +6703,7 @@ cat > $TMPH
[FFmpeg-cvslog] avfilter/vf_lenscorrection: make width/height int
ffmpeg | branch: release/3.2 | Paul B Mahol | Mon Oct 14 20:14:03 2019 +0200| [350f2378c35e4fcfdc26c15d5374c6b8d6c64158] | committer: Michael Niedermayer avfilter/vf_lenscorrection: make width/height int Somehow previous correct fix broke usage. (cherry picked from commit 79522411fa53b68743302d16d28156db95466a21) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=350f2378c35e4fcfdc26c15d5374c6b8d6c64158 --- libavfilter/vf_lenscorrection.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavfilter/vf_lenscorrection.c b/libavfilter/vf_lenscorrection.c index 43f3c1b7d0..754b8f5ada 100644 --- a/libavfilter/vf_lenscorrection.c +++ b/libavfilter/vf_lenscorrection.c @@ -36,8 +36,8 @@ typedef struct LenscorrectionCtx { const AVClass *av_class; -unsigned int width; -unsigned int height; +int width; +int height; int hsub, vsub; int nb_planes; double cx, cy, k1, k2; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/diracdec: avoid signed integer overflow in global mv
ffmpeg | branch: release/3.2 | Michael Niedermayer | Mon Mar 21 20:51:47 2022 +0100| [07d533880c36e8d169c50da067ef7e162920886f] | committer: Michael Niedermayer avcodec/diracdec: avoid signed integer overflow in global mv Fixes: signed integer overflow: -128275513086 * -76056576 cannot be represented in type 'long' Fixes: 45818/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5129799149944832 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 7f1279684e8e1e33c78577b7f0265c062e4e6232) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=07d533880c36e8d169c50da067ef7e162920886f --- libavcodec/diracdec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c index d6c2132c3b..a59284d928 100644 --- a/libavcodec/diracdec.c +++ b/libavcodec/diracdec.c @@ -1406,8 +1406,8 @@ static void global_mv(DiracContext *s, DiracBlock *block, int x, int y, int ref) int *c = s->globalmc[ref].perspective; int64_t m = (1> (ez+ep); block->u.mv[ref][1] = (my + (1<<(ez+ep))) >> (ez+ep); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/aqtitledec: Skip unrepresentable durations
ffmpeg | branch: release/3.2 | Michael Niedermayer | Sun Mar 20 00:07:50 2022 +0100| [e3f08b416211f435249a92903d19b8ae9203a27d] | committer: Michael Niedermayer avformat/aqtitledec: Skip unrepresentable durations Fixes: signed integer overflow: -5 - 9223372036854775807 cannot be represented in type 'long' Fixes: 45665/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-475618463934054 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit c2d1597a8a6470045a8da241d4f65c81f26c3107) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e3f08b416211f435249a92903d19b8ae9203a27d --- libavformat/aqtitledec.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/aqtitledec.c b/libavformat/aqtitledec.c index 317547c4f4..01b4fd7b93 100644 --- a/libavformat/aqtitledec.c +++ b/libavformat/aqtitledec.c @@ -74,7 +74,8 @@ static int aqt_read_header(AVFormatContext *s) new_event = 1; pos = avio_tell(s->pb); if (sub) { -sub->duration = frame - sub->pts; +if (frame >= sub->pts && (uint64_t)frame - sub->pts < INT64_MAX) +sub->duration = frame - sub->pts; sub = NULL; } } else if (*line) { ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/apedec: fix a integer overflow in long_filter_high_3800()
ffmpeg | branch: release/3.2 | Michael Niedermayer | Mon Mar 28 00:12:17 2022 +0200| [6a6bb09a953f1c2d19d24c791a4ec3c8f15fb88b] | committer: Michael Niedermayer avcodec/apedec: fix a integer overflow in long_filter_high_3800() Fixes: signed integer overflow: -2146549696 - 3923884 cannot be represented in type 'int' Fixes: 45907/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5992380584558592 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit b085b400becb93ccc68d786ab738b1fc50408b89) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6a6bb09a953f1c2d19d24c791a4ec3c8f15fb88b --- libavcodec/apedec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/apedec.c b/libavcodec/apedec.c index 2064bb26e2..07128777ab 100644 --- a/libavcodec/apedec.c +++ b/libavcodec/apedec.c @@ -905,7 +905,7 @@ static void long_filter_high_3800(int32_t *buffer, int order, int shift, int len dotprod += delay[j] * (unsigned)coeffs[j]; coeffs[j] += ((delay[j] >> 31) | 1) * sign; } -buffer[i] -= dotprod >> shift; +buffer[i] -= (unsigned)(dotprod >> shift); for (j = 0; j < order - 1; j++) delay[j] = delay[j + 1]; delay[order - 1] = buffer[i]; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/cafdec: Do not store empty keys in read_info_chunk()
ffmpeg | branch: release/3.2 | Michael Niedermayer | Sat Mar 19 23:36:22 2022 +0100| [f7dbbbdaf0b2cc36cd74b70ea3d8b924d3b5d2c3] | committer: Michael Niedermayer avformat/cafdec: Do not store empty keys in read_info_chunk() Fixes: Timeout Fixes: 45543/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-5684953164152832 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 7ec28e1d4cef723485f50f7a08859752b79b570c) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f7dbbbdaf0b2cc36cd74b70ea3d8b924d3b5d2c3 --- libavformat/cafdec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/cafdec.c b/libavformat/cafdec.c index f23cf50640..3d9c48eaf8 100644 --- a/libavformat/cafdec.c +++ b/libavformat/cafdec.c @@ -235,6 +235,8 @@ static void read_info_chunk(AVFormatContext *s, int64_t size) char value[1024]; avio_get_str(pb, INT_MAX, key, sizeof(key)); avio_get_str(pb, INT_MAX, value, sizeof(value)); +if (!*key) +continue; av_dict_set(>metadata, key, value, 0); } } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/hls: Check target_duration
ffmpeg | branch: release/3.2 | Michael Niedermayer | Sun Mar 20 22:54:31 2022 +0100| [6d4c5f4e2b3c4101bcd02855bf5d8bdbdd5b] | committer: Michael Niedermayer avformat/hls: Check target_duration Fixes: signed integer overflow: 77 * 100 cannot be represented in type 'long long' Fixes: 45545/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-6438101247983616 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Steven Liu Signed-off-by: Michael Niedermayer (cherry picked from commit a8fd3f7fab83e1beea1c441e1a2e538e7aa431a5) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6d4c5f4e2b3c4101bcd02855bf5d8bdbdd5b --- libavformat/hls.c | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libavformat/hls.c b/libavformat/hls.c index 7915ee7996..0b55507790 100644 --- a/libavformat/hls.c +++ b/libavformat/hls.c @@ -742,10 +742,16 @@ static int parse_playlist(HLSContext *c, const char *url, ); new_rendition(c, , url); } else if (av_strstart(line, "#EXT-X-TARGETDURATION:", )) { +int64_t t; ret = ensure_playlist(c, , url); if (ret < 0) goto fail; -pls->target_duration = strtoll(ptr, NULL, 10) * AV_TIME_BASE; +t = strtoll(ptr, NULL, 10); +if (t < 0 || t >= INT64_MAX / AV_TIME_BASE) { +ret = AVERROR_INVALIDDATA; +goto fail; +} +pls->target_duration = t * AV_TIME_BASE; } else if (av_strstart(line, "#EXT-X-MEDIA-SEQUENCE:", )) { ret = ensure_playlist(c, , url); if (ret < 0) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/matroskadec: Check pre_ns
