[FFmpeg-cvslog] avcodec/mscc & mwsc: Check loop counts before use
ffmpeg | branch: release/7.0 | Michael Niedermayer |
Sun May 12 00:43:48 2024 +0200| [a49a8dc0d69b916b856f57e9fb48aef1b4243751] |
committer: Michael Niedermayer
avcodec/mscc & mwsc: Check loop counts before use
This could cause timeouts
Fixes: CID1439568 Untrusted loop bound
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer
(cherry picked from commit e35fe3d8b9e345527a05b1ae958ac851fe09f1ed)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a49a8dc0d69b916b856f57e9fb48aef1b4243751
---
libavcodec/mscc.c | 6 ++
libavcodec/mwsc.c | 11 +++
2 files changed, 17 insertions(+)
diff --git a/libavcodec/mscc.c b/libavcodec/mscc.c
index d1d23e6751..e467b48baf 100644
--- a/libavcodec/mscc.c
+++ b/libavcodec/mscc.c
@@ -53,6 +53,9 @@ static int rle_uncompress(AVCodecContext *avctx,
GetByteContext *gb, PutByteCont
unsigned run = bytestream2_get_byte(gb);
if (run) {
+if (bytestream2_get_bytes_left_p(pb) < run * s->bpp)
+return AVERROR_INVALIDDATA;
+
switch (avctx->bits_per_coded_sample) {
case 8:
fill = bytestream2_get_byte(gb);
@@ -101,6 +104,9 @@ static int rle_uncompress(AVCodecContext *avctx,
GetByteContext *gb, PutByteCont
bytestream2_seek_p(pb, y * avctx->width * s->bpp + x * s->bpp,
SEEK_SET);
} else {
+if (bytestream2_get_bytes_left_p(pb) < copy * s->bpp)
+return AVERROR_INVALIDDATA;
+
for (j = 0; j < copy; j++) {
switch (avctx->bits_per_coded_sample) {
case 8:
diff --git a/libavcodec/mwsc.c b/libavcodec/mwsc.c
index f8c53c33ff..a7e8702580 100644
--- a/libavcodec/mwsc.c
+++ b/libavcodec/mwsc.c
@@ -50,6 +50,10 @@ static int rle_uncompress(GetByteContext *gb, PutByteContext
*pb, GetByteContext
if (run == 0) {
run = bytestream2_get_le32(gb);
+
+if (bytestream2_tell_p(pb) + width - w < run)
+return AVERROR_INVALIDDATA;
+
for (int j = 0; j < run; j++, w++) {
if (w == width) {
w = 0;
@@ -61,6 +65,10 @@ static int rle_uncompress(GetByteContext *gb, PutByteContext
*pb, GetByteContext
int pos = bytestream2_tell_p(pb);
bytestream2_seek(gbp, pos, SEEK_SET);
+
+if (pos + width - w < fill)
+return AVERROR_INVALIDDATA;
+
for (int j = 0; j < fill; j++, w++) {
if (w == width) {
w = 0;
@@ -72,6 +80,9 @@ static int rle_uncompress(GetByteContext *gb, PutByteContext
*pb, GetByteContext
intra = 0;
} else {
+if (bytestream2_tell_p(pb) + width - w < run)
+return AVERROR_INVALIDDATA;
+
for (int j = 0; j < run; j++, w++) {
if (w == width) {
w = 0;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/mpeg4videodec: assert impossible wrap points
ffmpeg | branch: release/7.0 | Michael Niedermayer | Sat May 11 22:08:21 2024 +0200| [b4fdbbe6aa805d867258e5fadc1b8682b0a65d4c] | committer: Michael Niedermayer avcodec/mpeg4videodec: assert impossible wrap points Helps: CID1473517 Uninitialized scalar variable Helps: CID1473497 Uninitialized scalar variable Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer (cherry picked from commit 8fc649b931a3cbc3a2dd9b50b75a9261a2fb4b49) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b4fdbbe6aa805d867258e5fadc1b8682b0a65d4c --- libavcodec/mpeg4videodec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/mpeg4videodec.c b/libavcodec/mpeg4videodec.c index 07de5d6d91..04a9ae504e 100644 --- a/libavcodec/mpeg4videodec.c +++ b/libavcodec/mpeg4videodec.c @@ -597,6 +597,8 @@ static int mpeg4_decode_sprite_trajectory(Mpeg4DecContext *ctx, GetBitContext *g ctx->sprite_shift[0] = alpha + beta + rho - min_ab; ctx->sprite_shift[1] = alpha + beta + rho - min_ab + 2; break; +default: +av_assert0(0); } /* try to simplify the situation */ if (sprite_delta[0][0] == a << ctx->sprite_shift[0] && ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/mpegvideo_enc: Fix potential overflow in RD
ffmpeg | branch: release/7.0 | Michael Niedermayer | Sun May 12 00:13:58 2024 +0200| [435b74c6a5d4e457d9526aa21e7a6e68926bf52c] | committer: Michael Niedermayer avcodec/mpegvideo_enc: Fix potential overflow in RD Fixes: CID1500285 Unintentional integer overflow Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer (cherry picked from commit b6b2b01025e016ce29e5add57305384a663edcfc) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=435b74c6a5d4e457d9526aa21e7a6e68926bf52c --- libavcodec/mpegvideo_enc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/mpegvideo_enc.c b/libavcodec/mpegvideo_enc.c index 9d048e3dec..c4c174a02e 100644 --- a/libavcodec/mpegvideo_enc.c +++ b/libavcodec/mpegvideo_enc.c @@ -1433,7 +1433,7 @@ static int estimate_best_b_count(MpegEncContext *s) goto fail; } -rd += (out_size * lambda2) >> (FF_LAMBDA_SHIFT - 3); +rd += (out_size * (uint64_t)lambda2) >> (FF_LAMBDA_SHIFT - 3); } /* get the delayed frames */ @@ -1442,7 +1442,7 @@ static int estimate_best_b_count(MpegEncContext *s) ret = out_size; goto fail; } -rd += (out_size * lambda2) >> (FF_LAMBDA_SHIFT - 3); +rd += (out_size * (uint64_t)lambda2) >> (FF_LAMBDA_SHIFT - 3); rd += c->error[0] + c->error[1] + c->error[2]; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/mpeg12dec: Use 64bit in bit computation
ffmpeg | branch: release/7.0 | Michael Niedermayer | Sat May 11 21:04:00 2024 +0200| [39da4ac79b3446d4ce0878b9eee5416b90655fcd] | committer: Michael Niedermayer avcodec/mpeg12dec: Use 64bit in bit computation I dont think this can actually overflow but 64bit seems reasonable to use Fixes: CID1521983 Unintentional integer overflow Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer (cherry picked from commit 4c725df059dd9a5f2071e204924105b3ceb74cbc) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=39da4ac79b3446d4ce0878b9eee5416b90655fcd --- libavcodec/mpeg12dec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/mpeg12dec.c b/libavcodec/mpeg12dec.c index 4ad1eb6572..d05d6355e0 100644 --- a/libavcodec/mpeg12dec.c +++ b/libavcodec/mpeg12dec.c @@ -2733,7 +2733,7 @@ static int ipu_decode_frame(AVCodecContext *avctx, AVFrame *frame, int ret; // Check for minimal intra MB size (considering mb header, luma & chroma dc VLC, ac EOB VLC) -if (avpkt->size*8LL < (avctx->width+15)/16 * ((avctx->height+15)/16) * (2 + 3*4 + 2*2 + 2*6)) +if (avpkt->size*8LL < (avctx->width+15)/16 * ((avctx->height+15)/16) * (2LL + 3*4 + 2*2 + 2*6)) return AVERROR_INVALIDDATA; ret = ff_get_buffer(avctx, frame, 0); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/vble: Check av_image_get_buffer_size() for failure
ffmpeg | branch: release/7.0 | Michael Niedermayer |
Sat May 18 00:32:43 2024 +0200| [68763d6a6ffc7bc561513469f43afb51047a4b09] |
committer: Michael Niedermayer
avcodec/vble: Check av_image_get_buffer_size() for failure
Fixes: CID1461482 Improper use of negative value
Sponsored-by: Sovereign Tech Fund
Reviewed-.by: "Xiang, Haihao"
Signed-off-by: Michael Niedermayer
(cherry picked from commit dd5379db5d83d8b06654582afe327daa6be678a3)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=68763d6a6ffc7bc561513469f43afb51047a4b09
---
libavcodec/vble.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libavcodec/vble.c b/libavcodec/vble.c
index 7711bf1bb1..d27ab658dd 100644
--- a/libavcodec/vble.c
+++ b/libavcodec/vble.c
@@ -191,6 +191,9 @@ static av_cold int vble_decode_init(AVCodecContext *avctx)
ctx->size = av_image_get_buffer_size(avctx->pix_fmt,
avctx->width, avctx->height, 1);
+if (ctx->size < 0)
+return ctx->size;
+
ctx->val = av_malloc_array(ctx->size, sizeof(*ctx->val));
if (!ctx->val) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/vqcdec: Check init_get_bits8() for failure
ffmpeg | branch: release/7.0 | Michael Niedermayer |
Sun May 19 00:47:11 2024 +0200| [c250e3b101d91e86681796941ef0eb2ad75148f3] |
committer: Michael Niedermayer
avcodec/vqcdec: Check init_get_bits8() for failure
Fixes: CID1516090 Unchecked return value
Sponsored-by: Sovereign Tech Fund
Reviewed-by: Peter Ross
Signed-off-by: Michael Niedermayer
(cherry picked from commit 6a9302739f5b20791eac7f40d9d999f87fd1)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c250e3b101d91e86681796941ef0eb2ad75148f3
---
libavcodec/vqcdec.c | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/libavcodec/vqcdec.c b/libavcodec/vqcdec.c
index dc9248d99f..dbcaba7b23 100644
--- a/libavcodec/vqcdec.c
+++ b/libavcodec/vqcdec.c
@@ -146,10 +146,13 @@ static int decode_vectors(VqcContext * s, const uint8_t *
buf, int size, int wid
GetBitContext gb;
uint8_t * vectors = s->vectors;
uint8_t * vectors_end = s->vectors + (width * height * 3) / 2;
+int ret;
memset(vectors, 0, 3 * width * height / 2);
-init_get_bits8(, buf, size);
+ret = init_get_bits8(, buf, size);
+if (ret < 0)
+return ret;
for (int i = 0; i < 3 * width * height / 2 / 32; i++) {
uint8_t * dst = vectors;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/vvc/dec: Check init_get_bits8() for failure
ffmpeg | branch: release/7.0 | Michael Niedermayer |
Sun May 19 01:21:37 2024 +0200| [b27c156c155887c2a0db6180162513d3a627e929] |
committer: Michael Niedermayer
avcodec/vvc/dec: Check init_get_bits8() for failure
Fixes: CID1560042 Unchecked return value
Sponsored-by: Sovereign Tech Fund
Reviewed-by: Nuo Mi
Signed-off-by: Michael Niedermayer
(cherry picked from commit 4a8506c794d92744514aac26ac9a1b898a7401ab)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b27c156c155887c2a0db6180162513d3a627e929
---
libavcodec/vvc/vvcdec.c | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/libavcodec/vvc/vvcdec.c b/libavcodec/vvc/vvcdec.c
index 2f8b84f63b..c29d59a330 100644
--- a/libavcodec/vvc/vvcdec.c
+++ b/libavcodec/vvc/vvcdec.c
@@ -511,6 +511,7 @@ static int slice_init_entry_points(SliceContext *sc,
int nb_eps= sh->r->num_entry_points + 1;
int ctu_addr = 0;
GetBitContext gb;
+int ret;
if (sc->nb_eps != nb_eps) {
eps_free(sc);
@@ -520,7 +521,9 @@ static int slice_init_entry_points(SliceContext *sc,
sc->nb_eps = nb_eps;
}
-init_get_bits8(, slice->data, slice->data_size);
+ret = init_get_bits8(, slice->data, slice->data_size);
+if (ret < 0)
+return ret;
