date:20220418

[FFmpeg-cvslog] avfilter/avf_avectorscope: set time_base to outlink

2022-04-18 Thread Paul B Mahol

ffmpeg | branch: master | Paul B Mahol  | Mon Apr 18 20:22:34 
2022 +0200| [d41f85235dad4577c806381576821abe4f6ca97f] | committer: Paul B Mahol

avfilter/avf_avectorscope: set time_base to outlink

And rescale timestamps.

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d41f85235dad4577c806381576821abe4f6ca97f
---

 libavfilter/avf_avectorscope.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libavfilter/avf_avectorscope.c b/libavfilter/avf_avectorscope.c
index b873599ac7..200b2e452c 100644
--- a/libavfilter/avf_avectorscope.c
+++ b/libavfilter/avf_avectorscope.c
@@ -240,6 +240,7 @@ static int config_output(AVFilterLink *outlink)
 outlink->h = s->h;
 outlink->sample_aspect_ratio = (AVRational){1,1};
 outlink->frame_rate = s->frame_rate;
+outlink->time_base = av_inv_q(outlink->frame_rate);
 
 s->prev_x = s->hw = s->w / 2;
 s->prev_y = s->hh = s->mode == POLAR ? s->h - 1 : s->h / 2;
@@ -273,7 +274,7 @@ static int filter_frame(AVFilterLink *inlink, AVFrame 
*insamples)
 for (i = 0; i < outlink->h; i++)
 memset(s->outpicref->data[0] + i * s->outpicref->linesize[0], 0, 
outlink->w * 4);
 }
-s->outpicref->pts = insamples->pts;
+s->outpicref->pts = av_rescale_q(insamples->pts, inlink->time_base, 
outlink->time_base);
 
 av_frame_make_writable(s->outpicref);
 ff_filter_execute(ctx, fade, NULL, NULL, FFMIN(outlink->h, 
ff_filter_get_nb_threads(ctx)));

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avfilter/avf_showvolume: set time_base to outlink

2022-04-18 Thread Paul B Mahol

ffmpeg | branch: master | Paul B Mahol  | Mon Apr 18 20:19:21 
2022 +0200| [9f73c40d324211756ab6de3573495b5a12aeab9d] | committer: Paul B Mahol

avfilter/avf_showvolume: set time_base to outlink

And rescale timestamps.

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9f73c40d324211756ab6de3573495b5a12aeab9d
---

 libavfilter/avf_showvolume.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libavfilter/avf_showvolume.c b/libavfilter/avf_showvolume.c
index eb79a5ebdb..a930a1ee2a 100644
--- a/libavfilter/avf_showvolume.c
+++ b/libavfilter/avf_showvolume.c
@@ -213,6 +213,7 @@ static int config_output(AVFilterLink *outlink)
 
 outlink->sample_aspect_ratio = (AVRational){1,1};
 outlink->frame_rate = s->frame_rate;
+outlink->time_base = av_inv_q(outlink->frame_rate);
 
 for (ch = 0; ch < inlink->ch_layout.nb_channels; ch++) {
 int i;
@@ -338,7 +339,7 @@ static int filter_frame(AVFilterLink *inlink, AVFrame 
*insamples)
 }
 clear_picture(s, outlink);
 }
-s->out->pts = insamples->pts;
+s->out->pts = av_rescale_q(insamples->pts, inlink->time_base, 
outlink->time_base);
 
 if ((s->f < 1.) && (s->f > 0.)) {
 for (j = 0; j < outlink->h; j++) {

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/takdsp: Fix integer overflow in decorrelate_sf()

2022-04-18 Thread Michael Niedermayer

ffmpeg | branch: release/3.2 | Michael Niedermayer  | 
Mon Mar 28 00:26:06 2022 +0200| [7221c80aae481d139db82dd628c28f5341578050] | 
committer: Michael Niedermayer

avcodec/takdsp: Fix integer overflow in decorrelate_sf()

Fixes: signed integer overflow: -101 * 71041254 cannot be represented in type 
'int'
Fixes: 
45938/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TAK_fuzzer-4687974320701440

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 01d8c887f63bcb1f870034ed441504b3daffc645)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7221c80aae481d139db82dd628c28f5341578050
---

 libavcodec/takdsp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/takdsp.c b/libavcodec/takdsp.c
index 9cb8052596..a8f9dba342 100644
--- a/libavcodec/takdsp.c
+++ b/libavcodec/takdsp.c
@@ -65,7 +65,7 @@ static void decorrelate_sf(int32_t *p1, int32_t *p2, int 
length, int dshift, int
 for (i = 0; i < length; i++) {
 int32_t a = p1[i];
 int32_t b = p2[i];
-b = (unsigned)(dfactor * (b >> dshift) + 128 >> 8) << dshift;
+b = (unsigned)((int)(dfactor * (unsigned)(b >> dshift) + 128) 
>> 8) << dshift;
 p1[i] = b - a;
 }
 }

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] configure: bump year

2022-04-18 Thread Gyan Doshi

ffmpeg | branch: release/3.2 | Gyan Doshi  | Sat Jan  1 
00:47:41 2022 +0530| [a82872c2839660fad35dce157963781b708c4044] | committer: 
Michael Niedermayer

configure: bump year

(cherry picked from commit 2f6360ff21a98f9db6af3e0932d39f1dc7b47d6c)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a82872c2839660fad35dce157963781b708c4044
---

 configure | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configure b/configure
index 245783d4de..194b639f38 100755
--- a/configure
+++ b/configure
@@ -6703,7 +6703,7 @@ cat > $TMPH

[FFmpeg-cvslog] avfilter/vf_lenscorrection: make width/height int

2022-04-18 Thread Paul B Mahol

ffmpeg | branch: release/3.2 | Paul B Mahol  | Mon Oct 14 
20:14:03 2019 +0200| [350f2378c35e4fcfdc26c15d5374c6b8d6c64158] | committer: 
Michael Niedermayer

avfilter/vf_lenscorrection: make width/height int

Somehow previous correct fix broke usage.

(cherry picked from commit 79522411fa53b68743302d16d28156db95466a21)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=350f2378c35e4fcfdc26c15d5374c6b8d6c64158
---

 libavfilter/vf_lenscorrection.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavfilter/vf_lenscorrection.c b/libavfilter/vf_lenscorrection.c
index 43f3c1b7d0..754b8f5ada 100644
--- a/libavfilter/vf_lenscorrection.c
+++ b/libavfilter/vf_lenscorrection.c
@@ -36,8 +36,8 @@
 
 typedef struct LenscorrectionCtx {
 const AVClass *av_class;
-unsigned int width;
-unsigned int height;
+int width;
+int height;
 int hsub, vsub;
 int nb_planes;
 double cx, cy, k1, k2;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/diracdec: avoid signed integer overflow in global mv

2022-04-18 Thread Michael Niedermayer

ffmpeg | branch: release/3.2 | Michael Niedermayer  | 
Mon Mar 21 20:51:47 2022 +0100| [07d533880c36e8d169c50da067ef7e162920886f] | 
committer: Michael Niedermayer

avcodec/diracdec: avoid signed integer overflow in global mv

Fixes: signed integer overflow: -128275513086 * -76056576 cannot be represented 
in type 'long'
Fixes: 
45818/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5129799149944832

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 7f1279684e8e1e33c78577b7f0265c062e4e6232)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=07d533880c36e8d169c50da067ef7e162920886f
---

 libavcodec/diracdec.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c
index d6c2132c3b..a59284d928 100644
--- a/libavcodec/diracdec.c
+++ b/libavcodec/diracdec.c
@@ -1406,8 +1406,8 @@ static void global_mv(DiracContext *s, DiracBlock *block, 
int x, int y, int ref)
 int *c  = s->globalmc[ref].perspective;
 
 int64_t m   = (1> (ez+ep);
 block->u.mv[ref][1] = (my + (1<<(ez+ep))) >> (ez+ep);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/aqtitledec: Skip unrepresentable durations

2022-04-18 Thread Michael Niedermayer

ffmpeg | branch: release/3.2 | Michael Niedermayer  | 
Sun Mar 20 00:07:50 2022 +0100| [e3f08b416211f435249a92903d19b8ae9203a27d] | 
committer: Michael Niedermayer

avformat/aqtitledec: Skip unrepresentable durations

Fixes: signed integer overflow: -5 - 9223372036854775807 cannot be represented 
in type 'long'
Fixes: 
45665/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-475618463934054

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit c2d1597a8a6470045a8da241d4f65c81f26c3107)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e3f08b416211f435249a92903d19b8ae9203a27d
---

 libavformat/aqtitledec.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libavformat/aqtitledec.c b/libavformat/aqtitledec.c
index 317547c4f4..01b4fd7b93 100644
--- a/libavformat/aqtitledec.c
+++ b/libavformat/aqtitledec.c
@@ -74,7 +74,8 @@ static int aqt_read_header(AVFormatContext *s)
 new_event = 1;
 pos = avio_tell(s->pb);
 if (sub) {
-sub->duration = frame - sub->pts;
+if (frame >= sub->pts && (uint64_t)frame - sub->pts < 
INT64_MAX)
+sub->duration = frame - sub->pts;
 sub = NULL;
 }
 } else if (*line) {