ffmpeg | branch: release/3.2 | Michael Niedermayer | Sun Feb 13 15:20:02 2022 +0100| [73bb1853b2fb305f77fdff795cd12d65d82894fb] | committer: Michael Niedermayer avformat/matroskadec: Check pre_ns Fixes: division by 0 Fixes: 44615/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6681108677263360 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 710e51677a6f3a5c2b37dc31a597957a22a5e531) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=73bb1853b2fb305f77fdff795cd12d65d82894fb --- libavformat/matroskadec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index 68c1c7024b..08207a8a3a 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -3679,6 +3679,8 @@ static int64_t webm_dash_manifest_compute_bandwidth(AVFormatContext *s, int64_t // prebuffered. pre_bytes = desc_end.end_offset - desc_end.start_offset; pre_ns = desc_end.end_time_ns - desc_end.start_time_ns; +if (pre_ns <= 0) +return -1; pre_sec = pre_ns / nano_seconds_per_second; prebuffer_bytes += pre_bytes * ((temp_prebuffer_ns / nano_seconds_per_second) / pre_sec); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/sonic: Use unsigned for predictor_k to avoid undefined behavior
ffmpeg | branch: release/3.2 | Michael Niedermayer | Tue Feb 8 00:43:56 2022 +0100| [8e68f7f7ba55393bcd25c8ddd1c77dd47e081474] | committer: Michael Niedermayer avcodec/sonic: Use unsigned for predictor_k to avoid undefined behavior Fixes: signed integer overflow: -1094995529 * 24 cannot be represented in type 'int' Fixes: 44436/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-4874459459223552 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 28008bf95ed9b2ab5945ae6658358ad7c7f1df35) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8e68f7f7ba55393bcd25c8ddd1c77dd47e081474 --- libavcodec/sonic.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/sonic.c b/libavcodec/sonic.c index 7e4427f748..05351ba859 100644 --- a/libavcodec/sonic.c +++ b/libavcodec/sonic.c @@ -1018,7 +1018,7 @@ static int sonic_decode_frame(AVCodecContext *avctx, // dequantize for (i = 0; i < s->num_taps; i++) -s->predictor_k[i] *= s->tap_quant[i]; +s->predictor_k[i] *= (unsigned) s->tap_quant[i]; if (s->lossless) quant = 1; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/matroskadec: Use rounded down duration in get_cue_desc() check
ffmpeg | branch: release/3.2 | Michael Niedermayer | Thu Mar 10 23:24:49 2022 +0100| [aee90d406464baf25ee1dfbf0d3b2a2530d2f61d] | committer: Michael Niedermayer avformat/matroskadec: Use rounded down duration in get_cue_desc() check Floating point is evil, it would be better if duration was not a double Fixes: Infinite loop Fixes: 45123/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6725052291219456 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit bd3a03db9aef72ee36a7cc964171e9f52967f4bc) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=aee90d406464baf25ee1dfbf0d3b2a2530d2f61d --- libavformat/matroskadec.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index 6344f06282..68c1c7024b 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -3495,7 +3495,9 @@ static CueDesc get_cue_desc(AVFormatContext *s, int64_t ts, int64_t cues_start) int i; int nb_index_entries = s->streams[0]->nb_index_entries; AVIndexEntry *index_entries = s->streams[0]->index_entries; -if (ts >= matroska->duration * matroska->time_scale) return (CueDesc) {-1, -1, -1, -1}; + +if (ts >= (int64_t)(matroska->duration * matroska->time_scale)) +return (CueDesc) {-1, -1, -1, -1}; for (i = 1; i < nb_index_entries; i++) { if (index_entries[i - 1].timestamp * matroska->time_scale <= ts && index_entries[i].timestamp * matroska->time_scale > ts) { ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/rmdec: Better duplicate tags check
ffmpeg | branch: release/3.2 | Michael Niedermayer | Thu Feb 24 00:26:08 2022 +0100| [2063db041e5c756dff4dbcafdd8c63f9caf30cb9] | committer: Michael Niedermayer avformat/rmdec: Better duplicate tags check Fixes: memleaks Fixes: 44810/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-5619494647627776 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 15a646e5018078a0954918f510f819a5599f0445) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2063db041e5c756dff4dbcafdd8c63f9caf30cb9 --- libavformat/rmdec.c | 9 + 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c index 29ed4d706e..7b9097e7ec 100644 --- a/libavformat/rmdec.c +++ b/libavformat/rmdec.c @@ -131,10 +131,6 @@ static int rm_read_audio_stream_info(AVFormatContext *s, AVIOContext *pb, uint32_t version; int ret; -// Duplicate tags -if (st->codecpar->codec_type == AVMEDIA_TYPE_AUDIO) -return AVERROR_INVALIDDATA; - /* ra type header */ version = avio_rb16(pb); /* version */ if (version == 3) { @@ -333,6 +329,11 @@ int ff_rm_read_mdpr_codecdata(AVFormatContext *s, AVIOContext *pb, if (codec_data_size == 0) return 0; +// Duplicate tags +if ( st->codecpar->codec_type != AVMEDIA_TYPE_UNKNOWN +&& st->codecpar->codec_type != AVMEDIA_TYPE_DATA) +return AVERROR_INVALIDDATA; + avpriv_set_pts_info(st, 64, 1, 1000); codec_pos = avio_tell(pb); v = avio_rb32(pb); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/avidec: Check height
ffmpeg | branch: release/3.2 | Michael Niedermayer | Sun Feb 27 21:44:29 2022 +0100| [34f075f3ff6ff194662dba00645e0deb2f4005b8] | committer: Michael Niedermayer avformat/avidec: Check height Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself Fixes: Ticket8486 Signed-off-by: Michael Niedermayer (cherry picked from commit ec8ff659f57786c4cb089b07dfeab7e5cbab8d52) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=34f075f3ff6ff194662dba00645e0deb2f4005b8 --- libavformat/avidec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/avidec.c b/libavformat/avidec.c index 20ce107f34..b8dd3bafab 100644 --- a/libavformat/avidec.c +++ b/libavformat/avidec.c @@ -841,6 +841,8 @@ FF_ENABLE_DEPRECATION_WARNINGS memcpy(st->codecpar->extradata + st->codecpar->extradata_size - 9, "BottomUp", 9); } +if (st->codecpar->height == INT_MIN) +return AVERROR_INVALIDDATA; st->codecpar->height = FFABS(st->codecpar->height); //avio_skip(pb, size - 5 * 4); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/mov: Disallow empty sidx
ffmpeg | branch: release/3.2 | Michael Niedermayer | Wed Mar 2 13:01:53 2022 +0100| [4e7092faaa492d8ac9580a05da8884245a193b4e] | committer: Michael Niedermayer avformat/mov: Disallow empty sidx It appears this is not allowed "Each Segment Index box documents how a (sub)segment is divided into one or more subsegments (which may themselves be further subdivided using Segment Index boxes)." Fixes: Null pointer dereference Fixes: Ticket9517 Reviewed-by: Paul B Mahol Signed-off-by: Michael Niedermayer (cherry picked from commit 4419433d77278cb742944c4514be5f72a04103c0) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4e7092faaa492d8ac9580a05da8884245a193b4e --- libavformat/mov.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mov.c b/libavformat/mov.c index 71e68dc9a4..4df3bb2f21 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -4357,7 +4357,7 @@ static int mov_read_sidx(MOVContext *c, AVIOContext *pb, MOVAtom atom) index->track_id = track_id; index->item_count = avio_rb16(pb); -index->items = av_mallocz_array(index->item_count, sizeof(MOVFragmentIndexItem)); +index->items = index->item_count ? av_mallocz_array(index->item_count, sizeof(MOVFragmentIndexItem)) : NULL; if (!index->items) { av_freep(); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/matroskadec: Check duration