for (int i = 0; i < sc->nb_eps; i++)
{
EntryPoint *ep = sc->eps + i;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/jpeg2000dec: remove ST=3 case
ffmpeg | branch: release/7.0 | Michael Niedermayer |
Fri May 10 16:07:04 2024 +0200| [8c5358c617efeb8ba303bfa9580bd70bbeff6307] |
committer: Michael Niedermayer
avcodec/jpeg2000dec: remove ST=3 case
Fixes: CID1460979 Logically dead code
Sponsored-by: Sovereign Tech Fund
Reviewed-by: Tomas Härdin
Signed-off-by: Michael Niedermayer
(cherry picked from commit 4ed4f9a6c0a99c823706bfc4bb4df53f963f2f5a)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8c5358c617efeb8ba303bfa9580bd70bbeff6307
---
libavcodec/jpeg2000dec.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c
index 4d28be3656..72aaefbdb3 100644
--- a/libavcodec/jpeg2000dec.c
+++ b/libavcodec/jpeg2000dec.c
@@ -834,9 +834,6 @@ static int get_tlm(Jpeg2000DecoderContext *s, int n)
case 2:
bytestream2_get_be16(>g);
break;
-case 3:
-bytestream2_get_be32(>g);
-break;
}
if (SP == 0) {
bytestream2_get_be16(>g);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/qsvdec: Check av_image_get_buffer_size() for failure
ffmpeg | branch: release/7.0 | Michael Niedermayer |
Mon May 13 02:05:56 2024 +0200| [1e67935ab196aa0072cfd84e1e2d3c99be71940d] |
committer: Michael Niedermayer
avcodec/qsvdec: Check av_image_get_buffer_size() for failure
Fixes: CID1477406 Improper use of negative value
Sponsored-by: Sovereign Tech Fund
Reviewed-by: "Xiang, Haihao"
Signed-off-by: Michael Niedermayer
(cherry picked from commit 8789c550faf4587527faf0bd4f6c6c5c64a04ae2)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1e67935ab196aa0072cfd84e1e2d3c99be71940d
---
libavcodec/qsvdec.c | 9 ++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/libavcodec/qsvdec.c b/libavcodec/qsvdec.c
index fd9267c6f4..bacb21afdf 100644
--- a/libavcodec/qsvdec.c
+++ b/libavcodec/qsvdec.c
@@ -378,9 +378,12 @@ static int qsv_decode_init_context(AVCodecContext *avctx,
QSVContext *q, mfxVide
q->frame_info = param->mfx.FrameInfo;
-if (!avctx->hw_frames_ctx)
-q->pool = av_buffer_pool_init(av_image_get_buffer_size(avctx->pix_fmt,
-FFALIGN(avctx->width, 128), FFALIGN(avctx->height, 64),
1), av_buffer_allocz);
+if (!avctx->hw_frames_ctx) {
+ret = av_image_get_buffer_size(avctx->pix_fmt, FFALIGN(avctx->width,
128), FFALIGN(avctx->height, 64), 1);
+if (ret < 0)
+return ret;
+q->pool = av_buffer_pool_init(ret, av_buffer_allocz);
+}
return 0;
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/vp3: Replace check by assert
ffmpeg | branch: release/7.0 | Michael Niedermayer | Sat May 18 03:16:08 2024 +0200| [3a0320e95a76e7ba6fe48a7e656b3b1d49cce1e9] | committer: Michael Niedermayer avcodec/vp3: Replace check by assert Fixes: CID1452425 Logically dead code Sponsored-by: Sovereign Tech Fund Reviewed-by: Peter Ross Signed-off-by: Michael Niedermayer (cherry picked from commit 1b991e77b9b19392214f6a788541bea5662de337) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3a0320e95a76e7ba6fe48a7e656b3b1d49cce1e9 --- libavcodec/vp3.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c index 89946135dc..96b0b66005 100644 --- a/libavcodec/vp3.c +++ b/libavcodec/vp3.c @@ -2007,8 +2007,7 @@ static int vp4_mc_loop_filter(Vp3DecodeContext *s, int plane, int motion_x, int x_offset = (-(x + 2) & 7) + 2; y_offset = (-(y + 2) & 7) + 2; -if (x_offset > 8 + x_subpel && y_offset > 8 + y_subpel) -return 0; +av_assert1(!(x_offset > 8 + x_subpel && y_offset > 8 + y_subpel)); s->vdsp.emulated_edge_mc(loop, motion_source - stride - 1, loop_stride, stride, ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/vp8: Forward return of ff_vpx_init_range_decoder()
ffmpeg | branch: release/7.0 | Michael Niedermayer | Sat May 18 03:06:46 2024 +0200| [7f05002e05e8c2809455f6e36557f9498c015e8b] | committer: Michael Niedermayer avcodec/vp8: Forward return of ff_vpx_init_range_decoder() Fixes: CID1507483 Unchecked return value Sponsored-by: Sovereign Tech Fund Reviewed-by: "Ronald S. Bultje" Signed-off-by: Michael Niedermayer (cherry picked from commit 63feed1519c5e38d6ce146f265c48592236e3abc) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7f05002e05e8c2809455f6e36557f9498c015e8b --- libavcodec/vp8.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libavcodec/vp8.c b/libavcodec/vp8.c index dd6c1b361b..3ebf1c2df9 100644 --- a/libavcodec/vp8.c +++ b/libavcodec/vp8.c @@ -354,9 +354,8 @@ static int setup_partitions(VP8Context *s, const uint8_t *buf, int buf_size) } s->coeff_partition_size[i] = buf_size; -ff_vpx_init_range_decoder(>coeff_partition[i], buf, buf_size); -return 0; +return ff_vpx_init_range_decoder(>coeff_partition[i], buf, buf_size); } static void vp7_get_quants(VP8Context *s) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/exr: Fix preview overflow
ffmpeg | branch: release/7.0 | Michael Niedermayer |
Fri May 3 23:25:10 2024 +0200| [14bd2b4b87cef5016ded50be8cf059c5d7d22edd] |
committer: Michael Niedermayer
avcodec/exr: Fix preview overflow
Fixes: CID1515456 Unintentional integer overflow
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer
(cherry picked from commit 36126e4c142e43cc703f4b8c535d388ac5e403a4)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=14bd2b4b87cef5016ded50be8cf059c5d7d22edd
---
libavcodec/exr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/exr.c b/libavcodec/exr.c
index e680f9b9e0..cf62953436 100644
--- a/libavcodec/exr.c
+++ b/libavcodec/exr.c
@@ -1942,7 +1942,7 @@ static int decode_header(EXRContext *s, AVFrame *frame)
"preview", 16)) >= 0) {
uint32_t pw = bytestream2_get_le32(gb);
uint32_t ph = bytestream2_get_le32(gb);
-uint64_t psize = pw * ph;
+uint64_t psize = pw * (uint64_t)ph;
if (psize > INT64_MAX / 4) {
ret = AVERROR_INVALIDDATA;
goto fail;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/decode: decode_simple_internal() only implements audio and video
ffmpeg | branch: release/7.0 | Michael Niedermayer |
Fri May 3 21:51:42 2024 +0200| [b01e6a7e0b961d44138bf683713563ac0fedac32] |
committer: Michael Niedermayer
avcodec/decode: decode_simple_internal() only implements audio and video
Fixes: CID1538861 Uninitialized scalar variable
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer
(cherry picked from commit e9bb586543d83fe0ed901834b853b6d64e327529)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b01e6a7e0b961d44138bf683713563ac0fedac32
---
libavcodec/decode.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libavcodec/decode.c b/libavcodec/decode.c
index 34bcb7cc64..ac18544b2e 100644
--- a/libavcodec/decode.c
+++ b/libavcodec/decode.c
@@ -428,7 +428,8 @@ FF_ENABLE_DEPRECATION_WARNINGS
} else if (avctx->codec->type == AVMEDIA_TYPE_AUDIO) {
ret = !got_frame ? AVERROR(EAGAIN)
: discard_samples(avctx, frame, discarded_samples);
-}
+} else
+av_assert0(0);
if (ret == AVERROR(EAGAIN))
av_frame_unref(frame);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/fmvc: remove dead assignment
ffmpeg | branch: release/7.0 | Michael Niedermayer | Sat May 4 23:29:26 2024 +0200| [271c364eb59c867284b113a8226e3520047b8293] | committer: Michael Niedermayer avcodec/fmvc: remove dead assignment Fixes: CID1529220 Unused value Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer (cherry picked from commit 96c116254527cc40b386f14b77e17fbe2388d5da) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=271c364eb59c867284b113a8226e3520047b8293 --- libavcodec/fmvc.c | 1 - 1 file changed, 1 deletion(-) diff --git a/libavcodec/fmvc.c b/libavcodec/fmvc.c index 5e26a541ca..a9e5afd17b 100644 --- a/libavcodec/fmvc.c +++ b/libavcodec/fmvc.c @@ -100,7 +100,6 @@ static int decode_type2(GetByteContext *gb, PutByteContext *pb) continue; } } -repeat = 0; } repeat = 1; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/h2645_sei: Remove dead checks
ffmpeg | branch: release/7.0 | Michael Niedermayer |
Mon May 6 01:00:17 2024 +0200| [15de2a9b969086cec71cea96ae8ab3961d1c03d8] |
committer: Michael Niedermayer
avcodec/h2645_sei: Remove dead checks
Fixes: CID1596534 Dereference after null check
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer
(cherry picked from commit fdaa6ae2b62de51ac0584b51feec7b2369799549)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=15de2a9b969086cec71cea96ae8ab3961d1c03d8
---
libavcodec/h2645_sei.c | 6 ++
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/libavcodec/h2645_sei.c b/libavcodec/h2645_sei.c
index afc103b69c..3b58d22d6f 100644
--- a/libavcodec/h2645_sei.c
+++ b/libavcodec/h2645_sei.c
@@ -621,8 +621,7 @@ int ff_h2645_sei_to_frame(AVFrame *frame, H2645SEI *sei,
if (!sd)
av_buffer_unref(>buf_ref);
a53->buf_ref = NULL;
-if (avctx)
-avctx->properties |= FF_CODEC_PROPERTY_CLOSED_CAPTIONS;
+avctx->properties |= FF_CODEC_PROPERTY_CLOSED_CAPTIONS;
}
for (unsigned i = 0; i < sei->unregistered.nb_buf_ref; i++) {
@@ -718,8 +717,7 @@ FF_ENABLE_DEPRECATION_WARNINGS
else
fgc->present = fgc->persistence_flag;
-if (avctx)
-avctx->properties |= FF_CODEC_PROPERTY_FILM_GRAIN;
+avctx->properties |= FF_CODEC_PROPERTY_FILM_GRAIN;
}
#if CONFIG_HEVC_SEI
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/h264_slice: Remove dead sps check
ffmpeg | branch: release/7.0 | Michael Niedermayer |
Mon May 6 03:17:26 2024 +0200| [402a2c730f9e74da4f0390f1513a7efc77dfde8f] |
committer: Michael Niedermayer
avcodec/h264_slice: Remove dead sps check
Fixes: CID1439574 Dereference after null check
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer
(cherry picked from commit a68aa951b21b8b7db0a5200bcfebc0a077a5f094)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=402a2c730f9e74da4f0390f1513a7efc77dfde8f
---
libavcodec/h264_slice.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/h264_slice.c b/libavcodec/h264_slice.c
index e9a404e41b..752735cc54 100644
--- a/libavcodec/h264_slice.c
+++ b/libavcodec/h264_slice.c
@@ -1396,7 +1396,7 @@ static int h264_field_start(H264Context *h, const
H264SliceContext *sl,
sps = h->ps.sps;