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/apedec: fix a integer overflow in long_filter_high_3800()

2022-04-18 Thread Michael Niedermayer

ffmpeg | branch: release/3.2 | Michael Niedermayer  | 
Mon Mar 28 00:12:17 2022 +0200| [6a6bb09a953f1c2d19d24c791a4ec3c8f15fb88b] | 
committer: Michael Niedermayer

avcodec/apedec: fix a integer overflow in long_filter_high_3800()

Fixes: signed integer overflow: -2146549696 - 3923884 cannot be represented in 
type 'int'
Fixes: 
45907/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5992380584558592

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit b085b400becb93ccc68d786ab738b1fc50408b89)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6a6bb09a953f1c2d19d24c791a4ec3c8f15fb88b
---

 libavcodec/apedec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/apedec.c b/libavcodec/apedec.c
index 2064bb26e2..07128777ab 100644
--- a/libavcodec/apedec.c
+++ b/libavcodec/apedec.c
@@ -905,7 +905,7 @@ static void long_filter_high_3800(int32_t *buffer, int 
order, int shift, int len
 dotprod += delay[j] * (unsigned)coeffs[j];
 coeffs[j] += ((delay[j] >> 31) | 1) * sign;
 }
-buffer[i] -= dotprod >> shift;
+buffer[i] -= (unsigned)(dotprod >> shift);
 for (j = 0; j < order - 1; j++)
 delay[j] = delay[j + 1];
 delay[order - 1] = buffer[i];

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/cafdec: Do not store empty keys in read_info_chunk()

2022-04-18 Thread Michael Niedermayer

ffmpeg | branch: release/3.2 | Michael Niedermayer  | 
Sat Mar 19 23:36:22 2022 +0100| [f7dbbbdaf0b2cc36cd74b70ea3d8b924d3b5d2c3] | 
committer: Michael Niedermayer

avformat/cafdec: Do not store empty keys in read_info_chunk()

Fixes: Timeout
Fixes: 
45543/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-5684953164152832

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 7ec28e1d4cef723485f50f7a08859752b79b570c)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f7dbbbdaf0b2cc36cd74b70ea3d8b924d3b5d2c3
---

 libavformat/cafdec.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavformat/cafdec.c b/libavformat/cafdec.c
index f23cf50640..3d9c48eaf8 100644
--- a/libavformat/cafdec.c
+++ b/libavformat/cafdec.c
@@ -235,6 +235,8 @@ static void read_info_chunk(AVFormatContext *s, int64_t 
size)
 char value[1024];
 avio_get_str(pb, INT_MAX, key, sizeof(key));
 avio_get_str(pb, INT_MAX, value, sizeof(value));
+if (!*key)
+continue;
 av_dict_set(>metadata, key, value, 0);
 }
 }

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/hls: Check target_duration

2022-04-18 Thread Michael Niedermayer

ffmpeg | branch: release/3.2 | Michael Niedermayer  | 
Sun Mar 20 22:54:31 2022 +0100| [6d4c5f4e2b3c4101bcd02855bf5d8bdbdd5b] | 
committer: Michael Niedermayer

avformat/hls: Check target_duration

Fixes: signed integer overflow: 77 * 100 cannot be represented 
in type 'long long'
Fixes: 
45545/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-6438101247983616

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Steven Liu 
Signed-off-by: Michael Niedermayer 
(cherry picked from commit a8fd3f7fab83e1beea1c441e1a2e538e7aa431a5)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6d4c5f4e2b3c4101bcd02855bf5d8bdbdd5b
---

 libavformat/hls.c | 8 +++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/libavformat/hls.c b/libavformat/hls.c
index 7915ee7996..0b55507790 100644
--- a/libavformat/hls.c
+++ b/libavformat/hls.c
@@ -742,10 +742,16 @@ static int parse_playlist(HLSContext *c, const char *url,
);
 new_rendition(c, , url);
 } else if (av_strstart(line, "#EXT-X-TARGETDURATION:", )) {
+int64_t t;
 ret = ensure_playlist(c, , url);
 if (ret < 0)
 goto fail;
-pls->target_duration = strtoll(ptr, NULL, 10) * AV_TIME_BASE;
+t = strtoll(ptr, NULL, 10);
+if (t < 0 || t >= INT64_MAX / AV_TIME_BASE) {
+ret = AVERROR_INVALIDDATA;
+goto fail;
+}
+pls->target_duration = t * AV_TIME_BASE;
 } else if (av_strstart(line, "#EXT-X-MEDIA-SEQUENCE:", )) {
 ret = ensure_playlist(c, , url);
 if (ret < 0)

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/matroskadec: Check pre_ns

2022-04-18 Thread Michael Niedermayer

ffmpeg | branch: release/3.2 | Michael Niedermayer  | 
Sun Feb 13 15:20:02 2022 +0100| [73bb1853b2fb305f77fdff795cd12d65d82894fb] | 
committer: Michael Niedermayer

avformat/matroskadec: Check pre_ns

Fixes: division by 0
Fixes: 
44615/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6681108677263360

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 710e51677a6f3a5c2b37dc31a597957a22a5e531)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=73bb1853b2fb305f77fdff795cd12d65d82894fb
---

 libavformat/matroskadec.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index 68c1c7024b..08207a8a3a 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -3679,6 +3679,8 @@ static int64_t 
webm_dash_manifest_compute_bandwidth(AVFormatContext *s, int64_t
 // prebuffered.
 pre_bytes = desc_end.end_offset - desc_end.start_offset;
 pre_ns = desc_end.end_time_ns - desc_end.start_time_ns;
+if (pre_ns <= 0)
+return -1;
 pre_sec = pre_ns / nano_seconds_per_second;
 prebuffer_bytes +=
 pre_bytes * ((temp_prebuffer_ns / nano_seconds_per_second) / 
pre_sec);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/sonic: Use unsigned for predictor_k to avoid undefined behavior

2022-04-18 Thread Michael Niedermayer

ffmpeg | branch: release/3.2 | Michael Niedermayer  | 
Tue Feb  8 00:43:56 2022 +0100| [8e68f7f7ba55393bcd25c8ddd1c77dd47e081474] | 
committer: Michael Niedermayer

avcodec/sonic: Use unsigned for predictor_k to avoid undefined behavior

Fixes: signed integer overflow: -1094995529 * 24 cannot be represented in type 
'int'
Fixes: 
44436/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-4874459459223552

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 28008bf95ed9b2ab5945ae6658358ad7c7f1df35)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8e68f7f7ba55393bcd25c8ddd1c77dd47e081474
---

 libavcodec/sonic.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/sonic.c b/libavcodec/sonic.c
index 7e4427f748..05351ba859 100644
--- a/libavcodec/sonic.c
+++ b/libavcodec/sonic.c
@@ -1018,7 +1018,7 @@ static int sonic_decode_frame(AVCodecContext *avctx,
 
 // dequantize
 for (i = 0; i < s->num_taps; i++)
-s->predictor_k[i] *= s->tap_quant[i];
+s->predictor_k[i] *= (unsigned) s->tap_quant[i];
 
 if (s->lossless)
 quant = 1;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/matroskadec: Use rounded down duration in get_cue_desc() check

2022-04-18 Thread Michael Niedermayer

ffmpeg | branch: release/3.2 | Michael Niedermayer  | 
Thu Mar 10 23:24:49 2022 +0100| [aee90d406464baf25ee1dfbf0d3b2a2530d2f61d] | 
committer: Michael Niedermayer

avformat/matroskadec: Use rounded down duration in get_cue_desc() check

Floating point is evil, it would be better if duration was not a double

Fixes: Infinite loop
Fixes: 
45123/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6725052291219456

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit bd3a03db9aef72ee36a7cc964171e9f52967f4bc)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=aee90d406464baf25ee1dfbf0d3b2a2530d2f61d
---

 libavformat/matroskadec.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index 6344f06282..68c1c7024b 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -3495,7 +3495,9 @@ static CueDesc get_cue_desc(AVFormatContext *s, int64_t 
ts, int64_t cues_start)
 int i;
 int nb_index_entries = s->streams[0]->nb_index_entries;
 AVIndexEntry *index_entries = s->streams[0]->index_entries;
-if (ts >= matroska->duration * matroska->time_scale) return (CueDesc) {-1, 
-1, -1, -1};
+
+if (ts >= (int64_t)(matroska->duration * matroska->time_scale))
+return (CueDesc) {-1, -1, -1, -1};
 for (i = 1; i < nb_index_entries; i++) {
 if (index_entries[i - 1].timestamp * matroska->time_scale <= ts &&
 index_entries[i].timestamp * matroska->time_scale > ts) {

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/rmdec: Better duplicate tags check

2022-04-18 Thread Michael Niedermayer

ffmpeg | branch: release/3.2 | Michael Niedermayer  | 
Thu Feb 24 00:26:08 2022 +0100| [2063db041e5c756dff4dbcafdd8c63f9caf30cb9] | 
committer: Michael Niedermayer

avformat/rmdec: Better duplicate tags check

Fixes: memleaks
Fixes: 
44810/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-5619494647627776