ffmpeg | branch: release/3.2 | Michael Niedermayer | Mon Feb 14 20:01:35 2022 +0100| [a8744292982217c9183c616b06c1a4ab9acb223f] | committer: Michael Niedermayer avformat/matroskadec: Check duration Fixes: -nan is outside the range of representable values of type 'long' Fixes: 44614/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6216204841254912 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Andreas Rheinhardt Signed-off-by: Michael Niedermayer (cherry picked from commit 36680078ca3302496d9b0b8a8d7168ce9eabb2bc) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a8744292982217c9183c616b06c1a4ab9acb223f --- libavformat/matroskadec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index ce886bda3a..6344f06282 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -2490,6 +2490,8 @@ static int matroska_read_header(AVFormatContext *s) if (!matroska->time_scale) matroska->time_scale = 100; +if (isnan(matroska->duration)) +matroska->duration = 0; if (matroska->duration) matroska->ctx->duration = matroska->duration * matroska->time_scale * 1000 / AV_TIME_BASE; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/jpeglsdec: Check get_ur_golomb_jpegls() for error
ffmpeg | branch: release/3.2 | Michael Niedermayer | Sat Feb 12 22:02:13 2022 +0100| [df52930a84eb85625e088015436f1b972361ac6f] | committer: Michael Niedermayer avcodec/jpeglsdec: Check get_ur_golomb_jpegls() for error Fixes: Timeout Fixes: Invalid shift Fixes: 44548/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-556487680891289 Fixes: 44569/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AMV_fuzzer-6302543246917632 Fixes: 44570/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THP_fuzzer-4550196556595200 Fixes: 44592/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5651610385121280 Fixes: 44571/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5094698987945984 Fixes: 44607/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5341352013987840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 151f83584eeb1912c8bdcd0c1ab1296e8664a0de) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=df52930a84eb85625e088015436f1b972361ac6f --- libavcodec/jpeglsdec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/jpeglsdec.c b/libavcodec/jpeglsdec.c index 1373288adb..b02f58c63b 100644 --- a/libavcodec/jpeglsdec.c +++ b/libavcodec/jpeglsdec.c @@ -195,6 +195,8 @@ static inline int ls_get_code_runterm(GetBitContext *gb, JLSState *state, #endif ret = get_ur_golomb_jpegls(gb, k, state->limit - limit_add - 1, state->qbpp); +if (ret < 0) +return -0x1; /* decode mapped error */ map = 0; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/jpeglsdec: Fix if( code style
ffmpeg | branch: release/3.2 | Michael Niedermayer | Tue Feb 15 21:01:06 2022 +0100| [d1234b92b3e4d746e14c79652e54b44efd3ab964] | committer: Michael Niedermayer avcodec/jpeglsdec: Fix if( code style Signed-off-by: Michael Niedermayer (cherry picked from commit f306b8e80ab04cfd8f6cd577a4484cb791d6e765) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d1234b92b3e4d746e14c79652e54b44efd3ab964 --- libavcodec/jpeglsdec.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavcodec/jpeglsdec.c b/libavcodec/jpeglsdec.c index b02f58c63b..55d2bcc6e1 100644 --- a/libavcodec/jpeglsdec.c +++ b/libavcodec/jpeglsdec.c @@ -67,7 +67,7 @@ int ff_jpegls_decode_lse(MJpegDecodeContext *s) s->t3 = get_bits(>gb, 16); s->reset = get_bits(>gb, 16); -if(s->avctx->debug & FF_DEBUG_PICT_INFO) { +if (s->avctx->debug & FF_DEBUG_PICT_INFO) { av_log(s->avctx, AV_LOG_DEBUG, "Coding parameters maxval:%d T1:%d T2:%d T3:%d reset:%d\n", s->maxval, s->t1, s->t2, s->t3, s->reset); } @@ -96,7 +96,7 @@ int ff_jpegls_decode_lse(MJpegDecodeContext *s) else maxtab = 65530/wt - 1; -if(s->avctx->debug & FF_DEBUG_PICT_INFO) { +if (s->avctx->debug & FF_DEBUG_PICT_INFO) { av_log(s->avctx, AV_LOG_DEBUG, "LSE palette %d tid:%d wt:%d maxtab:%d\n", id, tid, wt, maxtab); } if (maxtab >= 256) { @@ -211,7 +211,7 @@ static inline int ls_get_code_runterm(GetBitContext *gb, JLSState *state, ret = ret >> 1; } -if(FFABS(ret) > 0x) +if (FFABS(ret) > 0x) return -0x1; /* update state */ state->A[Q] += FFABS(ret) - RItype; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/motion_est: fix indention of ff_get_best_fcode()
ffmpeg | branch: release/3.2 | Michael Niedermayer | Wed Feb 9 10:31:34 2022 +0100| [09153537771ff3f4f4f6ab2151742db3c614f831] | committer: Michael Niedermayer avcodec/motion_est: fix indention of ff_get_best_fcode() Signed-off-by: Michael Niedermayer (cherry picked from commit ce43e1c581b4ed539ab366cc3df458779e8a44b8) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=09153537771ff3f4f4f6ab2151742db3c614f831 --- libavcodec/motion_est.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavcodec/motion_est.c b/libavcodec/motion_est.c index 5fb5e5e6e7..8374d66057 100644 --- a/libavcodec/motion_est.c +++ b/libavcodec/motion_est.c @@ -1642,9 +1642,9 @@ int ff_get_best_fcode(MpegEncContext * s, int16_t (*mv_table)[2], int type) fcode_tab[my + MAX_MV]); int j; -if(mx >= range || mx < -range || - my >= range || my < -range) -continue; +if (mx >= range || mx < -range || +my >= range || my < -range) +continue; for(j=0; jpict_type==AV_PICTURE_TYPE_B || s->current_picture.mc_mb_var[xy] < s->current_picture.mb_var[xy]) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/matroskadec: Check desc_bytes
ffmpeg | branch: release/3.2 | Michael Niedermayer | Sat Feb 5 20:37:22 2022 +0100| [c787a2733596c942d266fe822f3486aad9b3b3f6] | committer: Michael Niedermayer avformat/matroskadec: Check desc_bytes Fixes: Division by 0 Fixes: 44035/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-4826721386364928 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 5038933977d06d1048b41d71e0ada4d1ac536ddc) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c787a2733596c942d266fe822f3486aad9b3b3f6 --- libavformat/matroskadec.c | 12 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index 48e9c1263f..ce886bda3a 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -3686,12 +3686,16 @@ static int64_t webm_dash_manifest_compute_bandwidth(AVFormatContext *s, int64_t do { int64_t desc_bytes = desc_end.end_offset - desc_beg.start_offset; int64_t desc_ns = desc_end.end_time_ns - desc_beg.start_time_ns; -double desc_sec = desc_ns / nano_seconds_per_second; -double calc_bits_per_second = (desc_bytes * 8) / desc_sec; +double desc_sec, calc_bits_per_second, percent, mod_bits_per_second; +if (desc_bytes <= 0) +return -1; + +desc_sec = desc_ns / nano_seconds_per_second; +calc_bits_per_second = (desc_bytes * 8) / desc_sec; // Drop the bps by the percentage of bytes buffered. -double percent = (desc_bytes - prebuffer_bytes) / desc_bytes; -double mod_bits_per_second = calc_bits_per_second * percent; +percent = (desc_bytes - prebuffer_bytes) / desc_bytes; +mod_bits_per_second = calc_bits_per_second * percent; if (prebuffer < desc_sec) { double search_sec = ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/matroskadec: Fix infinite loop with bz decompression