-if (sps && sps->bitstream_restriction_flag &&
+if (sps->bitstream_restriction_flag &&
h->avctx->has_b_frames < sps->num_reorder_frames) {
h->avctx->has_b_frames = sps->num_reorder_frames;
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/lpc: copy levenson coeffs only when they have been computed
ffmpeg | branch: release/7.0 | Michael Niedermayer | Sat May 11 20:50:44 2024 +0200| [e94527f38fdb90f347b0206d2ccd94cfd5925b99] | committer: Michael Niedermayer avcodec/lpc: copy levenson coeffs only when they have been computed Fixes: CID1473514 Uninitialized scalar variable Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer (cherry picked from commit c2d897f3566fdf5c190583c6f5197ead5abec2ed) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e94527f38fdb90f347b0206d2ccd94cfd5925b99 --- libavcodec/lpc.c | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libavcodec/lpc.c b/libavcodec/lpc.c index 53f5c3d379..88ab37e761 100644 --- a/libavcodec/lpc.c +++ b/libavcodec/lpc.c @@ -281,8 +281,10 @@ int ff_lpc_calc_coefs(LPCContext *s, double av_uninit(weight); memset(var, 0, FFALIGN(MAX_LPC_ORDER+1,4)*sizeof(*var)); -for(j=0; j 1) +for(j=0; jhttps://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avutil/tests/base64: Check with too short output array
ffmpeg | branch: release/7.0 | Michael Niedermayer |
Sat May 11 03:14:16 2024 +0200| [9eb6558fa91e2f3584769551dc396e189564f56d] |
committer: Michael Niedermayer
avutil/tests/base64: Check with too short output array
Signed-off-by: Michael Niedermayer
(cherry picked from commit c304784a86cc7e2af211ed80ce2121e788680a8e)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9eb6558fa91e2f3584769551dc396e189564f56d
---
libavutil/tests/base64.c | 10 ++
1 file changed, 10 insertions(+)
diff --git a/libavutil/tests/base64.c b/libavutil/tests/base64.c
index 400e01cefe..66d0fdc1fc 100644
--- a/libavutil/tests/base64.c
+++ b/libavutil/tests/base64.c
@@ -64,6 +64,16 @@ static int test_encode_decode(const uint8_t *data, unsigned
int data_size,
printf("Failed: decode to NULL buffer\n");
return 1;
}
+if (data_size > 0 && (data2_size = av_base64_decode(data2, encoded,
data_size - 1)) != data_size - 1) {
+printf("Failed: out of array write\n"
+ "Encoded:\n%s\n", encoded);
+return 1;
+}
+if (data_size > 1 && (data2_size = av_base64_decode(data2, encoded,
data_size - 2)) != data_size - 2) {
+printf("Failed: out of array write\n"
+ "Encoded:\n%s\n", encoded);
+return 1;
+}
if (strlen(encoded)) {
char *end = strchr(encoded, '=');
if (!end)
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] tools/opt_common: Check for malloc failure
ffmpeg | branch: release/7.0 | Michael Niedermayer |
Sun Apr 28 18:33:24 2024 +0200| [4d920afb825856a83f140ccc6b8f4bdb050e4cb7] |
committer: Michael Niedermayer
tools/opt_common: Check for malloc failure
Fixes: CID1539100 Negative loop bound
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer
(cherry picked from commit ba7038043a46420bc86b060dbb13b956ea50ac03)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4d920afb825856a83f140ccc6b8f4bdb050e4cb7
---
fftools/opt_common.c | 14 --
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/fftools/opt_common.c b/fftools/opt_common.c
index 947a226d8d..9d2d5184a0 100644
--- a/fftools/opt_common.c
+++ b/fftools/opt_common.c
@@ -724,10 +724,13 @@ int show_codecs(void *optctx, const char *opt, const char
*arg)
return 0;
}
-static void print_codecs(int encoder)
+static int print_codecs(int encoder)
{
const AVCodecDescriptor **codecs;
-unsigned i, nb_codecs = get_codecs_sorted();
+int i, nb_codecs = get_codecs_sorted();
+
+if (nb_codecs < 0)
+return nb_codecs;
printf("%s:\n"
" V. = Video\n"
@@ -762,18 +765,17 @@ static void print_codecs(int encoder)
}
}
av_free(codecs);
+return 0;
}
int show_decoders(void *optctx, const char *opt, const char *arg)
{
-print_codecs(0);
-return 0;
+return print_codecs(0);
}
int show_encoders(void *optctx, const char *opt, const char *arg)
{
-print_codecs(1);
-return 0;
+return print_codecs(1);
}
int show_bsfs(void *optctx, const char *opt, const char *arg)
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] libavutil/base64: Try not to write over the array end
ffmpeg | branch: release/7.0 | Michael Niedermayer | Sat May 11 03:13:17 2024 +0200| [b9985f105ed5ca9dd049cff7ea9a31bdd2f8ccf0] | committer: Michael Niedermayer libavutil/base64: Try not to write over the array end Signed-off-by: Michael Niedermayer (cherry picked from commit 2d216566f258badd07bc58de1e089b6e4175dc46) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b9985f105ed5ca9dd049cff7ea9a31bdd2f8ccf0 --- libavutil/base64.c | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libavutil/base64.c b/libavutil/base64.c index 3e66f4fcbe..69e11e6f5e 100644 --- a/libavutil/base64.c +++ b/libavutil/base64.c @@ -127,10 +127,12 @@ validity_check: } out3: -*dst++ = v >> 10; +if (end - dst) +*dst++ = v >> 10; v <<= 2; out2: -*dst++ = v >> 4; +if (end - dst) +*dst++ = v >> 4; out1: out0: return bits & 1 ? AVERROR_INVALIDDATA : out ? dst - out : 0; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/cbs_av1: Avoid shift overflow
ffmpeg | branch: release/7.0 | Michael Niedermayer | Wed May 1 21:44:33 2024 +0200| [559dd6f68af7041268a4ac4bda4cbfc935f1740d] | committer: Michael Niedermayer avcodec/cbs_av1: Avoid shift overflow Fixes: CID1465488 Unintentional integer overflow Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer (cherry picked from commit d7924a4f60f2088de1e6790345caba929eb97030) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=559dd6f68af7041268a4ac4bda4cbfc935f1740d --- libavcodec/cbs_av1.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/cbs_av1.c b/libavcodec/cbs_av1.c index 1d9ac5ab44..fb82996022 100644 --- a/libavcodec/cbs_av1.c +++ b/libavcodec/cbs_av1.c @@ -301,7 +301,7 @@ static int cbs_av1_write_increment(CodedBitstreamContext *ctx, PutBitContext *pb return AVERROR(ENOSPC); if (len > 0) -put_bits(pbc, len, (1 << len) - 1 - (value != range_max)); +put_bits(pbc, len, (1U << len) - 1 - (value != range_max)); CBS_TRACE_WRITE_END_NO_SUBSCRIPTS(); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] doc/examples/demux_decode: Simplify loop
ffmpeg | branch: release/7.0 | Michael Niedermayer | Wed Apr 24 03:08:14 2024 +0200| [c8a9e355146e8258a368be05f89ac8061c45be60] | committer: Michael Niedermayer doc/examples/demux_decode: Simplify loop Fixes: CID1463550 Logically dead code Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer (cherry picked from commit 91d27f7e02e5bec4b6e53cc7a7f15df8be017bb3) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c8a9e355146e8258a368be05f89ac8061c45be60 --- doc/examples/demux_decode.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/doc/examples/demux_decode.c b/doc/examples/demux_decode.c index f26611d8f4..64f5547bc4 100644 --- a/doc/examples/demux_decode.c +++ b/doc/examples/demux_decode.c @@ -138,11 +138,9 @@ static int decode_packet(AVCodecContext *dec, const AVPacket *pkt) ret = output_audio_frame(frame); av_frame_unref(frame); -if (ret < 0) -return ret; } -return 0; +return ret; } static int open_codec_context(int *stream_idx, ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] fftools/ffplay: Check return of swr_alloc_set_opts2()
ffmpeg | branch: release/7.0 | Michael Niedermayer |
Sun Apr 28 01:10:50 2024 +0200| [44b0e6a99f1d3adba1c9d3a799ecd90fbff47076] |
committer: Michael Niedermayer
fftools/ffplay: Check return of swr_alloc_set_opts2()
This probably makes no difference but its more correct
Fixes: CID1503080 Unchecked return value
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer
(cherry picked from commit f44f44155533822922f6d2f24e5c53c14e432612)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=44b0e6a99f1d3adba1c9d3a799ecd90fbff47076
---
fftools/ffplay.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/fftools/ffplay.c b/fftools/ffplay.c
index fcd1319ce7..69d0b09a6a 100644
--- a/fftools/ffplay.c
+++ b/fftools/ffplay.c
@@ -2394,12 +2394,13 @@ static int audio_decode_frame(VideoState *is)
av_channel_layout_compare(>frame->ch_layout,
>audio_src.ch_layout) ||
af->frame->sample_rate != is->audio_src.freq ||
(wanted_nb_samples != af->frame->nb_samples && !is->swr_ctx)) {
+int ret;
swr_free(>swr_ctx);
-swr_alloc_set_opts2(>swr_ctx,
+ret = swr_alloc_set_opts2(>swr_ctx,
>audio_tgt.ch_layout, is->audio_tgt.fmt,
is->audio_tgt.freq,
>frame->ch_layout, af->frame->format,
af->frame->sample_rate,
0, NULL);
-if (!is->swr_ctx || swr_init(is->swr_ctx) < 0) {
+if (ret < 0 || swr_init(is->swr_ctx) < 0) {
av_log(NULL, AV_LOG_ERROR,
"Cannot create sample rate converter for conversion of %d
Hz %s %d channels to %d Hz %s %d channels!\n",
af->frame->sample_rate,
av_get_sample_fmt_name(af->frame->format), af->frame->ch_layout.nb_channels,
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/concatdec: Check file
ffmpeg | branch: release/7.0 | Michael Niedermayer |
Tue Apr 30 00:47:31 2024 +0200| [4eccabcc262ab282bd16984518a49b409a32921d] |
committer: Michael Niedermayer
avformat/concatdec: Check file
Fixes: null pointer dereference
Fixes: -stream_loop 1 -ss 00:00:05 -i zgclab/ffmpeg_crash/poc2 -codec:v copy
-codec:a aac -y output.mp4
Found-by: Wang Dawei and Zhou Geng, from Zhongguancun Laboratory
Signed-off-by: Michael Niedermayer
(cherry picked from commit a5d1497f33afa17b6a3578b66638e69bf8a558de)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4eccabcc262ab282bd16984518a49b409a32921d
---
libavformat/concatdec.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/libavformat/concatdec.c b/libavformat/concatdec.c
index b1d0de18f1..93cab01ce0 100644
--- a/libavformat/concatdec.c
+++ b/libavformat/concatdec.c
@@ -638,6 +638,11 @@ static int concat_parse_script(AVFormatContext *avf)
}
}
+if (!file) {
+ret = AVERROR_INVALIDDATA;
+goto fail;
+}
+
if (file->inpoint != AV_NOPTS_VALUE && file->outpoint != AV_NOPTS_VALUE) {