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 15a646e5018078a0954918f510f819a5599f0445)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2063db041e5c756dff4dbcafdd8c63f9caf30cb9
---

 libavformat/rmdec.c | 9 +
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c
index 29ed4d706e..7b9097e7ec 100644
--- a/libavformat/rmdec.c
+++ b/libavformat/rmdec.c
@@ -131,10 +131,6 @@ static int rm_read_audio_stream_info(AVFormatContext *s, 
AVIOContext *pb,
 uint32_t version;
 int ret;
 
-// Duplicate tags
-if (st->codecpar->codec_type == AVMEDIA_TYPE_AUDIO)
-return AVERROR_INVALIDDATA;
-
 /* ra type header */
 version = avio_rb16(pb); /* version */
 if (version == 3) {
@@ -333,6 +329,11 @@ int ff_rm_read_mdpr_codecdata(AVFormatContext *s, 
AVIOContext *pb,
 if (codec_data_size == 0)
 return 0;
 
+// Duplicate tags
+if (   st->codecpar->codec_type != AVMEDIA_TYPE_UNKNOWN
+&& st->codecpar->codec_type != AVMEDIA_TYPE_DATA)
+return AVERROR_INVALIDDATA;
+
 avpriv_set_pts_info(st, 64, 1, 1000);
 codec_pos = avio_tell(pb);
 v = avio_rb32(pb);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/avidec: Check height

2022-04-18 Thread Michael Niedermayer

ffmpeg | branch: release/3.2 | Michael Niedermayer  | 
Sun Feb 27 21:44:29 2022 +0100| [34f075f3ff6ff194662dba00645e0deb2f4005b8] | 
committer: Michael Niedermayer

avformat/avidec: Check height

Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an 
unsigned type to negate this value to itself
Fixes: Ticket8486

Signed-off-by: Michael Niedermayer 
(cherry picked from commit ec8ff659f57786c4cb089b07dfeab7e5cbab8d52)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=34f075f3ff6ff194662dba00645e0deb2f4005b8
---

 libavformat/avidec.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavformat/avidec.c b/libavformat/avidec.c
index 20ce107f34..b8dd3bafab 100644
--- a/libavformat/avidec.c
+++ b/libavformat/avidec.c
@@ -841,6 +841,8 @@ FF_ENABLE_DEPRECATION_WARNINGS
 memcpy(st->codecpar->extradata + 
st->codecpar->extradata_size - 9,
"BottomUp", 9);
 }
+if (st->codecpar->height == INT_MIN)
+return AVERROR_INVALIDDATA;
 st->codecpar->height = FFABS(st->codecpar->height);
 
 //avio_skip(pb, size - 5 * 4);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/mov: Disallow empty sidx

2022-04-18 Thread Michael Niedermayer

ffmpeg | branch: release/3.2 | Michael Niedermayer  | 
Wed Mar  2 13:01:53 2022 +0100| [4e7092faaa492d8ac9580a05da8884245a193b4e] | 
committer: Michael Niedermayer

avformat/mov: Disallow empty sidx

It appears this is not allowed "Each Segment Index box documents how a 
(sub)segment is divided into one or more subsegments
(which may themselves be further subdivided using Segment Index boxes)."
Fixes: Null pointer dereference
Fixes: Ticket9517

Reviewed-by: Paul B Mahol 
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 4419433d77278cb742944c4514be5f72a04103c0)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4e7092faaa492d8ac9580a05da8884245a193b4e
---

 libavformat/mov.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index 71e68dc9a4..4df3bb2f21 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -4357,7 +4357,7 @@ static int mov_read_sidx(MOVContext *c, AVIOContext *pb, 
MOVAtom atom)
 index->track_id = track_id;
 
 index->item_count = avio_rb16(pb);
-index->items = av_mallocz_array(index->item_count, 
sizeof(MOVFragmentIndexItem));
+index->items = index->item_count ? av_mallocz_array(index->item_count, 
sizeof(MOVFragmentIndexItem)) : NULL;
 
 if (!index->items) {
 av_freep();

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/matroskadec: Check duration

2022-04-18 Thread Michael Niedermayer

ffmpeg | branch: release/3.2 | Michael Niedermayer  | 
Mon Feb 14 20:01:35 2022 +0100| [a8744292982217c9183c616b06c1a4ab9acb223f] | 
committer: Michael Niedermayer

avformat/matroskadec: Check duration

Fixes: -nan is outside the range of representable values of type 'long'
Fixes: 
44614/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6216204841254912

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt 
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 36680078ca3302496d9b0b8a8d7168ce9eabb2bc)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a8744292982217c9183c616b06c1a4ab9acb223f
---

 libavformat/matroskadec.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index ce886bda3a..6344f06282 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -2490,6 +2490,8 @@ static int matroska_read_header(AVFormatContext *s)
 
 if (!matroska->time_scale)
 matroska->time_scale = 100;
+if (isnan(matroska->duration))
+matroska->duration = 0;
 if (matroska->duration)
 matroska->ctx->duration = matroska->duration * matroska->time_scale *
   1000 / AV_TIME_BASE;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/jpeglsdec: Check get_ur_golomb_jpegls() for error

2022-04-18 Thread Michael Niedermayer

ffmpeg | branch: release/3.2 | Michael Niedermayer  | 
Sat Feb 12 22:02:13 2022 +0100| [df52930a84eb85625e088015436f1b972361ac6f] | 
committer: Michael Niedermayer

avcodec/jpeglsdec: Check get_ur_golomb_jpegls() for error

Fixes: Timeout
Fixes: Invalid shift
Fixes: 
44548/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-556487680891289
Fixes: 
44569/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AMV_fuzzer-6302543246917632
Fixes: 
44570/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THP_fuzzer-4550196556595200
Fixes: 
44592/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5651610385121280
Fixes: 
44571/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5094698987945984
Fixes: 
44607/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5341352013987840

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 151f83584eeb1912c8bdcd0c1ab1296e8664a0de)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=df52930a84eb85625e088015436f1b972361ac6f
---

 libavcodec/jpeglsdec.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavcodec/jpeglsdec.c b/libavcodec/jpeglsdec.c
index 1373288adb..b02f58c63b 100644
--- a/libavcodec/jpeglsdec.c
+++ b/libavcodec/jpeglsdec.c
@@ -195,6 +195,8 @@ static inline int ls_get_code_runterm(GetBitContext *gb, 
JLSState *state,
 #endif
 ret = get_ur_golomb_jpegls(gb, k, state->limit - limit_add - 1,
state->qbpp);
+if (ret < 0)
+return -0x1;
 
 /* decode mapped error */
 map = 0;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/jpeglsdec: Fix if( code style

2022-04-18 Thread Michael Niedermayer

ffmpeg | branch: release/3.2 | Michael Niedermayer  | 
Tue Feb 15 21:01:06 2022 +0100| [d1234b92b3e4d746e14c79652e54b44efd3ab964] | 
committer: Michael Niedermayer

avcodec/jpeglsdec: Fix if( code style

Signed-off-by: Michael Niedermayer 
(cherry picked from commit f306b8e80ab04cfd8f6cd577a4484cb791d6e765)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d1234b92b3e4d746e14c79652e54b44efd3ab964
---

 libavcodec/jpeglsdec.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/libavcodec/jpeglsdec.c b/libavcodec/jpeglsdec.c
index b02f58c63b..55d2bcc6e1 100644
--- a/libavcodec/jpeglsdec.c
+++ b/libavcodec/jpeglsdec.c
@@ -67,7 +67,7 @@ int ff_jpegls_decode_lse(MJpegDecodeContext *s)
 s->t3 = get_bits(>gb, 16);
 s->reset  = get_bits(>gb, 16);
 
-if(s->avctx->debug & FF_DEBUG_PICT_INFO) {
+if (s->avctx->debug & FF_DEBUG_PICT_INFO) {
 av_log(s->avctx, AV_LOG_DEBUG, "Coding parameters maxval:%d T1:%d 
T2:%d T3:%d reset:%d\n",
s->maxval, s->t1, s->t2, s->t3, s->reset);
 }
@@ -96,7 +96,7 @@ int ff_jpegls_decode_lse(MJpegDecodeContext *s)
 else
 maxtab = 65530/wt - 1;
 
-if(s->avctx->debug & FF_DEBUG_PICT_INFO) {
+if (s->avctx->debug & FF_DEBUG_PICT_INFO) {
 av_log(s->avctx, AV_LOG_DEBUG, "LSE palette %d tid:%d wt:%d 
maxtab:%d\n", id, tid, wt, maxtab);
 }
 if (maxtab >= 256) {
@@ -211,7 +211,7 @@ static inline int ls_get_code_runterm(GetBitContext *gb, 
JLSState *state,
 ret = ret >> 1;
 }
 