ffmpeg | branch: release/3.2 | Michael Niedermayer | Thu Feb 3 22:46:55 2022 +0100| [28a1cc81382885b2c9f086d3b954c4ea7ad54f0e] | committer: Michael Niedermayer avformat/matroskadec: Fix infinite loop with bz decompression The same check is added to zlib too, it seems not needed there though Fixes: Infinite loop Fixes: 43932/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-6175167573786624 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Andreas Rheinhardt Signed-off-by: Michael Niedermayer (cherry picked from commit 9c3d2cbb510674226b0c8fa6b146bf891f83786c) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=28a1cc81382885b2c9f086d3b954c4ea7ad54f0e --- libavformat/matroskadec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index 4faaf86c2c..48e9c1263f 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -1369,7 +1369,7 @@ static int matroska_decode_buffer(uint8_t **buf, int *buf_size, case MATROSKA_TRACK_ENCODING_COMP_ZLIB: { z_stream zstream = { 0 }; -if (inflateInit() != Z_OK) +if (!pkt_size || inflateInit() != Z_OK) return -1; zstream.next_in = data; zstream.avail_in = isize; @@ -1402,7 +1402,7 @@ static int matroska_decode_buffer(uint8_t **buf, int *buf_size, case MATROSKA_TRACK_ENCODING_COMP_BZLIB: { bz_stream bzstream = { 0 }; -if (BZ2_bzDecompressInit(, 0, 0) != BZ_OK) +if (!pkt_size || BZ2_bzDecompressInit(, 0, 0) != BZ_OK) return -1; bzstream.next_in = data; bzstream.avail_in = isize; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/jpeglsdec: Increase range for N in ls_get_code_runterm() by using unsigned
ffmpeg | branch: release/3.2 | Michael Niedermayer | Sat Feb 5 20:41:08 2022 +0100| [fbffe564768373335d5f4ecc1f1278ab06a1ff92] | committer: Michael Niedermayer avcodec/jpeglsdec: Increase range for N in ls_get_code_runterm() by using unsigned Fixes: left shift of 32768 by 16 places cannot be represented in type 'int' Fixes: Timeout Fixes: 44219/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMVJPEG_fuzzer-4679455379947520 Fixes: 44088/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMVJPEG_fuzzer-4885976600674304 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 6ee283d7d001cfcfec94a023e172bca731e96514) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fbffe564768373335d5f4ecc1f1278ab06a1ff92 --- libavcodec/jpeglsdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/jpeglsdec.c b/libavcodec/jpeglsdec.c index 176300cd2f..1373288adb 100644 --- a/libavcodec/jpeglsdec.c +++ b/libavcodec/jpeglsdec.c @@ -186,7 +186,7 @@ static inline int ls_get_code_runterm(GetBitContext *gb, JLSState *state, if (RItype) temp += state->N[Q] >> 1; -for (k = 0; (state->N[Q] << k) < temp; k++) +for (k = 0; ((unsigned)state->N[Q] << k) < temp; k++) ; #ifdef JLS_BROKEN ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/motion_est: Fix xy indexing on range violation in ff_get_best_fcode()
ffmpeg | branch: release/3.2 | Michael Niedermayer | Tue Feb 8 21:38:50 2022 +0100| [a198d7ab26a8b9756b71d20c1075957fb2fc2bc0] | committer: Michael Niedermayer avcodec/motion_est: Fix xy indexing on range violation in ff_get_best_fcode() This codepath seems untested, no testcases change Found-by: Signed-off-by: Michael Niedermayer (cherry picked from commit 634312a70f4d5afd40058c52b4d8eade1da07a70) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a198d7ab26a8b9756b71d20c1075957fb2fc2bc0 --- libavcodec/motion_est.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libavcodec/motion_est.c b/libavcodec/motion_est.c index 25b606f819..5fb5e5e6e7 100644 --- a/libavcodec/motion_est.c +++ b/libavcodec/motion_est.c @@ -1634,7 +1634,7 @@ int ff_get_best_fcode(MpegEncContext * s, int16_t (*mv_table)[2], int type) for(y=0; ymb_height; y++){ int x; int xy= y*s->mb_stride; -for(x=0; xmb_width; x++){ +for(x=0; xmb_width; x++, xy++){ if(s->mb_type[xy] & type){ int mx= mv_table[xy][0]; int my= mv_table[xy][1]; @@ -1651,7 +1651,6 @@ int ff_get_best_fcode(MpegEncContext * s, int16_t (*mv_table)[2], int type) score[j]-= 170; } } -xy++; } } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/mov: Check size before subtraction
ffmpeg | branch: release/3.2 | Michael Niedermayer | Mon Jan 17 14:26:05 2022 +0100| [446cfcf01a9bc03e0065936ce5b88d5a2f143d96] | committer: Michael Niedermayer avformat/mov: Check size before subtraction Fixes: signed integer overflow: -9223372036854775808 - 8 cannot be represented in type 'long' Fixes: 43542/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5237670148702208 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit d8d9d506a3de976b647bcbb8f76c7b8d30eff576) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=446cfcf01a9bc03e0065936ce5b88d5a2f143d96 --- libavformat/mov.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/mov.c b/libavformat/mov.c index b6d97bf12a..71e68dc9a4 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -5033,6 +5033,8 @@ static int mov_read_default(MOVContext *c, AVIOContext *pb, MOVAtom atom) if (a.size == 0) { a.size = atom.size - total_size + 8; } +if (a.size < 0) +break; a.size -= 8; if (a.size < 0) break; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/utils: Fix invalid NULL pointer operation in ff_parse_key_value()
ffmpeg | branch: release/3.2 | Michael Niedermayer | Fri Feb 4 00:44:32 2022 +0100| [73ca8b9a029b706cb09b6a65968bcff829a705ed] | committer: Michael Niedermayer avformat/utils: Fix invalid NULL pointer operation in ff_parse_key_value() Fixes: pointer index expression with base 0x overflowed to 0x Fixes: 44012/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-5670607746891776 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 59328aabd2c789ae053e18a62a20a7addfd4d069) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=73ca8b9a029b706cb09b6a65968bcff829a705ed --- libavformat/utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index 116c7f8d9a..28a3cfffd6 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -4643,7 +4643,7 @@ void ff_parse_key_value(const char *str, ff_parse_key_val_cb callback_get_buf, key_len = ptr - key; callback_get_buf(context, key, key_len, , _len); -dest_end = dest + dest_len - 1; +dest_end = dest ? dest + dest_len - 1 : NULL; if (*ptr == '\"') { ptr++; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/apedec: Fix integer overflows in predictor_update_3930()