if (file->inpoint > file->outpoint ||
file->outpoint - (uint64_t)file->inpoint > INT64_MAX)
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/mpegvideo_enc: Fix 1 line and one column images
ffmpeg | branch: release/7.0 | Michael Niedermayer | Mon Apr 8 18:38:42 2024 +0200| [67ca3a5ee7d4ddb55fbe93de9cf7898eb09b7887] | committer: Michael Niedermayer avcodec/mpegvideo_enc: Fix 1 line and one column images Fixes: Ticket10952 Fixes: poc21ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 96449cfeaeb95fcfd7a2b8d9ccf7719e97471ed1) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=67ca3a5ee7d4ddb55fbe93de9cf7898eb09b7887 --- libavcodec/mpegvideo_enc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/mpegvideo_enc.c b/libavcodec/mpegvideo_enc.c index c20e364cac..9d048e3dec 100644 --- a/libavcodec/mpegvideo_enc.c +++ b/libavcodec/mpegvideo_enc.c @@ -1198,8 +1198,8 @@ static int load_input_picture(MpegEncContext *s, const AVFrame *pic_arg) ptrdiff_t dst_stride = i ? s->uvlinesize : s->linesize; int h_shift = i ? s->chroma_x_shift : 0; int v_shift = i ? s->chroma_y_shift : 0; -int w = s->width >> h_shift; -int h = s->height >> v_shift; +int w = AV_CEIL_RSHIFT(s->width , h_shift); +int h = AV_CEIL_RSHIFT(s->height, v_shift); const uint8_t *src = pic_arg->data[i]; uint8_t *dst = pic->f->data[i]; int vpad = 16; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/wavarc: fix integer overflow in decode_5elp() block type 2
ffmpeg | branch: release/7.0 | Michael Niedermayer | Fri Apr 26 05:08:38 2024 +0200| [0047b51b8dc10e0ea14eaaf767a566e38a56ba99] | committer: Michael Niedermayer avcodec/wavarc: fix integer overflow in decode_5elp() block type 2 Fixes: signed integer overflow: 2097152000 + 107142979 cannot be represented in type 'int' Fixes: 67919/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVARC_fuzzer-5955101769400320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit a2ec2bd49317ab16a3c30c0824efc580ea9a8aef) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0047b51b8dc10e0ea14eaaf767a566e38a56ba99 --- libavcodec/wavarc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/wavarc.c b/libavcodec/wavarc.c index e121f1bc61..536c74e478 100644 --- a/libavcodec/wavarc.c +++ b/libavcodec/wavarc.c @@ -690,7 +690,7 @@ static int decode_5elp(AVCodecContext *avctx, for (int o = 0; o < order; o++) sum += s->filter[ch][o] * (unsigned)samples[n + 70 - o - 1]; -samples[n + 70] += ac_out[n] + (sum >> 4); +samples[n + 70] += ac_out[n] + (unsigned)(sum >> 4); } for (int n = 0; n < 70; n++) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/amrwbdec: assert mode to be valid in decode_fixed_vector()
ffmpeg | branch: release/7.0 | Michael Niedermayer | Sun Apr 28 23:30:51 2024 +0200| [c8ffda5684d1c85f7cf86fbedfd4e8ba69a77231] | committer: Michael Niedermayer avcodec/amrwbdec: assert mode to be valid in decode_fixed_vector() Inspired-by: CID1473499 Uninitialized scalar variable Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer (cherry picked from commit a3bb269db92601e2dc0e99352468d02f7b26c7c2) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c8ffda5684d1c85f7cf86fbedfd4e8ba69a77231 --- libavcodec/amrwbdec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/amrwbdec.c b/libavcodec/amrwbdec.c index 9d75b972fa..21a730b835 100644 --- a/libavcodec/amrwbdec.c +++ b/libavcodec/amrwbdec.c @@ -26,6 +26,7 @@ #include "config.h" +#include "libavutil/avassert.h" #include "libavutil/channel_layout.h" #include "libavutil/common.h" #include "libavutil/lfg.h" @@ -554,6 +555,8 @@ static void decode_fixed_vector(float *fixed_vector, const uint16_t *pulse_hi, decode_6p_track(sig_pos[i], (int) pulse_lo[i] + ((int) pulse_hi[i] << 11), 4, 1); break; +default: +av_assert2(0); } memset(fixed_vector, 0, sizeof(float) * AMRWB_SFR_SIZE); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/avs3_parser: assert the return value of init_get_bits()
ffmpeg | branch: release/7.0 | Michael Niedermayer | Wed May 1 21:17:25 2024 +0200| [13ef4f209f64cc73f6a6c4b668560d3797164dd9] | committer: Michael Niedermayer avcodec/avs3_parser: assert the return value of init_get_bits() Fixes: CID1492867 Unchecked return value Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer (cherry picked from commit f9218e4d52e16494ed816651a110dfe0ad22638c) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=13ef4f209f64cc73f6a6c4b668560d3797164dd9 --- libavcodec/avs3_parser.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/avs3_parser.c b/libavcodec/avs3_parser.c index a819b5783d..ea495b1c7c 100644 --- a/libavcodec/avs3_parser.c +++ b/libavcodec/avs3_parser.c @@ -73,7 +73,8 @@ static void parse_avs3_nal_units(AVCodecParserContext *s, const uint8_t *buf, GetBitContext gb; int profile, ratecode, low_delay; -init_get_bits8(, buf + 4, buf_size - 4); +av_unused int ret = init_get_bits(, buf + 4, 100); +av_assert1(ret >= 0); s->key_frame = 1; s->pict_type = AV_PICTURE_TYPE_I; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] swscale/output: Fix integer overflow in yuv2rgba64_full_1_c_template()
ffmpeg | branch: release/7.0 | Michael Niedermayer |
Fri Apr 26 05:08:36 2024 +0200| [ef9d59defb10f36862e6041eb5f6dbaa5e48f5bb] |
committer: Michael Niedermayer
swscale/output: Fix integer overflow in yuv2rgba64_full_1_c_template()
Fixes: signed integer overflow: -1082982400 + -1079364728 cannot be represented
in type 'int'
Fixes: 67910/clusterfuzz-testcase-minimized-ffmpeg_SWS_fuzzer-5329011971522560
The input is 9bit in 16bit, the fuzzer fills all 16bit thus generating
"invalid" input
No overflow should happen with valid input.
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 1330a73ccadd855542ac4386f75fd72ff0ab5ea1)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ef9d59defb10f36862e6041eb5f6dbaa5e48f5bb
---
libswscale/output.c | 16
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/libswscale/output.c b/libswscale/output.c
index 0b6c77e167..b234f9c6b9 100644
--- a/libswscale/output.c
+++ b/libswscale/output.c
@@ -1429,7 +1429,7 @@ yuv2rgba64_full_1_c_template(SwsContext *c, const int32_t
*buf0,
if (uvalpha < 2048) {
for (i = 0; i < dstW; i++) {
-int Y = (buf0[i]) >> 2;
+SUINT Y = (buf0[i]) >> 2;
int U = (ubuf0[i] - (128 << 11)) >> 2;
int V = (vbuf0[i] - (128 << 11)) >> 2;
int R, G, B;
@@ -1448,9 +1448,9 @@ yuv2rgba64_full_1_c_template(SwsContext *c, const int32_t
*buf0,
G = V * c->yuv2rgb_v2g_coeff + U * c->yuv2rgb_u2g_coeff;
B =U * c->yuv2rgb_u2b_coeff;
-output_pixel([0], av_clip_uintp2(((R_B + Y) >> 14) + (1<<15),
16));
-output_pixel([1], av_clip_uintp2((( G + Y) >> 14) + (1<<15),
16));
-output_pixel([2], av_clip_uintp2(((B_R + Y) >> 14) + (1<<15),
16));
+output_pixel([0], av_clip_uintp2(((int)(R_B + Y) >> 14) +
(1<<15), 16));
+output_pixel([1], av_clip_uintp2(((int)( G + Y) >> 14) +
(1<<15), 16));
+output_pixel([2], av_clip_uintp2(((int)(B_R + Y) >> 14) +
(1<<15), 16));
if (eightbytes) {
output_pixel([3], av_clip_uintp2(A, 30) >> 14);
dest += 4;
@@ -1462,7 +1462,7 @@ yuv2rgba64_full_1_c_template(SwsContext *c, const int32_t
*buf0,
const int32_t *ubuf1 = ubuf[1], *vbuf1 = vbuf[1];
int A = 0x<<14;
for (i = 0; i < dstW; i++) {
-int Y = (buf0[i]) >> 2;
+SUINT Y = (buf0[i]) >> 2;
int U = (ubuf0[i] + ubuf1[i] - (128 << 12)) >> 3;
int V = (vbuf0[i] + vbuf1[i] - (128 << 12)) >> 3;
int R, G, B;
@@ -1481,9 +1481,9 @@ yuv2rgba64_full_1_c_template(SwsContext *c, const int32_t
*buf0,
G = V * c->yuv2rgb_v2g_coeff + U * c->yuv2rgb_u2g_coeff;
B =U * c->yuv2rgb_u2b_coeff;
-output_pixel([0], av_clip_uintp2(((R_B + Y) >> 14) + (1<<15),
16));
-output_pixel([1], av_clip_uintp2((( G + Y) >> 14) + (1<<15),
16));
-output_pixel([2], av_clip_uintp2(((B_R + Y) >> 14) + (1<<15),
16));
+output_pixel([0], av_clip_uintp2(((int)(R_B + Y) >> 14) +
(1<<15), 16));
+output_pixel([1], av_clip_uintp2(((int)( G + Y) >> 14) +
(1<<15), 16));
+output_pixel([2], av_clip_uintp2(((int)(B_R + Y) >> 14) +
(1<<15), 16));
if (eightbytes) {
output_pixel([3], av_clip_uintp2(A, 30) >> 14);
dest += 4;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/avs2_parser: Assert init_get_bits8() success with const size 15
ffmpeg | branch: release/7.0 | Michael Niedermayer | Wed May 1 15:50:56 2024 +0200| [ec35ed8bb2d1044dbe7640deef3a8d16f07f046e] | committer: Michael Niedermayer avcodec/avs2_parser: Assert init_get_bits8() success with const size 15 Fixes: CID1506708 Unchecked return value Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer (cherry picked from commit a7c4f119c91bcb3791a3c242ee61a5c60379db4f) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ec35ed8bb2d1044dbe7640deef3a8d16f07f046e --- libavcodec/avs2_parser.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavcodec/avs2_parser.c b/libavcodec/avs2_parser.c index 200134f91d..0d68ab1d00 100644 --- a/libavcodec/avs2_parser.c +++ b/libavcodec/avs2_parser.c @@ -72,13 +72,15 @@ static void parse_avs2_seq_header(AVCodecParserContext *s, const uint8_t *buf, unsigned aspect_ratio; unsigned frame_rate_code; int low_delay; +av_unused int ret; // update buf_size_min if parse more deeper const int buf_size_min = 15; if (buf_size < buf_size_min) return; -init_get_bits8(, buf, buf_size_min); +ret = init_get_bits8(, buf, buf_size_min); +av_assert1(ret >= 0); s->key_frame = 1; s->pict_type = AV_PICTURE_TYPE_I; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] swscale/output: Fix integer overflow in yuv2rgba64_1_c_template
ffmpeg | branch: release/7.0 | Michael Niedermayer |
Fri Apr 26 05:08:35 2024 +0200| [ccd7fe3c6727705d00f483d6338048267081a720] |
committer: Michael Niedermayer
swscale/output: Fix integer overflow in yuv2rgba64_1_c_template
Fixes: signed integer overflow: -831176 * 9539 cannot be represented in type
'int'
Fixes: 67869/clusterfuzz-testcase-minimized-ffmpeg_SWS_fuzzer-5117342091640832
The input is 9bit in 16bit, the fuzzer fills all 16bit thus generating
"invalid" input
No overflow should happen with valid input.