-if(FFABS(ret) > 0x)
+if (FFABS(ret) > 0x)
 return -0x1;
 /* update state */
 state->A[Q] += FFABS(ret) - RItype;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/motion_est: fix indention of ff_get_best_fcode()

2022-04-18 Thread Michael Niedermayer

ffmpeg | branch: release/3.2 | Michael Niedermayer  | 
Wed Feb  9 10:31:34 2022 +0100| [09153537771ff3f4f4f6ab2151742db3c614f831] | 
committer: Michael Niedermayer

avcodec/motion_est: fix indention of ff_get_best_fcode()

Signed-off-by: Michael Niedermayer 
(cherry picked from commit ce43e1c581b4ed539ab366cc3df458779e8a44b8)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=09153537771ff3f4f4f6ab2151742db3c614f831
---

 libavcodec/motion_est.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/libavcodec/motion_est.c b/libavcodec/motion_est.c
index 5fb5e5e6e7..8374d66057 100644
--- a/libavcodec/motion_est.c
+++ b/libavcodec/motion_est.c
@@ -1642,9 +1642,9 @@ int ff_get_best_fcode(MpegEncContext * s, int16_t 
(*mv_table)[2], int type)
  fcode_tab[my + MAX_MV]);
 int j;
 
-if(mx >= range || mx < -range ||
-   my >= range || my < -range)
-continue;
+if (mx >= range || mx < -range ||
+my >= range || my < -range)
+continue;
 
 for(j=0; jpict_type==AV_PICTURE_TYPE_B || 
s->current_picture.mc_mb_var[xy] < s->current_picture.mb_var[xy])

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/matroskadec: Check desc_bytes

2022-04-18 Thread Michael Niedermayer

ffmpeg | branch: release/3.2 | Michael Niedermayer  | 
Sat Feb  5 20:37:22 2022 +0100| [c787a2733596c942d266fe822f3486aad9b3b3f6] | 
committer: Michael Niedermayer

avformat/matroskadec: Check desc_bytes

Fixes: Division by 0
Fixes: 
44035/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-4826721386364928

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 5038933977d06d1048b41d71e0ada4d1ac536ddc)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c787a2733596c942d266fe822f3486aad9b3b3f6
---

 libavformat/matroskadec.c | 12 
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index 48e9c1263f..ce886bda3a 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -3686,12 +3686,16 @@ static int64_t 
webm_dash_manifest_compute_bandwidth(AVFormatContext *s, int64_t
 do {
 int64_t desc_bytes = desc_end.end_offset - 
desc_beg.start_offset;
 int64_t desc_ns = desc_end.end_time_ns - 
desc_beg.start_time_ns;
-double desc_sec = desc_ns / nano_seconds_per_second;
-double calc_bits_per_second = (desc_bytes * 8) / desc_sec;
+double desc_sec, calc_bits_per_second, percent, 
mod_bits_per_second;
+if (desc_bytes <= 0)
+return -1;
+
+desc_sec = desc_ns / nano_seconds_per_second;
+calc_bits_per_second = (desc_bytes * 8) / desc_sec;
 
 // Drop the bps by the percentage of bytes buffered.
-double percent = (desc_bytes - prebuffer_bytes) / desc_bytes;
-double mod_bits_per_second = calc_bits_per_second * percent;
+percent = (desc_bytes - prebuffer_bytes) / desc_bytes;
+mod_bits_per_second = calc_bits_per_second * percent;
 
 if (prebuffer < desc_sec) {
 double search_sec =

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/matroskadec: Fix infinite loop with bz decompression

2022-04-18 Thread Michael Niedermayer

ffmpeg | branch: release/3.2 | Michael Niedermayer  | 
Thu Feb  3 22:46:55 2022 +0100| [28a1cc81382885b2c9f086d3b954c4ea7ad54f0e] | 
committer: Michael Niedermayer

avformat/matroskadec: Fix infinite loop with bz decompression

The same check is added to zlib too, it seems not needed there though

Fixes: Infinite loop
Fixes: 
43932/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-6175167573786624

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt 
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 9c3d2cbb510674226b0c8fa6b146bf891f83786c)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=28a1cc81382885b2c9f086d3b954c4ea7ad54f0e
---

 libavformat/matroskadec.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index 4faaf86c2c..48e9c1263f 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -1369,7 +1369,7 @@ static int matroska_decode_buffer(uint8_t **buf, int 
*buf_size,
 case MATROSKA_TRACK_ENCODING_COMP_ZLIB:
 {
 z_stream zstream = { 0 };
-if (inflateInit() != Z_OK)
+if (!pkt_size || inflateInit() != Z_OK)
 return -1;
 zstream.next_in  = data;
 zstream.avail_in = isize;
@@ -1402,7 +1402,7 @@ static int matroska_decode_buffer(uint8_t **buf, int 
*buf_size,
 case MATROSKA_TRACK_ENCODING_COMP_BZLIB:
 {
 bz_stream bzstream = { 0 };
-if (BZ2_bzDecompressInit(, 0, 0) != BZ_OK)
+if (!pkt_size || BZ2_bzDecompressInit(, 0, 0) != BZ_OK)
 return -1;
 bzstream.next_in  = data;
 bzstream.avail_in = isize;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/jpeglsdec: Increase range for N in ls_get_code_runterm() by using unsigned

2022-04-18 Thread Michael Niedermayer

ffmpeg | branch: release/3.2 | Michael Niedermayer  | 
Sat Feb  5 20:41:08 2022 +0100| [fbffe564768373335d5f4ecc1f1278ab06a1ff92] | 
committer: Michael Niedermayer

avcodec/jpeglsdec: Increase range for N in ls_get_code_runterm() by using 
unsigned

Fixes: left shift of 32768 by 16 places cannot be represented in type 'int'
Fixes: Timeout
Fixes: 
44219/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMVJPEG_fuzzer-4679455379947520
Fixes: 
44088/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMVJPEG_fuzzer-4885976600674304

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 6ee283d7d001cfcfec94a023e172bca731e96514)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fbffe564768373335d5f4ecc1f1278ab06a1ff92
---

 libavcodec/jpeglsdec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/jpeglsdec.c b/libavcodec/jpeglsdec.c
index 176300cd2f..1373288adb 100644
--- a/libavcodec/jpeglsdec.c
+++ b/libavcodec/jpeglsdec.c
@@ -186,7 +186,7 @@ static inline int ls_get_code_runterm(GetBitContext *gb, 
JLSState *state,
 if (RItype)
 temp += state->N[Q] >> 1;
 
-for (k = 0; (state->N[Q] << k) < temp; k++)
+for (k = 0; ((unsigned)state->N[Q] << k) < temp; k++)
 ;
 
 #ifdef JLS_BROKEN

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/motion_est: Fix xy indexing on range violation in ff_get_best_fcode()

2022-04-18 Thread Michael Niedermayer

ffmpeg | branch: release/3.2 | Michael Niedermayer  | 
Tue Feb  8 21:38:50 2022 +0100| [a198d7ab26a8b9756b71d20c1075957fb2fc2bc0] | 
committer: Michael Niedermayer

avcodec/motion_est: Fix xy indexing on range violation in ff_get_best_fcode()

This codepath seems untested, no testcases change

Found-by: 
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 634312a70f4d5afd40058c52b4d8eade1da07a70)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a198d7ab26a8b9756b71d20c1075957fb2fc2bc0
---

 libavcodec/motion_est.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/libavcodec/motion_est.c b/libavcodec/motion_est.c
index 25b606f819..5fb5e5e6e7 100644
--- a/libavcodec/motion_est.c
+++ b/libavcodec/motion_est.c
@@ -1634,7 +1634,7 @@ int ff_get_best_fcode(MpegEncContext * s, int16_t 
(*mv_table)[2], int type)
 for(y=0; ymb_height; y++){
 int x;
 int xy= y*s->mb_stride;
-for(x=0; xmb_width; x++){
+for(x=0; xmb_width; x++, xy++){
 if(s->mb_type[xy] & type){
 int mx= mv_table[xy][0];
 int my= mv_table[xy][1];
@@ -1651,7 +1651,6 @@ int ff_get_best_fcode(MpegEncContext * s, int16_t 
(*mv_table)[2], int type)
 score[j]-= 170;
 }
 }
-xy++;
 }
 }
 

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/mov: Check size before subtraction

2022-04-18 Thread Michael Niedermayer

ffmpeg | branch: release/3.2 | Michael Niedermayer  | 
Mon Jan 17 14:26:05 2022 +0100| [446cfcf01a9bc03e0065936ce5b88d5a2f143d96] | 
committer: Michael Niedermayer

avformat/mov: Check size before subtraction

Fixes: signed integer overflow: -9223372036854775808 - 8 cannot be represented 
in type 'long'
Fixes: 
43542/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5237670148702208

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit d8d9d506a3de976b647bcbb8f76c7b8d30eff576)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=446cfcf01a9bc03e0065936ce5b88d5a2f143d96
---

 libavformat/mov.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index b6d97bf12a..71e68dc9a4 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -5033,6 +5033,8 @@ static int mov_read_default(MOVContext *c, AVIOContext 
*pb, MOVAtom atom)
 if (a.size == 0) {
 a.size = atom.size - total_size + 8;
 }
+if (a.size < 0)
+break;
 a.size -= 8;
 if (a.size < 0)
 break;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/utils: Fix invalid NULL pointer operation in ff_parse_key_value()