ffmpeg | branch: release/3.2 | Michael Niedermayer | Mon Jan 3 19:15:18 2022 +0100| [d577bde9748710572daf8fe010ec8011b9e23d34] | committer: Michael Niedermayer avcodec/apedec: Fix integer overflows in predictor_update_3930() Fixes: signed integer overflow: 1074134419 - -1075212485 cannot be represented in type 'int' Fixes: 43273/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-4706880883130368 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 0c9c9bbd01bd82c35b6a908592d9dd6d9f4bd4a0) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d577bde9748710572daf8fe010ec8011b9e23d34 --- libavcodec/apedec.c | 16 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/libavcodec/apedec.c b/libavcodec/apedec.c index 276ed6ec50..2064bb26e2 100644 --- a/libavcodec/apedec.c +++ b/libavcodec/apedec.c @@ -1038,13 +1038,13 @@ static av_always_inline int predictor_update_3930(APEPredictor *p, const int delayA) { int32_t predictionA, sign; -int32_t d0, d1, d2, d3; +uint32_t d0, d1, d2, d3; p->buf[delayA] = p->lastA[filter]; d0 = p->buf[delayA]; -d1 = p->buf[delayA] - p->buf[delayA - 1]; -d2 = p->buf[delayA - 1] - p->buf[delayA - 2]; -d3 = p->buf[delayA - 2] - p->buf[delayA - 3]; +d1 = p->buf[delayA] - (unsigned)p->buf[delayA - 1]; +d2 = p->buf[delayA - 1] - (unsigned)p->buf[delayA - 2]; +d3 = p->buf[delayA - 2] - (unsigned)p->buf[delayA - 3]; predictionA = d0 * p->coeffsA[filter][0] + d1 * p->coeffsA[filter][1] + @@ -1055,10 +1055,10 @@ static av_always_inline int predictor_update_3930(APEPredictor *p, p->filterA[filter] = p->lastA[filter] + ((int)(p->filterA[filter] * 31U) >> 5); sign = APESIGN(decoded); -p->coeffsA[filter][0] += ((d0 < 0) * 2 - 1) * sign; -p->coeffsA[filter][1] += ((d1 < 0) * 2 - 1) * sign; -p->coeffsA[filter][2] += ((d2 < 0) * 2 - 1) * sign; -p->coeffsA[filter][3] += ((d3 < 0) * 2 - 1) * sign; +p->coeffsA[filter][0] += (((int32_t)d0 < 0) * 2 - 1) * sign; +p->coeffsA[filter][1] += (((int32_t)d1 < 0) * 2 - 1) * sign; +p->coeffsA[filter][2] += (((int32_t)d2 < 0) * 2 - 1) * sign; +p->coeffsA[filter][3] += (((int32_t)d3 < 0) * 2 - 1) * sign; return p->filterA[filter]; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/apedec: fix integer overflow in 8bit samples
ffmpeg | branch: release/3.2 | Michael Niedermayer | Thu Dec 23 20:39:14 2021 +0100| [ee84c87edf11d5b7edfe0a48414c1d9057b26906] | committer: Michael Niedermayer avcodec/apedec: fix integer overflow in 8bit samples Fixes: signed integer overflow: 2147483542 + 128 cannot be represented in type 'int' Fixes: 42812/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-6344057861832704 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 7cee3b37187dbf61dbebff023f07ceedfc0129bb) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ee84c87edf11d5b7edfe0a48414c1d9057b26906 --- libavcodec/apedec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/apedec.c b/libavcodec/apedec.c index 285f7178eb..276ed6ec50 100644 --- a/libavcodec/apedec.c +++ b/libavcodec/apedec.c @@ -1529,7 +1529,7 @@ static int ape_decode_frame(AVCodecContext *avctx, void *data, for (ch = 0; ch < s->channels; ch++) { sample8 = (uint8_t *)frame->data[ch]; for (i = 0; i < blockstodecode; i++) -*sample8++ = (s->decoded[ch][i] + 0x80) & 0xff; +*sample8++ = (s->decoded[ch][i] + 0x80U) & 0xff; } break; case 16: ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/flvdec: timestamps cannot use the full int64 range
ffmpeg | branch: release/3.2 | Michael Niedermayer | Thu Dec 23 20:36:16 2021 +0100| [da356c4edad595538511430d0eb436aa1c0af4b9] | committer: Michael Niedermayer avformat/flvdec: timestamps cannot use the full int64 range We do not support this as we multiply by 1000 Fixes: signed integer overflow: -45318575073853696 * 1000 cannot be represented in type 'long' Fixes: 42804/clusterfuzz-testcase-minimized-ffmpeg_dem_LIVE_FLV_fuzzer-4630325425209344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit c217ca7718c8e24905d7ba9ede719ae040899476) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=da356c4edad595538511430d0eb436aa1c0af4b9 --- libavformat/flvdec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c index da6f967262..b61ac7f973 100644 --- a/libavformat/flvdec.c +++ b/libavformat/flvdec.c @@ -422,6 +422,8 @@ static int parse_keyframes_index(AVFormatContext *s, AVIOContext *ioc, int64_t m d = av_int2double(avio_rb64(ioc)); if (isnan(d) || d < INT64_MIN || d > INT64_MAX) goto invalid; +if (current_array == && (d <= INT64_MIN / 1000 || d >= INT64_MAX / 1000)) +goto invalid; current_array[0][i] = d; } if (times && filepositions) { ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/vqavideo: reset accounting on error
ffmpeg | branch: release/3.2 | Michael Niedermayer | Sun Dec 19 22:26:00 2021 +0100| [5650737134204ad71a59ff7350ba1b1dfc518fd4] | committer: Michael Niedermayer avcodec/vqavideo: reset accounting on error Fixes: Timeout (same growing chunk is decoded to failure repeatedly) Fixes: 42582/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VQA_fuzzer-6531195591065600 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit d8ea7a67ba62f5d4520e75e56b9954d80e7ff223) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5650737134204ad71a59ff7350ba1b1dfc518fd4 --- libavcodec/vqavideo.c | 7 --- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/libavcodec/vqavideo.c b/libavcodec/vqavideo.c index 00229b6228..87c45ba9cd 100644 --- a/libavcodec/vqavideo.c +++ b/libavcodec/vqavideo.c @@ -592,13 +592,14 @@ static int vqa_decode_chunk(VqaContext *s, AVFrame *frame) if (s->partial_countdown <= 0) { bytestream2_init(>gb, s->next_codebook_buffer, s->next_codebook_buffer_index); /* decompress codebook */ -if ((res = decode_format80(s, s->next_codebook_buffer_index, - s->codebook, s->codebook_size, 0)) < 0) -return res; +res = decode_format80(s, s->next_codebook_buffer_index, + s->codebook, s->codebook_size, 0); /* reset accounting */ s->next_codebook_buffer_index = 0; s->partial_countdown = s->partial_count; +if (res < 0) +return res; } } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/alacdsp: fix integer overflow in decorrelate_stereo()
ffmpeg | branch: release/3.2 | Michael Niedermayer | Thu Jul 23 23:34:15 2020 +0200| [3541d4960b58eb8e2e762e6c8e0629a52c053e5d] | committer: Michael Niedermayer avcodec/alacdsp: fix integer overflow in decorrelate_stereo() Fixes: signed integer overflow: -16777216 * 131 cannot be represented in type 'int' Fixes: 23835/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5669943160078336 Fixes: 41101/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-4636330705944576 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 68457c1e85122ffcadb0c909070dd210095fd2cd) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3541d4960b58eb8e2e762e6c8e0629a52c053e5d --- libavcodec/alacdsp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/alacdsp.c b/libavcodec/alacdsp.c index 9996eb4319..8718d1b6b1 100644 --- a/libavcodec/alacdsp.c +++ b/libavcodec/alacdsp.c @@ -34,7 +34,7 @@ static void decorrelate_stereo(int32_t *buffer[2], int nb_samples, a = buffer[0][i]; b = buffer[1][i]; -a -= (b * decorr_left_weight) >> decorr_shift; +a -= (int)(b * (unsigned)decorr_left_weight) >> decorr_shift; b += a; buffer[0][i] = b; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/4xm: Check for duplicate track ids