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit a56559e688ffde40fcda5588123ffcb978da86d7)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ccd7fe3c6727705d00f483d6338048267081a720
---
libswscale/output.c | 44 ++--
1 file changed, 22 insertions(+), 22 deletions(-)
diff --git a/libswscale/output.c b/libswscale/output.c
index 8849a3201a..0b6c77e167 100644
--- a/libswscale/output.c
+++ b/libswscale/output.c
@@ -1207,8 +1207,8 @@ yuv2rgba64_1_c_template(SwsContext *c, const int32_t
*buf0,
if (uvalpha < 2048) {
for (i = 0; i < ((dstW + 1) >> 1); i++) {
-int Y1 = (buf0[i * 2]) >> 2;
-int Y2 = (buf0[i * 2 + 1]) >> 2;
+SUINT Y1 = (buf0[i * 2]) >> 2;
+SUINT Y2 = (buf0[i * 2 + 1]) >> 2;
int U = (ubuf0[i] - (128 << 11)) >> 2;
int V = (vbuf0[i] - (128 << 11)) >> 2;
int R, G, B;
@@ -1232,20 +1232,20 @@ yuv2rgba64_1_c_template(SwsContext *c, const int32_t
*buf0,
G = V * c->yuv2rgb_v2g_coeff + U * c->yuv2rgb_u2g_coeff;
B =U * c->yuv2rgb_u2b_coeff;
-output_pixel([0], av_clip_uintp2(((R_B + Y1) >> 14) +
(1<<15), 16));
-output_pixel([1], av_clip_uintp2((( G + Y1) >> 14) +
(1<<15), 16));
-output_pixel([2], av_clip_uintp2(((B_R + Y1) >> 14) +
(1<<15), 16));
+output_pixel([0], av_clip_uintp2(((int)(R_B + Y1) >> 14) +
(1<<15), 16));
+output_pixel([1], av_clip_uintp2(((int)( G + Y1) >> 14) +
(1<<15), 16));
+output_pixel([2], av_clip_uintp2(((int)(B_R + Y1) >> 14) +
(1<<15), 16));
if (eightbytes) {
output_pixel([3], av_clip_uintp2(A1 , 30) >> 14);
-output_pixel([4], av_clip_uintp2(((R_B + Y2) >> 14) +
(1<<15), 16));
-output_pixel([5], av_clip_uintp2((( G + Y2) >> 14) +
(1<<15), 16));
-output_pixel([6], av_clip_uintp2(((B_R + Y2) >> 14) +
(1<<15), 16));
+output_pixel([4], av_clip_uintp2(((int)(R_B + Y2) >> 14)
+ (1<<15), 16));
+output_pixel([5], av_clip_uintp2(((int)( G + Y2) >> 14)
+ (1<<15), 16));
+output_pixel([6], av_clip_uintp2(((int)(B_R + Y2) >> 14)
+ (1<<15), 16));
output_pixel([7], av_clip_uintp2(A2 , 30) >> 14);
dest += 8;
} else {
-output_pixel([3], av_clip_uintp2(((R_B + Y2) >> 14) +
(1<<15), 16));
-output_pixel([4], av_clip_uintp2((( G + Y2) >> 14) +
(1<<15), 16));
-output_pixel([5], av_clip_uintp2(((B_R + Y2) >> 14) +
(1<<15), 16));
+output_pixel([3], av_clip_uintp2(((int)(R_B + Y2) >> 14)
+ (1<<15), 16));
+output_pixel([4], av_clip_uintp2(((int)( G + Y2) >> 14)
+ (1<<15), 16));
+output_pixel([5], av_clip_uintp2(((int)(B_R + Y2) >> 14)
+ (1<<15), 16));
dest += 6;
}
}
@@ -1253,8 +1253,8 @@ yuv2rgba64_1_c_template(SwsContext *c, const int32_t
*buf0,
const int32_t *ubuf1 = ubuf[1], *vbuf1 = vbuf[1];
int A1 = 0x<<14, A2 = 0x<<14;
for (i = 0; i < ((dstW + 1) >> 1); i++) {
-int Y1 = (buf0[i * 2]) >> 2;
-int Y2 = (buf0[i * 2 + 1]) >> 2;
+SUINT Y1 = (buf0[i * 2]) >> 2;
+SUINT Y2 = (buf0[i * 2 + 1]) >> 2;
int U = (ubuf0[i] + ubuf1[i] - (128 << 12)) >> 3;
int V = (vbuf0[i] + vbuf1[i] - (128 << 12)) >> 3;
int R, G, B;
@@ -1278,20 +1278,20 @@ yuv2rgba64_1_c_template(SwsContext *c, const int32_t
*buf0,
G = V * c->yuv2rgb_v2g_coeff + U * c->yuv2rgb_u2g_coeff;
B =U * c->yuv2rgb_u2b_coeff;
-output_pixel([0], av_clip_uintp2(((R_B + Y1) >> 14) +
(1<&l
[FFmpeg-cvslog] avcodec/av1dec: Change bit_depth to int
ffmpeg | branch: release/7.0 | Michael Niedermayer |
Fri May 3 00:10:01 2024 +0200| [8170914a34b6b29e3745a346e5ea46a1436c5310] |
committer: Michael Niedermayer
avcodec/av1dec: Change bit_depth to int
Suggested-by: James Almer
Signed-off-by: Michael Niedermayer
(cherry picked from commit 69b4d9736b0d0ad01c41fcae2d66eaa534b76969)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8170914a34b6b29e3745a346e5ea46a1436c5310
---
libavcodec/av1dec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/av1dec.c b/libavcodec/av1dec.c
index d13c2c4a6b..32c2379a45 100644
--- a/libavcodec/av1dec.c
+++ b/libavcodec/av1dec.c
@@ -468,7 +468,7 @@ static int get_tiles_info(AVCodecContext *avctx, const
AV1RawTileGroup *tile_gro
static enum AVPixelFormat get_sw_pixel_format(void *logctx,
const AV1RawSequenceHeader *seq)
{
-uint8_t bit_depth;
+int bit_depth;
enum AVPixelFormat pix_fmt = AV_PIX_FMT_NONE;
if (seq->seq_profile == 2 && seq->color_config.high_bitdepth)
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/av1dec: bit_depth cannot be another values than 8,10,12
ffmpeg | branch: release/7.0 | Michael Niedermayer |
Wed May 1 13:10:57 2024 +0200| [c5671e9de91cb51e4a8d730d030fc3d7aaab1ad0] |
committer: Michael Niedermayer
avcodec/av1dec: bit_depth cannot be another values than 8,10,12
Fixes: CID1544265 Logically dead code
Sponsored-by: Sovereign Tech Fund
Reviewed-by: James Almer
Signed-off-by: Michael Niedermayer
(cherry picked from commit fd7d24fa3f39fc1013fb0d06b42c98b8ff1f8942)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c5671e9de91cb51e4a8d730d030fc3d7aaab1ad0
---
libavcodec/av1dec.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/libavcodec/av1dec.c b/libavcodec/av1dec.c
index 11c852786f..d13c2c4a6b 100644
--- a/libavcodec/av1dec.c
+++ b/libavcodec/av1dec.c
@@ -492,7 +492,7 @@ static enum AVPixelFormat get_sw_pixel_format(void *logctx,
else if (bit_depth == 12)
pix_fmt = AV_PIX_FMT_YUV444P12;
else
-av_log(logctx, AV_LOG_WARNING, "Unknown AV1 pixel format.\n");
+av_assert0(0);
} else if (seq->color_config.subsampling_x == 1 &&
seq->color_config.subsampling_y == 0) {
if (bit_depth == 8)
@@ -502,7 +502,7 @@ static enum AVPixelFormat get_sw_pixel_format(void *logctx,
else if (bit_depth == 12)
pix_fmt = AV_PIX_FMT_YUV422P12;
else
-av_log(logctx, AV_LOG_WARNING, "Unknown AV1 pixel format.\n");
+av_assert0(0);
} else if (seq->color_config.subsampling_x == 1 &&
seq->color_config.subsampling_y == 1) {
if (bit_depth == 8)
@@ -512,7 +512,7 @@ static enum AVPixelFormat get_sw_pixel_format(void *logctx,
else if (bit_depth == 12)
pix_fmt = AV_PIX_FMT_YUV420P12;
else
-av_log(logctx, AV_LOG_WARNING, "Unknown AV1 pixel format.\n");
+av_assert0(0);
}
} else {
if (bit_depth == 8)
@@ -522,7 +522,7 @@ static enum AVPixelFormat get_sw_pixel_format(void *logctx,
else if (bit_depth == 12)
pix_fmt = AV_PIX_FMT_GRAY12;
else
-av_log(logctx, AV_LOG_WARNING, "Unknown AV1 pixel format.\n");
+av_assert0(0);
}
return pix_fmt;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/kvag: Check sample_rate
ffmpeg | branch: release/7.0 | Michael Niedermayer |
Mon Apr 29 23:44:25 2024 +0200| [dba4b859d86b54fbf4201ca5c86a45d5b0764842] |
committer: Michael Niedermayer
avformat/kvag: Check sample_rate
Fixes: Division by 0
Fixes: -copyts -start_at_zero -itsoffset 00:00:01 -itsscale 1 -ss 00:00:02 -i
zgclab/ffmpeg_crash/poc1 output.mp4
Found-by: Wang Dawei and Zhou Geng, from Zhongguancun Laboratory
Signed-off-by: Michael Niedermayer
(cherry picked from commit c26a762ea1bf028a33554a5f7a18d8dd7d82f5a8)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=dba4b859d86b54fbf4201ca5c86a45d5b0764842
---
libavformat/kvag.c | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/libavformat/kvag.c b/libavformat/kvag.c
index 1d0aee0994..b55aa893ec 100644
--- a/libavformat/kvag.c
+++ b/libavformat/kvag.c
@@ -38,7 +38,7 @@
typedef struct KVAGHeader {
uint32_tmagic;
uint32_tdata_size;
-uint32_tsample_rate;
+intsample_rate;
uint16_tstereo;
} KVAGHeader;
@@ -70,6 +70,9 @@ static int kvag_read_header(AVFormatContext *s)
hdr.sample_rate = AV_RL32(buf + 8);
hdr.stereo = AV_RL16(buf + 12);
+if (hdr.sample_rate <= 0)
+return AVERROR_INVALIDDATA;
+
par = st->codecpar;
par->codec_type = AVMEDIA_TYPE_AUDIO;
par->codec_id = AV_CODEC_ID_ADPCM_IMA_SSI;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avfilter/avfiltergraph: return value of ff_request_frame() is unused
ffmpeg | branch: release/7.0 | Michael Niedermayer | Mon Apr 22 02:53:51 2024 +0200| [9a4199c71b6905aaad5d5b8980e692be6f08e411] | committer: Michael Niedermayer avfilter/avfiltergraph: return value of ff_request_frame() is unused Fixes: CID1397741 Unchecked return value Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer (cherry picked from commit e757726e89ff636e0dc6743f635888639a196e36) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9a4199c71b6905aaad5d5b8980e692be6f08e411 --- libavfilter/avfiltergraph.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavfilter/avfiltergraph.c b/libavfilter/avfiltergraph.c index 12ff7d6ffb..8e091d95e0 100644 --- a/libavfilter/avfiltergraph.c +++ b/libavfilter/avfiltergraph.c @@ -1410,7 +1410,7 @@ int avfilter_graph_request_oldest(AVFilterGraph *graph) if (r == AVERROR(EAGAIN) && !oldest->frame_wanted_out && !oldesti->frame_blocked_in && !oldesti->status_in) -ff_request_frame(oldest); +(void)ff_request_frame(oldest); else if (r < 0) return r; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/mxfdec: Check body_offset
ffmpeg | branch: release/7.0 | Michael Niedermayer |
Fri Apr 26 03:46:33 2024 +0200| [0e44de3b9b5c7dc99b47c30d24932d9856d3b646] |
committer: Michael Niedermayer
avformat/mxfdec: Check body_offset
Fixes: signed integer overflow: 538976288 - -9223372036315799520 cannot be