2022-04-18 Thread Michael Niedermayer

ffmpeg | branch: release/3.2 | Michael Niedermayer  | 
Fri Feb  4 00:44:32 2022 +0100| [73ca8b9a029b706cb09b6a65968bcff829a705ed] | 
committer: Michael Niedermayer

avformat/utils: Fix invalid NULL pointer operation in ff_parse_key_value()

Fixes: pointer index expression with base 0x overflowed to 
0x
Fixes: 
44012/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-5670607746891776

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 59328aabd2c789ae053e18a62a20a7addfd4d069)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=73ca8b9a029b706cb09b6a65968bcff829a705ed
---

 libavformat/utils.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/utils.c b/libavformat/utils.c
index 116c7f8d9a..28a3cfffd6 100644
--- a/libavformat/utils.c
+++ b/libavformat/utils.c
@@ -4643,7 +4643,7 @@ void ff_parse_key_value(const char *str, 
ff_parse_key_val_cb callback_get_buf,
 key_len = ptr - key;
 
 callback_get_buf(context, key, key_len, , _len);
-dest_end = dest + dest_len - 1;
+dest_end = dest ? dest + dest_len - 1 : NULL;
 
 if (*ptr == '\"') {
 ptr++;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/apedec: Fix integer overflows in predictor_update_3930()

2022-04-18 Thread Michael Niedermayer

ffmpeg | branch: release/3.2 | Michael Niedermayer  | 
Mon Jan  3 19:15:18 2022 +0100| [d577bde9748710572daf8fe010ec8011b9e23d34] | 
committer: Michael Niedermayer

avcodec/apedec: Fix integer overflows in predictor_update_3930()

Fixes: signed integer overflow: 1074134419 - -1075212485 cannot be represented 
in type 'int'
Fixes: 
43273/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-4706880883130368

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 0c9c9bbd01bd82c35b6a908592d9dd6d9f4bd4a0)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d577bde9748710572daf8fe010ec8011b9e23d34
---

 libavcodec/apedec.c | 16 
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/libavcodec/apedec.c b/libavcodec/apedec.c
index 276ed6ec50..2064bb26e2 100644
--- a/libavcodec/apedec.c
+++ b/libavcodec/apedec.c
@@ -1038,13 +1038,13 @@ static av_always_inline int 
predictor_update_3930(APEPredictor *p,
   const int delayA)
 {
 int32_t predictionA, sign;
-int32_t d0, d1, d2, d3;
+uint32_t d0, d1, d2, d3;
 
 p->buf[delayA] = p->lastA[filter];
 d0 = p->buf[delayA];
-d1 = p->buf[delayA] - p->buf[delayA - 1];
-d2 = p->buf[delayA - 1] - p->buf[delayA - 2];
-d3 = p->buf[delayA - 2] - p->buf[delayA - 3];
+d1 = p->buf[delayA] - (unsigned)p->buf[delayA - 1];
+d2 = p->buf[delayA - 1] - (unsigned)p->buf[delayA - 2];
+d3 = p->buf[delayA - 2] - (unsigned)p->buf[delayA - 3];
 
 predictionA = d0 * p->coeffsA[filter][0] +
   d1 * p->coeffsA[filter][1] +
@@ -1055,10 +1055,10 @@ static av_always_inline int 
predictor_update_3930(APEPredictor *p,
 p->filterA[filter] = p->lastA[filter] + ((int)(p->filterA[filter] * 31U) 
>> 5);
 
 sign = APESIGN(decoded);
-p->coeffsA[filter][0] += ((d0 < 0) * 2 - 1) * sign;
-p->coeffsA[filter][1] += ((d1 < 0) * 2 - 1) * sign;
-p->coeffsA[filter][2] += ((d2 < 0) * 2 - 1) * sign;
-p->coeffsA[filter][3] += ((d3 < 0) * 2 - 1) * sign;
+p->coeffsA[filter][0] += (((int32_t)d0 < 0) * 2 - 1) * sign;
+p->coeffsA[filter][1] += (((int32_t)d1 < 0) * 2 - 1) * sign;
+p->coeffsA[filter][2] += (((int32_t)d2 < 0) * 2 - 1) * sign;
+p->coeffsA[filter][3] += (((int32_t)d3 < 0) * 2 - 1) * sign;
 
 return p->filterA[filter];
 }

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/apedec: fix integer overflow in 8bit samples

2022-04-18 Thread Michael Niedermayer

ffmpeg | branch: release/3.2 | Michael Niedermayer  | 
Thu Dec 23 20:39:14 2021 +0100| [ee84c87edf11d5b7edfe0a48414c1d9057b26906] | 
committer: Michael Niedermayer

avcodec/apedec: fix integer overflow in 8bit samples

Fixes: signed integer overflow: 2147483542 + 128 cannot be represented in type 
'int'
Fixes: 
42812/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-6344057861832704

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 7cee3b37187dbf61dbebff023f07ceedfc0129bb)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ee84c87edf11d5b7edfe0a48414c1d9057b26906
---

 libavcodec/apedec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/apedec.c b/libavcodec/apedec.c
index 285f7178eb..276ed6ec50 100644
--- a/libavcodec/apedec.c
+++ b/libavcodec/apedec.c
@@ -1529,7 +1529,7 @@ static int ape_decode_frame(AVCodecContext *avctx, void 
*data,
 for (ch = 0; ch < s->channels; ch++) {
 sample8 = (uint8_t *)frame->data[ch];
 for (i = 0; i < blockstodecode; i++)
-*sample8++ = (s->decoded[ch][i] + 0x80) & 0xff;
+*sample8++ = (s->decoded[ch][i] + 0x80U) & 0xff;
 }
 break;
 case 16:

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/flvdec: timestamps cannot use the full int64 range

2022-04-18 Thread Michael Niedermayer

ffmpeg | branch: release/3.2 | Michael Niedermayer  | 
Thu Dec 23 20:36:16 2021 +0100| [da356c4edad595538511430d0eb436aa1c0af4b9] | 
committer: Michael Niedermayer

avformat/flvdec: timestamps cannot use the full int64 range

We do not support this as we multiply by 1000
Fixes: signed integer overflow: -45318575073853696 * 1000 cannot be represented 
in type 'long'
Fixes: 
42804/clusterfuzz-testcase-minimized-ffmpeg_dem_LIVE_FLV_fuzzer-4630325425209344

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit c217ca7718c8e24905d7ba9ede719ae040899476)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=da356c4edad595538511430d0eb436aa1c0af4b9
---

 libavformat/flvdec.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c
index da6f967262..b61ac7f973 100644
--- a/libavformat/flvdec.c
+++ b/libavformat/flvdec.c
@@ -422,6 +422,8 @@ static int parse_keyframes_index(AVFormatContext *s, 
AVIOContext *ioc, int64_t m
 d = av_int2double(avio_rb64(ioc));
 if (isnan(d) || d < INT64_MIN || d > INT64_MAX)
 goto invalid;
+if (current_array ==  && (d <= INT64_MIN / 1000 || d >= 
INT64_MAX / 1000))
+goto invalid;
 current_array[0][i] = d;
 }
 if (times && filepositions) {

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/vqavideo: reset accounting on error

2022-04-18 Thread Michael Niedermayer

ffmpeg | branch: release/3.2 | Michael Niedermayer  | 
Sun Dec 19 22:26:00 2021 +0100| [5650737134204ad71a59ff7350ba1b1dfc518fd4] | 
committer: Michael Niedermayer

avcodec/vqavideo: reset accounting on error

Fixes: Timeout (same growing chunk is decoded to failure repeatedly)
Fixes: 
42582/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VQA_fuzzer-6531195591065600

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit d8ea7a67ba62f5d4520e75e56b9954d80e7ff223)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5650737134204ad71a59ff7350ba1b1dfc518fd4
---

 libavcodec/vqavideo.c | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/libavcodec/vqavideo.c b/libavcodec/vqavideo.c
index 00229b6228..87c45ba9cd 100644
--- a/libavcodec/vqavideo.c
+++ b/libavcodec/vqavideo.c
@@ -592,13 +592,14 @@ static int vqa_decode_chunk(VqaContext *s, AVFrame *frame)
 if (s->partial_countdown <= 0) {
 bytestream2_init(>gb, s->next_codebook_buffer, 
s->next_codebook_buffer_index);
 /* decompress codebook */
-if ((res = decode_format80(s, s->next_codebook_buffer_index,
-   s->codebook, s->codebook_size, 0)) < 0)
-return res;
+res = decode_format80(s, s->next_codebook_buffer_index,
+  s->codebook, s->codebook_size, 0);
 
 /* reset accounting */
 s->next_codebook_buffer_index = 0;
 s->partial_countdown = s->partial_count;
+if (res < 0)
+return res;
 }
 }
 