ffmpeg | branch: release/3.2 | Michael Niedermayer | Tue Dec 7 09:14:09 2021 +0100| [dc78fd9404c8aae189117c12c65cbd083c217d95] | committer: Michael Niedermayer avformat/4xm: Check for duplicate track ids Signed-off-by: Michael Niedermayer (cherry picked from commit dd949124793c722ed55dead9da245574ace81968) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=dc78fd9404c8aae189117c12c65cbd083c217d95 --- libavformat/4xm.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/4xm.c b/libavformat/4xm.c index 7afdf252c5..2e73d9dd9e 100644 --- a/libavformat/4xm.c +++ b/libavformat/4xm.c @@ -148,6 +148,9 @@ static int parse_strk(AVFormatContext *s, memset(>tracks[fourxm->track_count], 0, sizeof(AudioTrack) * (track + 1 - fourxm->track_count)); fourxm->track_count = track + 1; +} else { +if (fourxm->tracks[track].bits) +return AVERROR_INVALIDDATA; } fourxm->tracks[track].adpcm = AV_RL32(buf + 12); fourxm->tracks[track].channels= AV_RL32(buf + 36); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/4xm: Consider max_streams on reallocating tracks array
ffmpeg | branch: release/3.2 | Michael Niedermayer | Tue Dec 7 09:14:08 2021 +0100| [0bcd3550a4ddc441aae04fedfe2d80918be705ed] | committer: Michael Niedermayer avformat/4xm: Consider max_streams on reallocating tracks array Fixes: OOM Fixes: 41595/clusterfuzz-testcase-minimized-ffmpeg_dem_FOURXM_fuzzer-6355979363549184 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 0dcd95ef8a2e16ed930296567ab1044e33602a34) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0bcd3550a4ddc441aae04fedfe2d80918be705ed --- libavformat/4xm.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/4xm.c b/libavformat/4xm.c index 9880060f84..7afdf252c5 100644 --- a/libavformat/4xm.c +++ b/libavformat/4xm.c @@ -136,7 +136,8 @@ static int parse_strk(AVFormatContext *s, return AVERROR_INVALIDDATA; track = AV_RL32(buf + 8); -if ((unsigned)track >= UINT_MAX / sizeof(AudioTrack) - 1) { +if ((unsigned)track >= UINT_MAX / sizeof(AudioTrack) - 1 || +track >= s->max_streams) { av_log(s, AV_LOG_ERROR, "current_track too large\n"); return AVERROR_INVALIDDATA; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/mov: Check next offset in mov_read_dref()
ffmpeg | branch: release/3.2 | Michael Niedermayer | Sat Dec 4 20:48:54 2021 +0100| [6cdc8b3c133a05f4d30654fcb0af3f3df51409e3] | committer: Michael Niedermayer avformat/mov: Check next offset in mov_read_dref() Fixes: signed integer overflow: 9223372036200463215 + 1109914409 cannot be represented in type 'long' Fixes: 41480/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6553086177443840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 562021e2fd4d74589905d9c566c686394d2b0526) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6cdc8b3c133a05f4d30654fcb0af3f3df51409e3 --- libavformat/mov.c | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libavformat/mov.c b/libavformat/mov.c index fde2a856ef..b6d97bf12a 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -590,11 +590,13 @@ static int mov_read_dref(MOVContext *c, AVIOContext *pb, MOVAtom atom) for (i = 0; i < entries; i++) { MOVDref *dref = >drefs[i]; uint32_t size = avio_rb32(pb); -int64_t next = avio_tell(pb) + size - 4; +int64_t next = avio_tell(pb); -if (size < 12) +if (size < 12 || next < 0 || next > INT64_MAX - size) return AVERROR_INVALIDDATA; +next += size - 4; + dref->type = avio_rl32(pb); avio_rb32(pb); // version + flags av_log(c->fc, AV_LOG_TRACE, "type %.4s size %d\n", (char*)>type, size); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/apedec: Change avg to uint32_t
ffmpeg | branch: release/3.2 | Michael Niedermayer | Fri Dec 3 17:58:50 2021 +0100| [5e8556dd369dc4d4e0cb7c886aca2762c8f28db5] | committer: Michael Niedermayer avcodec/apedec: Change avg to uint32_t Fixes: Integer overflow Fixes: 40973/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-6739312704618496 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Suggested-by: Anton Khirnov Signed-off-by: Michael Niedermayer (cherry picked from commit 0ec75723a484405eb2f2ec2f9e58161b168ed8b0) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5e8556dd369dc4d4e0cb7c886aca2762c8f28db5 --- libavcodec/apedec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/apedec.c b/libavcodec/apedec.c index d9ff138b39..285f7178eb 100644 --- a/libavcodec/apedec.c +++ b/libavcodec/apedec.c @@ -101,7 +101,7 @@ typedef struct APEFilter { int16_t *historybuffer; ///< filter memory int16_t *delay; ///< filtered values -int avg; +uint32_t avg; } APEFilter; typedef struct APERice { ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/mxfdec: Check for duplicate mxf_read_index_entry_array()
ffmpeg | branch: release/3.2 | Michael Niedermayer | Sun Dec 5 22:19:05 2021 +0100| [19a307f68d005d62dbac9dc75474a633bd95f03e] | committer: Michael Niedermayer avformat/mxfdec: Check for duplicate mxf_read_index_entry_array() Fixes: memleak Fixes: 41596/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-6439060204290048 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Tomas Härdin Signed-off-by: Michael Niedermayer (cherry picked from commit 4f44a218e53cd92e64ba10a935bc1e7583c3e218) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=19a307f68d005d62dbac9dc75474a633bd95f03e --- libavformat/mxfdec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c index 2f44c5ae08..2d06ace14a 100644 --- a/libavformat/mxfdec.c +++ b/libavformat/mxfdec.c @@ -900,6 +900,9 @@ static int mxf_read_index_entry_array(AVIOContext *pb, MXFIndexTableSegment *seg { int i, length; +if (segment->temporal_offset_entries) +return AVERROR_INVALIDDATA; + segment->nb_index_entries = avio_rb32(pb); length = avio_rb32(pb); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/mov: Check for EOF in mov_read_glbl()
ffmpeg | branch: release/3.2 | Michael Niedermayer | Sat Dec 4 20:11:35 2021 +0100| [8e09257dcaae88f956fb37347b4eeafd12ab4f07] | committer: Michael Niedermayer avformat/mov: Check for EOF in mov_read_glbl() Fixes: Infinite loop Fixes: 41351/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5433895854669824 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 59b4e7cbd87889c0bac710ac7f62782b637419a1) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8e09257dcaae88f956fb37347b4eeafd12ab4f07 --- libavformat/mov.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/mov.c b/libavformat/mov.c index 6d18ceccbd..fde2a856ef 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -1672,6 +1672,8 @@ static int mov_read_glbl(MOVContext *c, AVIOContext *pb, MOVAtom atom) // wrap a whole fiel atom inside of a glbl atom. unsigned size = avio_rb32(pb); unsigned type = avio_rl32(pb); +if (avio_feof(pb)) +return AVERROR_INVALIDDATA; avio_seek(pb, -8, SEEK_CUR); if (type == MKTAG('f','i','e','l') && size == atom.size) return mov_read_default(c, pb, atom); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avfilter/vf_gblur: fix heap-buffer overflow