represented in type 'long'
Fixes:
68060/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-5523457266745344
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Tomas Härdin
Signed-off-by: Michael Niedermayer
(cherry picked from commit 20a6bfda0f7c6447ac94611736cee6e9ce6972a0)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0e44de3b9b5c7dc99b47c30d24932d9856d3b646
---
libavformat/mxfdec.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
index 4e4beb40b0..518a507539 100644
--- a/libavformat/mxfdec.c
+++ b/libavformat/mxfdec.c
@@ -790,6 +790,9 @@ static int mxf_read_partition_pack(void *arg, AVIOContext
*pb, int tag, int size
partition->index_sid = avio_rb32(pb);
partition->body_offset = avio_rb64(pb);
partition->body_sid = avio_rb32(pb);
+if (partition->body_offset < 0)
+return AVERROR_INVALIDDATA;
+
if (avio_read(pb, op, sizeof(UID)) != sizeof(UID)) {
av_log(mxf->fc, AV_LOG_ERROR, "Failed reading UID\n");
return AVERROR_INVALIDDATA;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/atrac9dec: Check init_get_bits8() for failure
ffmpeg | branch: release/7.0 | Michael Niedermayer |
Sun Apr 28 22:57:53 2024 +0200| [e806d36b38603c016f1e39c6c72b31b86253aa2b] |
committer: Michael Niedermayer
avcodec/atrac9dec: Check init_get_bits8() for failure
Fixes: CID1439569 Unchecked return value
Fixes: CID1439578 Unchecked return value
Sponsored-by: Sovereign Tech Fund
Reviewed-by: Lynne
Signed-off-by: Michael Niedermayer
(cherry picked from commit 615c994739cacbeb0a2f48f8271d911fcd0b4303)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e806d36b38603c016f1e39c6c72b31b86253aa2b
---
libavcodec/atrac9dec.c | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/libavcodec/atrac9dec.c b/libavcodec/atrac9dec.c
index 5b84f0c6d6..91f2e50b05 100644
--- a/libavcodec/atrac9dec.c
+++ b/libavcodec/atrac9dec.c
@@ -801,7 +801,9 @@ static int atrac9_decode_frame(AVCodecContext *avctx,
AVFrame *frame,
if (ret < 0)
return ret;
-init_get_bits8(, avpkt->data, avpkt->size);
+ret = init_get_bits8(, avpkt->data, avpkt->size);
+if (ret < 0)
+return ret;
for (int i = 0; i < frames; i++) {
for (int j = 0; j < s->block_config->count; j++) {
@@ -921,7 +923,9 @@ static av_cold int atrac9_decode_init(AVCodecContext *avctx)
return AVERROR_INVALIDDATA;
}
-init_get_bits8(, avctx->extradata + 4, avctx->extradata_size);
+err = init_get_bits8(, avctx->extradata + 4, avctx->extradata_size);
+if (err < 0)
+return err;
if (get_bits(, 8) != 0xFE) {
av_log(avctx, AV_LOG_ERROR, "Incorrect magic byte!\n");
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/ac3_parser: Check init_get_bits8() for failure
ffmpeg | branch: release/7.0 | Michael Niedermayer | Sun Apr 28 21:09:45 2024 +0200| [c42248f4664840a14378eb4c4da9ea186ab92514] | committer: Michael Niedermayer avcodec/ac3_parser: Check init_get_bits8() for failure Fixes: CID1420393 Unchecked return value Sponsored-by: Sovereign Tech Fund Reviewed-by: Lynne Signed-off-by: Michael Niedermayer (cherry picked from commit 63415168dbd96475372e37ae0fd47bafe151e2f0) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c42248f4664840a14378eb4c4da9ea186ab92514 --- libavcodec/ac3_parser.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavcodec/ac3_parser.c b/libavcodec/ac3_parser.c index 13b8d3b7d8..283139288c 100644 --- a/libavcodec/ac3_parser.c +++ b/libavcodec/ac3_parser.c @@ -204,7 +204,9 @@ int av_ac3_parse_header(const uint8_t *buf, size_t size, AC3HeaderInfo hdr; int err; -init_get_bits8(, buf, size); +err = init_get_bits8(, buf, size); +if (err < 0) +return AVERROR_INVALIDDATA; err = ff_ac3_parse_header(, ); if (err < 0) return AVERROR_INVALIDDATA; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/pngdec: Check last AVFrame before deref
ffmpeg | branch: release/7.0 | Michael Niedermayer |
Fri Apr 26 23:22:53 2024 +0200| [a0577e9877ef83c703a003fe76c82aeea761c2d6] |
committer: Michael Niedermayer
avcodec/pngdec: Check last AVFrame before deref
Fixes: NULL pointer dereference
Fixes:
68184/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APNG_fuzzer-4926478069334016
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 091fdce87e88c8622d8af89ffa6cbb0dc20c3816)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a0577e9877ef83c703a003fe76c82aeea761c2d6
---
libavcodec/pngdec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c
index de50e6a5b6..90c286eb83 100644
--- a/libavcodec/pngdec.c
+++ b/libavcodec/pngdec.c
@@ -1216,7 +1216,7 @@ static int decode_fctl_chunk(AVCodecContext *avctx,
PNGDecContext *s,
return AVERROR_INVALIDDATA;
}
-if ((sequence_number == 0 || !s->last_picture.f->data[0]) &&
+if ((sequence_number == 0 || !s->last_picture.f) &&
dispose_op == APNG_DISPOSE_OP_PREVIOUS) {
// No previous frame to revert to for the first frame
// Spec says to just treat it as a APNG_DISPOSE_OP_BACKGROUND
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] doc/examples/qsv_transcode: Initialize pointer before free
ffmpeg | branch: release/7.0 | Michael Niedermayer |
Wed Apr 24 03:30:20 2024 +0200| [7fa0143d7e02c5cd575d14750198ae4dd2ef4166] |
committer: Michael Niedermayer
doc/examples/qsv_transcode: Initialize pointer before free
Fixees: CID1517023 Uninitialized pointer read
Sponsored-by: Sovereign Tech Fund
Reviewed-by: "Xiang, Haihao"
Signed-off-by: Michael Niedermayer
(cherry picked from commit cae0f2bc550312c99655057f8ffab5b59556ceeb)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7fa0143d7e02c5cd575d14750198ae4dd2ef4166
---
doc/examples/qsv_transcode.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/doc/examples/qsv_transcode.c b/doc/examples/qsv_transcode.c
index 486910f09a..ff115f3669 100644
--- a/doc/examples/qsv_transcode.c
+++ b/doc/examples/qsv_transcode.c
@@ -341,7 +341,7 @@ int main(int argc, char **argv)
{
const AVCodec *enc_codec;
int ret = 0;
-AVPacket *dec_pkt;
+AVPacket *dec_pkt = NULL;
if (argc < 5 || (argc - 5) % 2) {
av_log(NULL, AV_LOG_ERROR, "Usage: %s "
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] doc/examples/qsv_transcode: Simplify str_to_dict() loop
ffmpeg | branch: release/7.0 | Michael Niedermayer | Wed Apr 24 03:28:00 2024 +0200| [70191fc0a6bdc09b61ae53d3b93092596c4dd5a0] | committer: Michael Niedermayer doc/examples/qsv_transcode: Simplify str_to_dict() loop Fixes: CID1517022 Logically dead code Sponsored-by: Sovereign Tech Fund Reviewed-by: "Xiang, Haihao" Signed-off-by: Michael Niedermayer (cherry picked from commit 191950d1bfc3924d1b54f236b2c35149ba4487a1) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=70191fc0a6bdc09b61ae53d3b93092596c4dd5a0 --- doc/examples/qsv_transcode.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/doc/examples/qsv_transcode.c b/doc/examples/qsv_transcode.c index 3d98729474..486910f09a 100644 --- a/doc/examples/qsv_transcode.c +++ b/doc/examples/qsv_transcode.c @@ -75,8 +75,7 @@ static int str_to_dict(char* optstr, AVDictionary **opt) if (value == NULL) return AVERROR(EINVAL); av_dict_set(opt, key, value, 0); -} while(key != NULL); -return 0; +} while(1); } static int dynamic_set_parameter(AVCodecContext *avctx) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/hevcdec: Check ref frame
ffmpeg | branch: release/7.0 | Michael Niedermayer |
Sat Apr 27 00:09:02 2024 +0200| [62d3e4fd298105026f47c4591db178600104862d] |
committer: Michael Niedermayer
avcodec/hevcdec: Check ref frame
Fixes: NULL pointer dereferences
Fixes:
68197/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-6382538823106560
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt
Signed-off-by: Michael Niedermayer
(cherry picked from commit 5eb05f44503da3fdff82f1fed8ee2706d9841a9a)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=62d3e4fd298105026f47c4591db178600104862d
---
libavcodec/hevcdec.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/hevcdec.c b/libavcodec/hevcdec.c
index 08fd3be43c..a130eb1d74 100644
--- a/libavcodec/hevcdec.c
+++ b/libavcodec/hevcdec.c
@@ -1968,13 +1968,13 @@ static void hls_prediction_unit(HEVCLocalContext *lc,
int x0, int y0,
if (current_mv.pred_flag & PF_L0) {
ref0 = refPicList[0].ref[current_mv.ref_idx[0]];
-if (!ref0 || !ref0->frame->data[0])
+if (!ref0 || !ref0->frame)
return;
hevc_await_progress(s, ref0, _mv.mv[0], y0, nPbH);
}
if (current_mv.pred_flag & PF_L1) {
ref1 = refPicList[1].ref[current_mv.ref_idx[1]];
-if (!ref1 || !ref1->frame->data[0])
+if (!ref1 || !ref1->frame)
return;
hevc_await_progress(s, ref1, _mv.mv[1], y0, nPbH);
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] doc/examples/vaapi_transcode: Simplify loop