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/alacdsp: fix integer overflow in decorrelate_stereo()

2022-04-18 Thread Michael Niedermayer

ffmpeg | branch: release/3.2 | Michael Niedermayer  | 
Thu Jul 23 23:34:15 2020 +0200| [3541d4960b58eb8e2e762e6c8e0629a52c053e5d] | 
committer: Michael Niedermayer

avcodec/alacdsp: fix integer overflow in decorrelate_stereo()

Fixes: signed integer overflow: -16777216 * 131 cannot be represented in type 
'int'
Fixes: 
23835/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5669943160078336
Fixes: 
41101/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-4636330705944576

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 68457c1e85122ffcadb0c909070dd210095fd2cd)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3541d4960b58eb8e2e762e6c8e0629a52c053e5d
---

 libavcodec/alacdsp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/alacdsp.c b/libavcodec/alacdsp.c
index 9996eb4319..8718d1b6b1 100644
--- a/libavcodec/alacdsp.c
+++ b/libavcodec/alacdsp.c
@@ -34,7 +34,7 @@ static void decorrelate_stereo(int32_t *buffer[2], int 
nb_samples,
 a = buffer[0][i];
 b = buffer[1][i];
 
-a -= (b * decorr_left_weight) >> decorr_shift;
+a -= (int)(b * (unsigned)decorr_left_weight) >> decorr_shift;
 b += a;
 
 buffer[0][i] = b;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/4xm: Check for duplicate track ids

2022-04-18 Thread Michael Niedermayer

ffmpeg | branch: release/3.2 | Michael Niedermayer  | 
Tue Dec  7 09:14:09 2021 +0100| [dc78fd9404c8aae189117c12c65cbd083c217d95] | 
committer: Michael Niedermayer

avformat/4xm: Check for duplicate track ids

Signed-off-by: Michael Niedermayer 
(cherry picked from commit dd949124793c722ed55dead9da245574ace81968)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=dc78fd9404c8aae189117c12c65cbd083c217d95
---

 libavformat/4xm.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavformat/4xm.c b/libavformat/4xm.c
index 7afdf252c5..2e73d9dd9e 100644
--- a/libavformat/4xm.c
+++ b/libavformat/4xm.c
@@ -148,6 +148,9 @@ static int parse_strk(AVFormatContext *s,
 memset(>tracks[fourxm->track_count], 0,
sizeof(AudioTrack) * (track + 1 - fourxm->track_count));
 fourxm->track_count = track + 1;
+} else {
+if (fourxm->tracks[track].bits)
+return AVERROR_INVALIDDATA;
 }
 fourxm->tracks[track].adpcm   = AV_RL32(buf + 12);
 fourxm->tracks[track].channels= AV_RL32(buf + 36);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/4xm: Consider max_streams on reallocating tracks array

2022-04-18 Thread Michael Niedermayer

ffmpeg | branch: release/3.2 | Michael Niedermayer  | 
Tue Dec  7 09:14:08 2021 +0100| [0bcd3550a4ddc441aae04fedfe2d80918be705ed] | 
committer: Michael Niedermayer

avformat/4xm: Consider max_streams on reallocating tracks array

Fixes: OOM
Fixes: 
41595/clusterfuzz-testcase-minimized-ffmpeg_dem_FOURXM_fuzzer-6355979363549184

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 0dcd95ef8a2e16ed930296567ab1044e33602a34)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0bcd3550a4ddc441aae04fedfe2d80918be705ed
---

 libavformat/4xm.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libavformat/4xm.c b/libavformat/4xm.c
index 9880060f84..7afdf252c5 100644
--- a/libavformat/4xm.c
+++ b/libavformat/4xm.c
@@ -136,7 +136,8 @@ static int parse_strk(AVFormatContext *s,
 return AVERROR_INVALIDDATA;
 
 track = AV_RL32(buf + 8);
-if ((unsigned)track >= UINT_MAX / sizeof(AudioTrack) - 1) {
+if ((unsigned)track >= UINT_MAX / sizeof(AudioTrack) - 1 ||
+track >= s->max_streams) {
 av_log(s, AV_LOG_ERROR, "current_track too large\n");
 return AVERROR_INVALIDDATA;
 }

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/mov: Check next offset in mov_read_dref()

2022-04-18 Thread Michael Niedermayer

ffmpeg | branch: release/3.2 | Michael Niedermayer  | 
Sat Dec  4 20:48:54 2021 +0100| [6cdc8b3c133a05f4d30654fcb0af3f3df51409e3] | 
committer: Michael Niedermayer

avformat/mov: Check next offset in mov_read_dref()

Fixes: signed integer overflow: 9223372036200463215 + 1109914409 cannot be 
represented in type 'long'
Fixes: 
41480/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6553086177443840

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 562021e2fd4d74589905d9c566c686394d2b0526)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6cdc8b3c133a05f4d30654fcb0af3f3df51409e3
---

 libavformat/mov.c | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index fde2a856ef..b6d97bf12a 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -590,11 +590,13 @@ static int mov_read_dref(MOVContext *c, AVIOContext *pb, 
MOVAtom atom)
 for (i = 0; i < entries; i++) {
 MOVDref *dref = >drefs[i];
 uint32_t size = avio_rb32(pb);
-int64_t next = avio_tell(pb) + size - 4;
+int64_t next = avio_tell(pb);
 
-if (size < 12)
+if (size < 12 || next < 0 || next > INT64_MAX - size)
 return AVERROR_INVALIDDATA;
 
+next += size - 4;
+
 dref->type = avio_rl32(pb);
 avio_rb32(pb); // version + flags
 av_log(c->fc, AV_LOG_TRACE, "type %.4s size %d\n", (char*)>type, 
size);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/apedec: Change avg to uint32_t

2022-04-18 Thread Michael Niedermayer

ffmpeg | branch: release/3.2 | Michael Niedermayer  | 
Fri Dec  3 17:58:50 2021 +0100| [5e8556dd369dc4d4e0cb7c886aca2762c8f28db5] | 
committer: Michael Niedermayer

avcodec/apedec: Change avg to uint32_t

Fixes: Integer overflow
Fixes: 
40973/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-6739312704618496

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Suggested-by: Anton Khirnov 
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 0ec75723a484405eb2f2ec2f9e58161b168ed8b0)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5e8556dd369dc4d4e0cb7c886aca2762c8f28db5
---

 libavcodec/apedec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/apedec.c b/libavcodec/apedec.c
index d9ff138b39..285f7178eb 100644
--- a/libavcodec/apedec.c
+++ b/libavcodec/apedec.c
@@ -101,7 +101,7 @@ typedef struct APEFilter {
 int16_t *historybuffer; ///< filter memory
 int16_t *delay; ///< filtered values
 
-int avg;
+uint32_t avg;
 } APEFilter;
 
 typedef struct APERice {

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/mxfdec: Check for duplicate mxf_read_index_entry_array()

2022-04-18 Thread Michael Niedermayer

ffmpeg | branch: release/3.2 | Michael Niedermayer  | 
Sun Dec  5 22:19:05 2021 +0100| [19a307f68d005d62dbac9dc75474a633bd95f03e] | 
committer: Michael Niedermayer

avformat/mxfdec: Check for duplicate mxf_read_index_entry_array()

Fixes: memleak
Fixes: 
41596/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-6439060204290048

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Tomas Härdin 
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 4f44a218e53cd92e64ba10a935bc1e7583c3e218)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=19a307f68d005d62dbac9dc75474a633bd95f03e
---

 libavformat/mxfdec.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
index 2f44c5ae08..2d06ace14a 100644
--- a/libavformat/mxfdec.c
+++ b/libavformat/mxfdec.c
@@ -900,6 +900,9 @@ static int mxf_read_index_entry_array(AVIOContext *pb, 
MXFIndexTableSegment *seg
 {
 int i, length;
 
+if (segment->temporal_offset_entries)
+return AVERROR_INVALIDDATA;
+
 segment->nb_index_entries = avio_rb32(pb);
 
 length = avio_rb32(pb);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/mov: Check for EOF in mov_read_glbl()

2022-04-18 Thread Michael Niedermayer

ffmpeg | branch: release/3.2 | Michael Niedermayer  | 
Sat Dec  4 20:11:35 2021 +0100| [8e09257dcaae88f956fb37347b4eeafd12ab4f07] | 
committer: Michael Niedermayer

avformat/mov: Check for EOF in mov_read_glbl()

Fixes: Infinite loop
Fixes: 
41351/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5433895854669824

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 59b4e7cbd87889c0bac710ac7f62782b637419a1)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8e09257dcaae88f956fb37347b4eeafd12ab4f07
---

 libavformat/mov.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index 6d18ceccbd..fde2a856ef 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -1672,6 +1672,8 @@ static int mov_read_glbl(MOVContext *c, AVIOContext *pb, 
MOVAtom atom)
 // wrap a whole fiel atom inside of a glbl atom.
 unsigned size = avio_rb32(pb);
 unsigned type = avio_rl32(pb);
+if (avio_feof(pb))
+return AVERROR_INVALIDDATA;
 avio_seek(pb, -8, SEEK_CUR);
 if (type == MKTAG('f','i','e','l') && size == atom.size)
 return mov_read_default(c, pb, atom);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avfilter/vf_gblur: fix heap-buffer overflow