ffmpeg | branch: release/3.2 | Paul B Mahol | Wed Oct 16 12:13:04 2019 +0200| [f8b4426c10aa65f4c04847a50ebfdcb8782a49b7] | committer: Michael Niedermayer avfilter/vf_gblur: fix heap-buffer overflow Fixes #8282 (cherry picked from commit 64a805883d7223c868a683f0030837d859edd2ab) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f8b4426c10aa65f4c04847a50ebfdcb8782a49b7 --- libavfilter/vf_gblur.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavfilter/vf_gblur.c b/libavfilter/vf_gblur.c index 27b702998e..f640b506d3 100644 --- a/libavfilter/vf_gblur.c +++ b/libavfilter/vf_gblur.c @@ -222,7 +222,7 @@ static int config_input(AVFilterLink *inlink) s->nb_planes = av_pix_fmt_count_planes(inlink->format); -s->buffer = av_malloc_array(inlink->w, inlink->h * sizeof(*s->buffer)); +s->buffer = av_malloc_array(FFALIGN(inlink->w, 16), FFALIGN(inlink->h, 16) * sizeof(*s->buffer)); if (!s->buffer) return AVERROR(ENOMEM); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/aiffdec: sanity check block_align
ffmpeg | branch: release/3.2 | Michael Niedermayer | Sun Oct 31 00:10:39 2021 +0200| [fe11596a73606e107880b6b186613f299103a53d] | committer: Michael Niedermayer avformat/aiffdec: sanity check block_align Reviewed-by: Paul B Mahol Signed-off-by: Michael Niedermayer (cherry picked from commit 93f7776921ed8c5219732210067016c3457e864d) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fe11596a73606e107880b6b186613f299103a53d --- libavformat/aiffdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/aiffdec.c b/libavformat/aiffdec.c index 3716de1621..d7a37fe207 100644 --- a/libavformat/aiffdec.c +++ b/libavformat/aiffdec.c @@ -350,7 +350,7 @@ got_sound: if (!st->codecpar->block_align && st->codecpar->codec_id == AV_CODEC_ID_QCELP) { av_log(s, AV_LOG_WARNING, "qcelp without wave chunk, assuming full rate\n"); st->codecpar->block_align = 35; -} else if (!st->codecpar->block_align) { +} else if (st->codecpar->block_align <= 0) { av_log(s, AV_LOG_ERROR, "could not find COMM tag or invalid block_align value\n"); return -1; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avfilter/vf_lenscorrection: fix division by zero
ffmpeg | branch: release/3.2 | Paul B Mahol | Sun Oct 13 23:28:16 2019 +0200| [94e502e96b0870177e0af4c1e8718ac71475e374] | committer: Michael Niedermayer avfilter/vf_lenscorrection: fix division by zero Fixes #8265 (cherry picked from commit 19587c9332f5be4f6bc6d7b2b8ef3fd21dfeaa01) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=94e502e96b0870177e0af4c1e8718ac71475e374 --- libavfilter/vf_lenscorrection.c | 6 ++ 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/libavfilter/vf_lenscorrection.c b/libavfilter/vf_lenscorrection.c index 239fe195bd..43f3c1b7d0 100644 --- a/libavfilter/vf_lenscorrection.c +++ b/libavfilter/vf_lenscorrection.c @@ -155,10 +155,8 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in) for (plane = 0; plane < rect->nb_planes; ++plane) { int hsub = plane == 1 || plane == 2 ? rect->hsub : 0; int vsub = plane == 1 || plane == 2 ? rect->vsub : 0; -int hdiv = 1 << hsub; -int vdiv = 1 << vsub; -int w = rect->width / hdiv; -int h = rect->height / vdiv; +int w = AV_CEIL_RSHIFT(rect->width, hsub); +int h = AV_CEIL_RSHIFT(rect->height, vsub); int xcenter = rect->cx * w; int ycenter = rect->cy * h; int k1 = rect->k1 * (1<<24); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/aiffdec: Check sample_rate
ffmpeg | branch: release/3.2 | Michael Niedermayer | Sun Oct 31 00:02:04 2021 +0200| [2d2ed8b045bc90fd3c87309bcdf358f2d0fc84cb] | committer: Michael Niedermayer avformat/aiffdec: Check sample_rate Reviewed-by: Paul B Mahol Signed-off-by: Michael Niedermayer (cherry picked from commit 1b04836dff9958e8bfdbed2746b8c40b1e119ecc) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2d2ed8b045bc90fd3c87309bcdf358f2d0fc84cb --- libavformat/aiffdec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/aiffdec.c b/libavformat/aiffdec.c index 2387d12723..3716de1621 100644 --- a/libavformat/aiffdec.c +++ b/libavformat/aiffdec.c @@ -122,6 +122,9 @@ static int get_aiff_header(AVFormatContext *s, int size, sample_rate = val << exp; else sample_rate = (val + (1ULL<<(-exp-1))) >> -exp; +if (sample_rate <= 0) +return AVERROR_INVALIDDATA; + par->sample_rate = sample_rate; if (size < 18) return AVERROR_INVALIDDATA; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/g729dec: Avoid computing invalid temporary pointers for ff_acelp_weighted_vector_sum()
ffmpeg | branch: release/3.2 | Michael Niedermayer | Thu Oct 17 11:54:12 2019 +0200| [abf9627f70ed8467b1646d56205e61f965f11468] | committer: Michael Niedermayer avcodec/g729dec: Avoid computing invalid temporary pointers for ff_acelp_weighted_vector_sum() Fixes: Ticket8176 Reviewed-by: Paul B Mahol Signed-off-by: Michael Niedermayer (cherry picked from commit 2c78a76cb0443f8a12a5eadc3b58373aa2f4ab22) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=abf9627f70ed8467b1646d56205e61f965f11468 --- libavcodec/g729dec.c | 13 +++-- 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/libavcodec/g729dec.c b/libavcodec/g729dec.c index 908c12a73a..943ddf5297 100644 --- a/libavcodec/g729dec.c +++ b/libavcodec/g729dec.c @@ -536,12 +536,13 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame_ptr, fc_v[i] = < \ fc_v[i] + gain_pitch * fc_v[i-pitch_delay], i >= pitch_delay */ -ff_acelp_weighted_vector_sum(fc + pitch_delay_int[i], - fc + pitch_delay_int[i], - fc, 1 << 14, - av_clip(ctx->past_gain_pitch[0], SHARP_MIN, SHARP_MAX), - 0, 14, - SUBFRAME_SIZE - pitch_delay_int[i]); +if (SUBFRAME_SIZE > pitch_delay_int[i]) +ff_acelp_weighted_vector_sum(fc + pitch_delay_int[i], + fc + pitch_delay_int[i], + fc, 1 << 14, + av_clip(ctx->past_gain_pitch[0], SHARP_MIN, SHARP_MAX), + 0, 14, + SUBFRAME_SIZE - pitch_delay_int[i]); memmove(ctx->past_gain_pitch+1, ctx->past_gain_pitch, 5 * sizeof(int16_t)); ctx->past_gain_code[1] = ctx->past_gain_code[0]; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/flac_parser: Consider AV_INPUT_BUFFER_PADDING_SIZE
ffmpeg | branch: release/3.2 | Michael Niedermayer | Thu Oct 21 13:25:59 2021 +0200| [a19bed14d6bd5554bec70234e24baddda108] | committer: Michael Niedermayer avcodec/flac_parser: Consider AV_INPUT_BUFFER_PADDING_SIZE Fixes: out if array read Fixes: 40109/clusterfuzz-testcase-minimized-ffmpeg_dem_FLAC_fuzzer-4805686811295744 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Mattias Wadman Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a19bed14d6bd5554bec70234e24baddda108 --- libavcodec/flac_parser.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/flac_parser.c b/libavcodec/flac_parser.c index fcd47162bf..40f3f72753 100644 --- a/libavcodec/flac_parser.c +++ b/libavcodec/flac_parser.c @@ -55,6 +55,7 @@ /** largest possible size of flac header */ #define MAX_FRAME_HEADER_SIZE 16 +#define MAX_FRAME_VERIFY_SIZE (MAX_FRAME_HEADER_SIZE) typedef struct FLACHeaderMarker { int offset; /**< byte offset from start of FLACParseContext->buffer */ @@ -169,7 +170,7 @@ static int find_headers_search_validate(FLACParseContext *fpc, int offset) uint8_t *header_buf; int size = 0; header_buf = flac_fifo_read_wrap(fpc, offset, - MAX_FRAME_HEADER_SIZE, + MAX_FRAME_VERIFY_SIZE + AV_INPUT_BUFFER_PADDING_SIZE, >wrap_buf, >wrap_buf_allocated_size); if (frame_header_is_valid(fpc->avctx, header_buf, )) { ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/movenc: Fix segfault when remuxing rtp hint stream