ffmpeg | branch: release/7.0 | Michael Niedermayer | Wed Apr 24 03:20:38 2024 +0200| [6b42ba2094e6ba56cfd66a746cb01e00c7a0d421] | committer: Michael Niedermayer doc/examples/vaapi_transcode: Simplify loop Fixes: CID1428858(1/2) Logically dead code Sponsored-by: Sovereign Tech Fund Reviewed-by: "myp...@gmail.com" Signed-off-by: Michael Niedermayer (cherry picked from commit c9c11a0866d45827201b034349bceb2dc58a3499) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6b42ba2094e6ba56cfd66a746cb01e00c7a0d421 --- doc/examples/vaapi_transcode.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/doc/examples/vaapi_transcode.c b/doc/examples/vaapi_transcode.c index 8367cb3040..e1b7a43883 100644 --- a/doc/examples/vaapi_transcode.c +++ b/doc/examples/vaapi_transcode.c @@ -215,10 +215,8 @@ static int dec_enc(AVPacket *pkt, const AVCodec *enc_codec) fail: av_frame_free(); -if (ret < 0) -return ret; } -return 0; +return ret; } int main(int argc, char **argv) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] doc/examples/qsv_transcode: Simplify loop
ffmpeg | branch: release/7.0 | Michael Niedermayer | Wed Apr 24 03:20:38 2024 +0200| [53868f5193d63e499c0e36aeef9376b40ecbd189] | committer: Michael Niedermayer doc/examples/qsv_transcode: Simplify loop Fixes: CID1428858(2/2) Logically dead code Sponsored-by: Sovereign Tech Fund Reviewed-by: "Xiang, Haihao" Signed-off-by: Michael Niedermayer (cherry picked from commit 82cce209349d2a7c893a4f9691ec8698704b0486) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=53868f5193d63e499c0e36aeef9376b40ecbd189 --- doc/examples/qsv_transcode.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/doc/examples/qsv_transcode.c b/doc/examples/qsv_transcode.c index 972126800b..3d98729474 100644 --- a/doc/examples/qsv_transcode.c +++ b/doc/examples/qsv_transcode.c @@ -334,10 +334,8 @@ static int dec_enc(AVPacket *pkt, const AVCodec *enc_codec, char *optstr) fail: av_frame_free(); -if (ret < 0) -return ret; } -return 0; +return ret; } int main(int argc, char **argv) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/cbs_h2645: Check NAL space
ffmpeg | branch: release/7.0 | Michael Niedermayer |
Mon Apr 22 03:23:10 2024 +0200| [ad26b2d05a4cfc583dc502cc6c7bc41bb45c4d69] |
committer: Michael Niedermayer
avcodec/cbs_h2645: Check NAL space
Found-by-reviewing: CID1419833 Untrusted loop bound
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer
(cherry picked from commit b91e3c4c908228901b1ec120d59ddf5a86c3b3b8)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ad26b2d05a4cfc583dc502cc6c7bc41bb45c4d69
---
libavcodec/cbs_h2645.c | 4
1 file changed, 4 insertions(+)
diff --git a/libavcodec/cbs_h2645.c b/libavcodec/cbs_h2645.c
index 8e4af7b2cc..db803ea351 100644
--- a/libavcodec/cbs_h2645.c
+++ b/libavcodec/cbs_h2645.c
@@ -708,7 +708,11 @@ static int cbs_h2645_split_fragment(CodedBitstreamContext
*ctx,
start = bytestream2_tell();
for(i = 0; i < num_nalus; i++) {
+if (bytestream2_get_bytes_left() < 2)
+return AVERROR_INVALIDDATA;
size = bytestream2_get_be16();
+if (bytestream2_get_bytes_left() < size)
+return AVERROR_INVALIDDATA;
bytestream2_skip(, size);
}
end = bytestream2_tell();
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avfilter/vf_thumbnail_cuda: Set ret before checking it
ffmpeg | branch: release/7.0 | Michael Niedermayer | Mon Apr 22 03:09:54 2024 +0200| [1dbfdd2d306d29b9eadcc817896dd0dac9c9dcae] | committer: Michael Niedermayer avfilter/vf_thumbnail_cuda: Set ret before checking it Fixes: CID1418336 Logically dead code Sponsored-by: Sovereign Tech Fund Reviewed-by: Timo Rothenpieler Signed-off-by: Michael Niedermayer (cherry picked from commit 02301017d28422e4d0a4badb16f2226e70ec534a) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1dbfdd2d306d29b9eadcc817896dd0dac9c9dcae --- libavfilter/vf_thumbnail_cuda.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavfilter/vf_thumbnail_cuda.c b/libavfilter/vf_thumbnail_cuda.c index c8dd905123..40a3b75dd0 100644 --- a/libavfilter/vf_thumbnail_cuda.c +++ b/libavfilter/vf_thumbnail_cuda.c @@ -290,7 +290,7 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *frame) hist[i] = 4 * hist[i]; } -CHECK_CU(cu->cuCtxPopCurrent()); +ret = CHECK_CU(cu->cuCtxPopCurrent()); if (ret < 0) return ret; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avfilter/signature_lookup: Dont copy uninitialized stuff around
ffmpeg | branch: release/7.0 | Michael Niedermayer |
Mon Apr 22 00:57:43 2024 +0200| [4197c3203b63f8d90c264eff9ca783c4f8beaafd] |
committer: Michael Niedermayer
avfilter/signature_lookup: Dont copy uninitialized stuff around
Fixes: CID1403238 Uninitialized pointer read
Fixes: CID1403239 Uninitialized pointer read
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer
(cherry picked from commit e7174e66ac6025cea4b8e590525314d3aea6a134)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4197c3203b63f8d90c264eff9ca783c4f8beaafd
---
libavfilter/signature_lookup.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavfilter/signature_lookup.c b/libavfilter/signature_lookup.c
index 625d38bd13..ad59106cf0 100644
--- a/libavfilter/signature_lookup.c
+++ b/libavfilter/signature_lookup.c
@@ -447,14 +447,14 @@ static MatchingInfo evaluate_parameters(AVFilterContext
*ctx, SignatureContext *
}
if (tolerancecount > 2) {
-a = aprev;
-b = bprev;
if (dir == DIR_NEXT) {
/* turn around */
a = infos->first;
b = infos->second;
dir = DIR_PREV;
} else {
+a = aprev;
+b = bprev;
break;
}
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avfilter/signature_lookup: Fix 2 differences to the refernce SW
ffmpeg | branch: release/7.0 | Michael Niedermayer | Mon Apr 22 00:43:19 2024 +0200| [ba031f8771d2c88a85b0607da2fd1442c8fe368f] | committer: Michael Niedermayer avfilter/signature_lookup: Fix 2 differences to the refernce SW Fixes: CID1403227 Division or modulo by float zero Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer (cherry picked from commit 25cb66369e7b81bd280f0bdd6d51a0e2e11881e3) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ba031f8771d2c88a85b0607da2fd1442c8fe368f --- libavfilter/signature_lookup.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavfilter/signature_lookup.c b/libavfilter/signature_lookup.c index 9c69c02fbf..625d38bd13 100644 --- a/libavfilter/signature_lookup.c +++ b/libavfilter/signature_lookup.c @@ -495,10 +495,10 @@ static MatchingInfo evaluate_parameters(AVFilterContext *ctx, SignatureContext * continue; /* matching sequence is too short */ if ((double) goodfcount / (double) fcount < sc->thit) continue; -if ((double) goodfcount*0.5 < FFMAX(gooda, goodb)) +if ((double) goodfcount*0.5 <= FFMAX(gooda, goodb)) continue; -meandist = (double) goodfcount / (double) distsum; +meandist = (double) distsum / (double) goodfcount; if (meandist < minmeandist || status == (STATUS_END_REACHED | STATUS_BEGIN_REACHED) || ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/mpeg4videodec: assert impossible wrap points
ffmpeg | branch: master | Michael Niedermayer | Sat May 11 22:08:21 2024 +0200| [8fc649b931a3cbc3a2dd9b50b75a9261a2fb4b49] | committer: Michael Niedermayer avcodec/mpeg4videodec: assert impossible wrap points Helps: CID1473517 Uninitialized scalar variable Helps: CID1473497 Uninitialized scalar variable Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8fc649b931a3cbc3a2dd9b50b75a9261a2fb4b49 --- libavcodec/mpeg4videodec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/mpeg4videodec.c b/libavcodec/mpeg4videodec.c index 6a7a37e817..df1e22207d 100644 --- a/libavcodec/mpeg4videodec.c +++ b/libavcodec/mpeg4videodec.c @@ -597,6 +597,8 @@ static int mpeg4_decode_sprite_trajectory(Mpeg4DecContext *ctx, GetBitContext *g ctx->sprite_shift[0] = alpha + beta + rho - min_ab; ctx->sprite_shift[1] = alpha + beta + rho - min_ab + 2; break; +default: +av_assert0(0); } /* try to simplify the situation */ if (sprite_delta[0][0] == a << ctx->sprite_shift[0] && ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/vqcdec: Check init_get_bits8() for failure
ffmpeg | branch: master | Michael Niedermayer | Sun
May 19 00:47:11 2024 +0200| [6a9302739f5b20791eac7f40d9d999f87fd1] |
committer: Michael Niedermayer
avcodec/vqcdec: Check init_get_bits8() for failure
Fixes: CID1516090 Unchecked return value
Sponsored-by: Sovereign Tech Fund
Reviewed-by: Peter Ross
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6a9302739f5b20791eac7f40d9d999f87fd1
---
libavcodec/vqcdec.c | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/libavcodec/vqcdec.c b/libavcodec/vqcdec.c
index 5c6cab3c1a..bb69844327 100644
--- a/libavcodec/vqcdec.c
+++ b/libavcodec/vqcdec.c
@@ -147,10 +147,13 @@ static int decode_vectors(VqcContext * s, const uint8_t *
buf, int size, int wid
GetBitContext gb;
uint8_t * vectors = s->vectors;
uint8_t * vectors_end = s->vectors + (width * height * 3) / 2;
+int ret;
memset(vectors, 0, 3 * width * height / 2);
-init_get_bits8(, buf, size);
+ret = init_get_bits8(, buf, size);
+if (ret < 0)
+return ret;
for (int i = 0; i < 3 * width * height / 2 / 32; i++) {
uint8_t * dst = vectors;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/vvc/dec: Check init_get_bits8() for failure
ffmpeg | branch: master | Michael Niedermayer | Sun
May 19 01:21:37 2024 +0200| [4a8506c794d92744514aac26ac9a1b898a7401ab] |
committer: Michael Niedermayer