2022-04-18 Thread Paul B Mahol

ffmpeg | branch: release/3.2 | Paul B Mahol  | Wed Oct 16 
12:13:04 2019 +0200| [f8b4426c10aa65f4c04847a50ebfdcb8782a49b7] | committer: 
Michael Niedermayer

avfilter/vf_gblur: fix heap-buffer overflow

Fixes #8282

(cherry picked from commit 64a805883d7223c868a683f0030837d859edd2ab)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f8b4426c10aa65f4c04847a50ebfdcb8782a49b7
---

 libavfilter/vf_gblur.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavfilter/vf_gblur.c b/libavfilter/vf_gblur.c
index 27b702998e..f640b506d3 100644
--- a/libavfilter/vf_gblur.c
+++ b/libavfilter/vf_gblur.c
@@ -222,7 +222,7 @@ static int config_input(AVFilterLink *inlink)
 
 s->nb_planes = av_pix_fmt_count_planes(inlink->format);
 
-s->buffer = av_malloc_array(inlink->w, inlink->h * sizeof(*s->buffer));
+s->buffer = av_malloc_array(FFALIGN(inlink->w, 16), FFALIGN(inlink->h, 16) 
* sizeof(*s->buffer));
 if (!s->buffer)
 return AVERROR(ENOMEM);
 

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/aiffdec: sanity check block_align

2022-04-18 Thread Michael Niedermayer

ffmpeg | branch: release/3.2 | Michael Niedermayer  | 
Sun Oct 31 00:10:39 2021 +0200| [fe11596a73606e107880b6b186613f299103a53d] | 
committer: Michael Niedermayer

avformat/aiffdec: sanity check block_align

Reviewed-by: Paul B Mahol 
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 93f7776921ed8c5219732210067016c3457e864d)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fe11596a73606e107880b6b186613f299103a53d
---

 libavformat/aiffdec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/aiffdec.c b/libavformat/aiffdec.c
index 3716de1621..d7a37fe207 100644
--- a/libavformat/aiffdec.c
+++ b/libavformat/aiffdec.c
@@ -350,7 +350,7 @@ got_sound:
 if (!st->codecpar->block_align && st->codecpar->codec_id == 
AV_CODEC_ID_QCELP) {
 av_log(s, AV_LOG_WARNING, "qcelp without wave chunk, assuming full 
rate\n");
 st->codecpar->block_align = 35;
-} else if (!st->codecpar->block_align) {
+} else if (st->codecpar->block_align <= 0) {
 av_log(s, AV_LOG_ERROR, "could not find COMM tag or invalid 
block_align value\n");
 return -1;
 }

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avfilter/vf_lenscorrection: fix division by zero

2022-04-18 Thread Paul B Mahol

ffmpeg | branch: release/3.2 | Paul B Mahol  | Sun Oct 13 
23:28:16 2019 +0200| [94e502e96b0870177e0af4c1e8718ac71475e374] | committer: 
Michael Niedermayer

avfilter/vf_lenscorrection: fix division by zero

Fixes #8265

(cherry picked from commit 19587c9332f5be4f6bc6d7b2b8ef3fd21dfeaa01)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=94e502e96b0870177e0af4c1e8718ac71475e374
---

 libavfilter/vf_lenscorrection.c | 6 ++
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/libavfilter/vf_lenscorrection.c b/libavfilter/vf_lenscorrection.c
index 239fe195bd..43f3c1b7d0 100644
--- a/libavfilter/vf_lenscorrection.c
+++ b/libavfilter/vf_lenscorrection.c
@@ -155,10 +155,8 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in)
 for (plane = 0; plane < rect->nb_planes; ++plane) {
 int hsub = plane == 1 || plane == 2 ? rect->hsub : 0;
 int vsub = plane == 1 || plane == 2 ? rect->vsub : 0;
-int hdiv = 1 << hsub;
-int vdiv = 1 << vsub;
-int w = rect->width / hdiv;
-int h = rect->height / vdiv;
+int w = AV_CEIL_RSHIFT(rect->width, hsub);
+int h = AV_CEIL_RSHIFT(rect->height, vsub);
 int xcenter = rect->cx * w;
 int ycenter = rect->cy * h;
 int k1 = rect->k1 * (1<<24);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/aiffdec: Check sample_rate

2022-04-18 Thread Michael Niedermayer

ffmpeg | branch: release/3.2 | Michael Niedermayer  | 
Sun Oct 31 00:02:04 2021 +0200| [2d2ed8b045bc90fd3c87309bcdf358f2d0fc84cb] | 
committer: Michael Niedermayer

avformat/aiffdec: Check sample_rate

Reviewed-by: Paul B Mahol 
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 1b04836dff9958e8bfdbed2746b8c40b1e119ecc)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2d2ed8b045bc90fd3c87309bcdf358f2d0fc84cb
---

 libavformat/aiffdec.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavformat/aiffdec.c b/libavformat/aiffdec.c
index 2387d12723..3716de1621 100644
--- a/libavformat/aiffdec.c
+++ b/libavformat/aiffdec.c
@@ -122,6 +122,9 @@ static int get_aiff_header(AVFormatContext *s, int size,
 sample_rate = val << exp;
 else
 sample_rate = (val + (1ULL<<(-exp-1))) >> -exp;
+if (sample_rate <= 0)
+return AVERROR_INVALIDDATA;
+
 par->sample_rate = sample_rate;
 if (size < 18)
 return AVERROR_INVALIDDATA;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/g729dec: Avoid computing invalid temporary pointers for ff_acelp_weighted_vector_sum()

2022-04-18 Thread Michael Niedermayer

ffmpeg | branch: release/3.2 | Michael Niedermayer  | 
Thu Oct 17 11:54:12 2019 +0200| [abf9627f70ed8467b1646d56205e61f965f11468] | 
committer: Michael Niedermayer

avcodec/g729dec: Avoid computing invalid temporary pointers for 
ff_acelp_weighted_vector_sum()

Fixes: Ticket8176

Reviewed-by: Paul B Mahol 
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 2c78a76cb0443f8a12a5eadc3b58373aa2f4ab22)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=abf9627f70ed8467b1646d56205e61f965f11468
---

 libavcodec/g729dec.c | 13 +++--
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/libavcodec/g729dec.c b/libavcodec/g729dec.c
index 908c12a73a..943ddf5297 100644
--- a/libavcodec/g729dec.c
+++ b/libavcodec/g729dec.c
@@ -536,12 +536,13 @@ static int decode_frame(AVCodecContext *avctx, void 
*data, int *got_frame_ptr,
   fc_v[i] = <
  \ fc_v[i] + gain_pitch * fc_v[i-pitch_delay], i >= 
pitch_delay
 */
-ff_acelp_weighted_vector_sum(fc + pitch_delay_int[i],
- fc + pitch_delay_int[i],
- fc, 1 << 14,
- av_clip(ctx->past_gain_pitch[0], 
SHARP_MIN, SHARP_MAX),
- 0, 14,
- SUBFRAME_SIZE - pitch_delay_int[i]);
+if (SUBFRAME_SIZE > pitch_delay_int[i])
+ff_acelp_weighted_vector_sum(fc + pitch_delay_int[i],
+ fc + pitch_delay_int[i],
+ fc, 1 << 14,
+ av_clip(ctx->past_gain_pitch[0], 
SHARP_MIN, SHARP_MAX),
+ 0, 14,
+ SUBFRAME_SIZE - pitch_delay_int[i]);
 
 memmove(ctx->past_gain_pitch+1, ctx->past_gain_pitch, 5 * 
sizeof(int16_t));
 ctx->past_gain_code[1] = ctx->past_gain_code[0];

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/flac_parser: Consider AV_INPUT_BUFFER_PADDING_SIZE

2022-04-18 Thread Michael Niedermayer

ffmpeg | branch: release/3.2 | Michael Niedermayer  | 
Thu Oct 21 13:25:59 2021 +0200| [a19bed14d6bd5554bec70234e24baddda108] | 
committer: Michael Niedermayer

avcodec/flac_parser: Consider AV_INPUT_BUFFER_PADDING_SIZE

Fixes: out if array read
Fixes: 
40109/clusterfuzz-testcase-minimized-ffmpeg_dem_FLAC_fuzzer-4805686811295744

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Mattias Wadman 
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a19bed14d6bd5554bec70234e24baddda108
---

 libavcodec/flac_parser.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libavcodec/flac_parser.c b/libavcodec/flac_parser.c
index fcd47162bf..40f3f72753 100644
--- a/libavcodec/flac_parser.c
+++ b/libavcodec/flac_parser.c
@@ -55,6 +55,7 @@
 