ffmpeg | branch: release/3.2 | Andreas Rheinhardt | Tue Sep 29 10:21:34 2020 +0200| [f1a77222da98dbe4b8eeda54d68deefe6adcd299] | committer: Michael Niedermayer avformat/movenc: Fix segfault when remuxing rtp hint stream When remuxing an rtp hint stream (or any stream with the tag "rtp "), the mov muxer treats this as one of the rtp hint tracks it creates internally when ordered to do so; yet this track lacks the AVFormatContext for the hinting rtp muxer, leading to segfaults in mov_write_udta_sdp() if a "trak" atom is written for this stream; if not, the stream's codecpar is freed by mov_free() as if the mov muxer owned it (it does for the internally created "rtp " tracks), but without resetting st->codecpar, leading to double-frees lateron. This commit therefore ignores said tag which makes rtp hint streams unremuxable. This fixes tickets #8181 and #8186. Signed-off-by: Andreas Rheinhardt (cherry picked from commit 22c3cd176079dd104ec7610ead697235b04396f1) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f1a77222da98dbe4b8eeda54d68deefe6adcd299 --- libavformat/movenc.c | 4 1 file changed, 4 insertions(+) diff --git a/libavformat/movenc.c b/libavformat/movenc.c index 374acd2874..e18ce112e5 100644 --- a/libavformat/movenc.c +++ b/libavformat/movenc.c @@ -1442,6 +1442,10 @@ static int mov_get_codec_tag(AVFormatContext *s, MOVTrack *track) { int tag = track->par->codec_tag; +// "rtp " is used to distinguish internally created RTP-hint tracks +// (with rtp_ctx) from other tracks. +if (tag == MKTAG('r','t','p',' ')) +tag = 0; if (!tag || (s->strict_std_compliance >= FF_COMPLIANCE_NORMAL && (track->par->codec_id == AV_CODEC_ID_DVVIDEO || track->par->codec_id == AV_CODEC_ID_RAWVIDEO || ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/tty: add probe function
ffmpeg | branch: release/3.2 | Paul B Mahol | Mon Jan 27 21:53:08 2020 +0100| [7df2ff54e8ffc1ce59f3642de9658a789c8782aa] | committer: Michael Niedermayer avformat/tty: add probe function (cherry picked from commit 3bce9e9b3ea35c54ba793d7da99ea5157532) > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7df2ff54e8ffc1ce59f3642de9658a789c8782aa --- libavformat/tty.c | 21 - 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/libavformat/tty.c b/libavformat/tty.c index b407645ee4..6228762e4a 100644 --- a/libavformat/tty.c +++ b/libavformat/tty.c @@ -34,6 +34,13 @@ #include "internal.h" #include "sauce.h" +static int isansicode(int x) +{ +return x == 0x1B || x == 0x0A || x == 0x0D || (x >= 0x20 && x < 0x7f); +} + +static const char tty_extensions[31] = "ans,art,asc,diz,ice,nfo,txt,vt"; + typedef struct TtyDemuxContext { AVClass *class; int chars_per_frame; @@ -42,6 +49,17 @@ typedef struct TtyDemuxContext { AVRational framerate; /**< Set by a private option. */ } TtyDemuxContext; +static int read_probe(const AVProbeData *p) +{ +int cnt = 0; + +for (int i = 0; i < p->buf_size; i++) +cnt += !!isansicode(p->buf[i]); + +return (cnt * 100LL / p->buf_size) * (cnt > 400) * +!!av_match_ext(p->filename, tty_extensions); +} + /** * Parse EFI header */ @@ -153,8 +171,9 @@ AVInputFormat ff_tty_demuxer = { .name = "tty", .long_name = NULL_IF_CONFIG_SMALL("Tele-typewriter"), .priv_data_size = sizeof(TtyDemuxContext), +.read_probe = read_probe, .read_header= read_header, .read_packet= read_packet, -.extensions = "ans,art,asc,diz,ice,nfo,txt,vt", +.extensions = tty_extensions, .priv_class = _demuxer_class, }; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/ttadsp: Fix integer overflows in tta_filter_process_c()
ffmpeg | branch: release/3.2 | Michael Niedermayer | Fri Oct 15 00:04:59 2021 +0200| [d57898b74b0a597a94e25971f05fa43face66ef4] | committer: Michael Niedermayer avcodec/ttadsp: Fix integer overflows in tta_filter_process_c() Fixes: signed integer overflow: 822841647 + 1647055738 cannot be represented in type 'int' Fixes: 39935/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-4592657142251520 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit f24028c798397af720acb838357785aa705a8122) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d57898b74b0a597a94e25971f05fa43face66ef4 --- libavcodec/ttadsp.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavcodec/ttadsp.c b/libavcodec/ttadsp.c index 1d1443aee0..99dd66a0c2 100644 --- a/libavcodec/ttadsp.c +++ b/libavcodec/ttadsp.c @@ -47,9 +47,9 @@ static void tta_filter_process_c(int32_t *qmi, int32_t *dx, int32_t *dl, *error = *in; *in += (round >> shift); -dl[4] = -dl[5]; dl[5] = -dl[6]; -dl[6] = *in - dl[7]; dl[7] = *in; -dl[5] += dl[6]; dl[4] += dl[5]; +dl[4] = -(unsigned)dl[5]; dl[5] = -(unsigned)dl[6]; +dl[6] = *in -(unsigned)dl[7]; dl[7] = *in; +dl[5] += (unsigned)dl[6]; dl[4] += (unsigned)dl[5]; } av_cold void ff_ttadsp_init(TTADSPContext *c) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avutil/mathematics: Document av_rescale_rnd() behavior on non int64 results
ffmpeg | branch: release/3.2 | Michael Niedermayer | Wed Oct 20 19:51:08 2021 +0200| [e8363735fb8338f67da542622111039782054e92] | committer: Michael Niedermayer avutil/mathematics: Document av_rescale_rnd() behavior on non int64 results Reviewed-by: Derek Buitenhuis Signed-off-by: Michael Niedermayer (cherry picked from commit e154353fdb73dc1b3c1519350244d5346f761850) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e8363735fb8338f67da542622111039782054e92 --- libavutil/mathematics.h | 1 + 1 file changed, 1 insertion(+) diff --git a/libavutil/mathematics.h b/libavutil/mathematics.h index 54901800ba..64d4137a60 100644 --- a/libavutil/mathematics.h +++ b/libavutil/mathematics.h @@ -134,6 +134,7 @@ int64_t av_rescale(int64_t a, int64_t b, int64_t c) av_const; * * The operation is mathematically equivalent to `a * b / c`, but writing that * directly can overflow, and does not support different rounding methods. + * If the result is not representable then INT64_MIN is returned. * * @see av_rescale(), av_rescale_q(), av_rescale_q_rnd() */ ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] doc: install css files along html docs
ffmpeg | branch: master | Timo Rothenpieler | Thu Apr 7 20:11:24 2022 +0200| [d5687236aba6fd31dd4369c290df9a5b1192e43e] | committer: Timo Rothenpieler doc: install css files along html docs > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d5687236aba6fd31dd4369c290df9a5b1192e43e --- doc/Makefile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/doc/Makefile b/doc/Makefile index 58ca3fabd8..0f09783699 100644 --- a/doc/Makefile +++ b/doc/Makefile @@ -27,6 +27,9 @@ HTMLPAGES = $(AVPROGS-yes:%=doc/%.html) $(AVPROGS-yes:%=doc/%-all.html) $(COMP doc/mailing-list-faq.html \ doc/nut.html \ doc/platform.html \ + doc/bootstrap.min.css \ + doc/style.min.css \ + doc/default.css \ TXTPAGES= doc/fate.txt \ ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".