 /** largest possible size of flac header */
 #define MAX_FRAME_HEADER_SIZE 16
+#define MAX_FRAME_VERIFY_SIZE (MAX_FRAME_HEADER_SIZE)
 
 typedef struct FLACHeaderMarker {
 int offset;   /**< byte offset from start of FLACParseContext->buffer 
*/
@@ -169,7 +170,7 @@ static int find_headers_search_validate(FLACParseContext 
*fpc, int offset)
 uint8_t *header_buf;
 int size = 0;
 header_buf = flac_fifo_read_wrap(fpc, offset,
- MAX_FRAME_HEADER_SIZE,
+ MAX_FRAME_VERIFY_SIZE + 
AV_INPUT_BUFFER_PADDING_SIZE,
  >wrap_buf,
  >wrap_buf_allocated_size);
 if (frame_header_is_valid(fpc->avctx, header_buf, )) {

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/movenc: Fix segfault when remuxing rtp hint stream

2022-04-18 Thread Andreas Rheinhardt

ffmpeg | branch: release/3.2 | Andreas Rheinhardt 
 | Tue Sep 29 10:21:34 2020 +0200| 
[f1a77222da98dbe4b8eeda54d68deefe6adcd299] | committer: Michael Niedermayer

avformat/movenc: Fix segfault when remuxing rtp hint stream

When remuxing an rtp hint stream (or any stream with the tag "rtp "),
the mov muxer treats this as one of the rtp hint tracks it creates
internally when ordered to do so; yet this track lacks the
AVFormatContext for the hinting rtp muxer, leading to segfaults in
mov_write_udta_sdp() if a "trak" atom is written for this stream; if not,
the stream's codecpar is freed by mov_free() as if the mov muxer owned
it (it does for the internally created "rtp " tracks), but without
resetting st->codecpar, leading to double-frees lateron. This commit
therefore ignores said tag which makes rtp hint streams unremuxable.

This fixes tickets #8181 and #8186.

Signed-off-by: Andreas Rheinhardt 
(cherry picked from commit 22c3cd176079dd104ec7610ead697235b04396f1)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f1a77222da98dbe4b8eeda54d68deefe6adcd299
---

 libavformat/movenc.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/libavformat/movenc.c b/libavformat/movenc.c
index 374acd2874..e18ce112e5 100644
--- a/libavformat/movenc.c
+++ b/libavformat/movenc.c
@@ -1442,6 +1442,10 @@ static int mov_get_codec_tag(AVFormatContext *s, 
MOVTrack *track)
 {
 int tag = track->par->codec_tag;
 
+// "rtp " is used to distinguish internally created RTP-hint tracks
+// (with rtp_ctx) from other tracks.
+if (tag == MKTAG('r','t','p',' '))
+tag = 0;
 if (!tag || (s->strict_std_compliance >= FF_COMPLIANCE_NORMAL &&
  (track->par->codec_id == AV_CODEC_ID_DVVIDEO ||
   track->par->codec_id == AV_CODEC_ID_RAWVIDEO ||

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/tty: add probe function

2022-04-18 Thread Paul B Mahol

ffmpeg | branch: release/3.2 | Paul B Mahol  | Mon Jan 27 
21:53:08 2020 +0100| [7df2ff54e8ffc1ce59f3642de9658a789c8782aa] | committer: 
Michael Niedermayer

avformat/tty: add probe function

(cherry picked from commit 3bce9e9b3ea35c54ba793d7da99ea5157532)

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7df2ff54e8ffc1ce59f3642de9658a789c8782aa
---

 libavformat/tty.c | 21 -
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/libavformat/tty.c b/libavformat/tty.c
index b407645ee4..6228762e4a 100644
--- a/libavformat/tty.c
+++ b/libavformat/tty.c
@@ -34,6 +34,13 @@
 #include "internal.h"
 #include "sauce.h"
 
+static int isansicode(int x)
+{
+return x == 0x1B || x == 0x0A || x == 0x0D || (x >= 0x20 && x < 0x7f);
+}
+
+static const char tty_extensions[31] = "ans,art,asc,diz,ice,nfo,txt,vt";
+
 typedef struct TtyDemuxContext {
 AVClass *class;
 int chars_per_frame;
@@ -42,6 +49,17 @@ typedef struct TtyDemuxContext {
 AVRational framerate; /**< Set by a private option. */
 } TtyDemuxContext;
 
+static int read_probe(const AVProbeData *p)
+{
+int cnt = 0;
+
+for (int i = 0; i < p->buf_size; i++)
+cnt += !!isansicode(p->buf[i]);
+
+return (cnt * 100LL / p->buf_size) * (cnt > 400) *
+!!av_match_ext(p->filename, tty_extensions);
+}
+
 /**
  * Parse EFI header
  */
@@ -153,8 +171,9 @@ AVInputFormat ff_tty_demuxer = {
 .name   = "tty",
 .long_name  = NULL_IF_CONFIG_SMALL("Tele-typewriter"),
 .priv_data_size = sizeof(TtyDemuxContext),
+.read_probe = read_probe,
 .read_header= read_header,
 .read_packet= read_packet,
-.extensions = "ans,art,asc,diz,ice,nfo,txt,vt",
+.extensions = tty_extensions,
 .priv_class = _demuxer_class,
 };

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/ttadsp: Fix integer overflows in tta_filter_process_c()

2022-04-18 Thread Michael Niedermayer

ffmpeg | branch: release/3.2 | Michael Niedermayer  | 
Fri Oct 15 00:04:59 2021 +0200| [d57898b74b0a597a94e25971f05fa43face66ef4] | 
committer: Michael Niedermayer

avcodec/ttadsp: Fix integer overflows in tta_filter_process_c()

Fixes: signed integer overflow: 822841647 + 1647055738 cannot be represented in 
type 'int'
Fixes: 
39935/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-4592657142251520

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit f24028c798397af720acb838357785aa705a8122)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d57898b74b0a597a94e25971f05fa43face66ef4
---

 libavcodec/ttadsp.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/libavcodec/ttadsp.c b/libavcodec/ttadsp.c
index 1d1443aee0..99dd66a0c2 100644
--- a/libavcodec/ttadsp.c
+++ b/libavcodec/ttadsp.c
@@ -47,9 +47,9 @@ static void tta_filter_process_c(int32_t *qmi, int32_t *dx, 
int32_t *dl,
 *error = *in;
 *in += (round >> shift);
 
-dl[4] = -dl[5]; dl[5] = -dl[6];
-dl[6] = *in - dl[7]; dl[7] = *in;
-dl[5] += dl[6]; dl[4] += dl[5];
+dl[4] = -(unsigned)dl[5]; dl[5] = -(unsigned)dl[6];
+dl[6] = *in -(unsigned)dl[7]; dl[7] = *in;
+dl[5] += (unsigned)dl[6]; dl[4] += (unsigned)dl[5];
 }
 
 av_cold void ff_ttadsp_init(TTADSPContext *c)

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avutil/mathematics: Document av_rescale_rnd() behavior on non int64 results

2022-04-18 Thread Michael Niedermayer

ffmpeg | branch: release/3.2 | Michael Niedermayer  | 
Wed Oct 20 19:51:08 2021 +0200| [e8363735fb8338f67da542622111039782054e92] | 
committer: Michael Niedermayer

avutil/mathematics: Document av_rescale_rnd() behavior on non int64 results

Reviewed-by: Derek Buitenhuis 
Signed-off-by: Michael Niedermayer 
(cherry picked from commit e154353fdb73dc1b3c1519350244d5346f761850)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e8363735fb8338f67da542622111039782054e92
---

 libavutil/mathematics.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/libavutil/mathematics.h b/libavutil/mathematics.h
index 54901800ba..64d4137a60 100644
--- a/libavutil/mathematics.h
+++ b/libavutil/mathematics.h
@@ -134,6 +134,7 @@ int64_t av_rescale(int64_t a, int64_t b, int64_t c) 
av_const;
  *
  * The operation is mathematically equivalent to `a * b / c`, but writing that
  * directly can overflow, and does not support different rounding methods.
+ * If the result is not representable then INT64_MIN is returned.
  *
  * @see av_rescale(), av_rescale_q(), av_rescale_q_rnd()
  */

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] doc: install css files along html docs

2022-04-18 Thread Timo Rothenpieler

ffmpeg | branch: master | Timo Rothenpieler  | Thu Apr  
7 20:11:24 2022 +0200| [d5687236aba6fd31dd4369c290df9a5b1192e43e] | committer: 
Timo Rothenpieler

doc: install css files along html docs

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d5687236aba6fd31dd4369c290df9a5b1192e43e
---

 doc/Makefile | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/doc/Makefile b/doc/Makefile
index 58ca3fabd8..0f09783699 100644
--- a/doc/Makefile
+++ b/doc/Makefile
@@ -27,6 +27,9 @@ HTMLPAGES   = $(AVPROGS-yes:%=doc/%.html) 
$(AVPROGS-yes:%=doc/%-all.html) $(COMP
   doc/mailing-list-faq.html \
   doc/nut.html  \
   doc/platform.html \
+  doc/bootstrap.min.css \
+  doc/style.min.css \
+  doc/default.css   \
 
 TXTPAGES= doc/fate.txt  \
 

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

48 matches

Mail list logo