avcodec/vvc/dec: Check init_get_bits8() for failure
Fixes: CID1560042 Unchecked return value
Sponsored-by: Sovereign Tech Fund
Reviewed-by: Nuo Mi
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4a8506c794d92744514aac26ac9a1b898a7401ab
---
libavcodec/vvc/dec.c | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/libavcodec/vvc/dec.c b/libavcodec/vvc/dec.c
index 25cdb39cab..76b1923340 100644
--- a/libavcodec/vvc/dec.c
+++ b/libavcodec/vvc/dec.c
@@ -514,6 +514,7 @@ static int slice_init_entry_points(SliceContext *sc,
int nb_eps= sh->r->num_entry_points + 1;
int ctu_addr = 0;
GetBitContext gb;
+int ret;
if (sc->nb_eps != nb_eps) {
eps_free(sc);
@@ -523,7 +524,9 @@ static int slice_init_entry_points(SliceContext *sc,
sc->nb_eps = nb_eps;
}
-init_get_bits8(, slice->data, slice->data_size);
+ret = init_get_bits8(, slice->data, slice->data_size);
+if (ret < 0)
+return ret;
for (int i = 0; i < sc->nb_eps; i++)
{
EntryPoint *ep = sc->eps + i;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/mscc & mwsc: Check loop counts before use
ffmpeg | branch: master | Michael Niedermayer | Sun
May 12 00:43:48 2024 +0200| [e35fe3d8b9e345527a05b1ae958ac851fe09f1ed] |
committer: Michael Niedermayer
avcodec/mscc & mwsc: Check loop counts before use
This could cause timeouts
Fixes: CID1439568 Untrusted loop bound
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e35fe3d8b9e345527a05b1ae958ac851fe09f1ed
---
libavcodec/mscc.c | 6 ++
libavcodec/mwsc.c | 11 +++
2 files changed, 17 insertions(+)
diff --git a/libavcodec/mscc.c b/libavcodec/mscc.c
index 26143bfd5e..2d6f6265bf 100644
--- a/libavcodec/mscc.c
+++ b/libavcodec/mscc.c
@@ -54,6 +54,9 @@ static int rle_uncompress(AVCodecContext *avctx,
GetByteContext *gb, PutByteCont
unsigned run = bytestream2_get_byte(gb);
if (run) {
+if (bytestream2_get_bytes_left_p(pb) < run * s->bpp)
+return AVERROR_INVALIDDATA;
+
switch (avctx->bits_per_coded_sample) {
case 8:
fill = bytestream2_get_byte(gb);
@@ -102,6 +105,9 @@ static int rle_uncompress(AVCodecContext *avctx,
GetByteContext *gb, PutByteCont
bytestream2_seek_p(pb, y * avctx->width * s->bpp + x * s->bpp,
SEEK_SET);
} else {
+if (bytestream2_get_bytes_left_p(pb) < copy * s->bpp)
+return AVERROR_INVALIDDATA;
+
for (j = 0; j < copy; j++) {
switch (avctx->bits_per_coded_sample) {
case 8:
diff --git a/libavcodec/mwsc.c b/libavcodec/mwsc.c
index 06a151a72a..0d4ee9791a 100644
--- a/libavcodec/mwsc.c
+++ b/libavcodec/mwsc.c
@@ -51,6 +51,10 @@ static int rle_uncompress(GetByteContext *gb, PutByteContext
*pb, GetByteContext
if (run == 0) {
run = bytestream2_get_le32(gb);
+
+if (bytestream2_tell_p(pb) + width - w < run)
+return AVERROR_INVALIDDATA;
+
for (int j = 0; j < run; j++, w++) {
if (w == width) {
w = 0;
@@ -62,6 +66,10 @@ static int rle_uncompress(GetByteContext *gb, PutByteContext
*pb, GetByteContext
int pos = bytestream2_tell_p(pb);
bytestream2_seek(gbp, pos, SEEK_SET);
+
+if (pos + width - w < fill)
+return AVERROR_INVALIDDATA;
+
for (int j = 0; j < fill; j++, w++) {
if (w == width) {
w = 0;
@@ -73,6 +81,9 @@ static int rle_uncompress(GetByteContext *gb, PutByteContext
*pb, GetByteContext
intra = 0;
} else {
+if (bytestream2_tell_p(pb) + width - w < run)
+return AVERROR_INVALIDDATA;
+
for (int j = 0; j < run; j++, w++) {
if (w == width) {
w = 0;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/mpeg12dec: Use 64bit in bit computation
ffmpeg | branch: master | Michael Niedermayer | Sat May 11 21:04:00 2024 +0200| [4c725df059dd9a5f2071e204924105b3ceb74cbc] | committer: Michael Niedermayer avcodec/mpeg12dec: Use 64bit in bit computation I dont think this can actually overflow but 64bit seems reasonable to use Fixes: CID1521983 Unintentional integer overflow Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4c725df059dd9a5f2071e204924105b3ceb74cbc --- libavcodec/mpeg12dec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/mpeg12dec.c b/libavcodec/mpeg12dec.c index a9fe3503db..9fd765f030 100644 --- a/libavcodec/mpeg12dec.c +++ b/libavcodec/mpeg12dec.c @@ -2734,7 +2734,7 @@ static int ipu_decode_frame(AVCodecContext *avctx, AVFrame *frame, int ret; // Check for minimal intra MB size (considering mb header, luma & chroma dc VLC, ac EOB VLC) -if (avpkt->size*8LL < (avctx->width+15)/16 * ((avctx->height+15)/16) * (2 + 3*4 + 2*2 + 2*6)) +if (avpkt->size*8LL < (avctx->width+15)/16 * ((avctx->height+15)/16) * (2LL + 3*4 + 2*2 + 2*6)) return AVERROR_INVALIDDATA; ret = ff_get_buffer(avctx, frame, 0); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/vble: Check av_image_get_buffer_size() for failure
ffmpeg | branch: master | Michael Niedermayer | Sat
May 18 00:32:43 2024 +0200| [dd5379db5d83d8b06654582afe327daa6be678a3] |
committer: Michael Niedermayer
avcodec/vble: Check av_image_get_buffer_size() for failure
Fixes: CID1461482 Improper use of negative value
Sponsored-by: Sovereign Tech Fund
Reviewed-.by: "Xiang, Haihao"
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=dd5379db5d83d8b06654582afe327daa6be678a3
---
libavcodec/vble.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libavcodec/vble.c b/libavcodec/vble.c
index c5d92bd6f5..4511433a6c 100644
--- a/libavcodec/vble.c
+++ b/libavcodec/vble.c
@@ -187,6 +187,9 @@ static av_cold int vble_decode_init(AVCodecContext *avctx)
ctx->size = av_image_get_buffer_size(avctx->pix_fmt,
avctx->width, avctx->height, 1);
+if (ctx->size < 0)
+return ctx->size;
+
ctx->val = av_malloc_array(ctx->size, sizeof(*ctx->val));
if (!ctx->val) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/mpegvideo_enc: Fix potential overflow in RD
ffmpeg | branch: master | Michael Niedermayer | Sun May 12 00:13:58 2024 +0200| [b6b2b01025e016ce29e5add57305384a663edcfc] | committer: Michael Niedermayer avcodec/mpegvideo_enc: Fix potential overflow in RD Fixes: CID1500285 Unintentional integer overflow Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b6b2b01025e016ce29e5add57305384a663edcfc --- libavcodec/mpegvideo_enc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/mpegvideo_enc.c b/libavcodec/mpegvideo_enc.c index b601a1a9e4..73a9082265 100644 --- a/libavcodec/mpegvideo_enc.c +++ b/libavcodec/mpegvideo_enc.c @@ -1433,7 +1433,7 @@ static int estimate_best_b_count(MpegEncContext *s) goto fail; } -rd += (out_size * lambda2) >> (FF_LAMBDA_SHIFT - 3); +rd += (out_size * (uint64_t)lambda2) >> (FF_LAMBDA_SHIFT - 3); } /* get the delayed frames */ @@ -1442,7 +1442,7 @@ static int estimate_best_b_count(MpegEncContext *s) ret = out_size; goto fail; } -rd += (out_size * lambda2) >> (FF_LAMBDA_SHIFT - 3); +rd += (out_size * (uint64_t)lambda2) >> (FF_LAMBDA_SHIFT - 3); rd += c->error[0] + c->error[1] + c->error[2]; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/vp8: Forward return of ff_vpx_init_range_decoder()
ffmpeg | branch: master | Michael Niedermayer | Sat May 18 03:06:46 2024 +0200| [63feed1519c5e38d6ce146f265c48592236e3abc] | committer: Michael Niedermayer avcodec/vp8: Forward return of ff_vpx_init_range_decoder() Fixes: CID1507483 Unchecked return value Sponsored-by: Sovereign Tech Fund Reviewed-by: "Ronald S. Bultje" Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=63feed1519c5e38d6ce146f265c48592236e3abc --- libavcodec/vp8.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libavcodec/vp8.c b/libavcodec/vp8.c index 19f32b3400..8e91613068 100644 --- a/libavcodec/vp8.c +++ b/libavcodec/vp8.c @@ -341,9 +341,8 @@ static int setup_partitions(VP8Context *s, const uint8_t *buf, int buf_size) } s->coeff_partition_size[i] = buf_size; -ff_vpx_init_range_decoder(>coeff_partition[i], buf, buf_size); -return 0; +return ff_vpx_init_range_decoder(>coeff_partition[i], buf, buf_size); } static void vp7_get_quants(VP8Context *s) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/vp3: Replace check by assert
ffmpeg | branch: master | Michael Niedermayer | Sat May 18 03:16:08 2024 +0200| [1b991e77b9b19392214f6a788541bea5662de337] | committer: Michael Niedermayer avcodec/vp3: Replace check by assert Fixes: CID1452425 Logically dead code Sponsored-by: Sovereign Tech Fund Reviewed-by: Peter Ross Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1b991e77b9b19392214f6a788541bea5662de337 --- libavcodec/vp3.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c index 0952760776..d03a1c9dbc 100644 --- a/libavcodec/vp3.c +++ b/libavcodec/vp3.c @@ -2001,8 +2001,7 @@ static int vp4_mc_loop_filter(Vp3DecodeContext *s, int plane, int motion_x, int x_offset = (-(x + 2) & 7) + 2; y_offset = (-(y + 2) & 7) + 2; -if (x_offset > 8 + x_subpel && y_offset > 8 + y_subpel) -return 0; +av_assert1(!(x_offset > 8 + x_subpel && y_offset > 8 + y_subpel)); s->vdsp.emulated_edge_mc(loop, motion_source - stride - 1, loop_stride, stride, ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] Changelog: update
ffmpeg | branch: refs/remotes/origin/release/4.4 | Michael Niedermayer | Sun Apr 14 20:31:14 2024 +0200| [568c374568b5938c5c3304eb887c92d31dedc952] | committer: Michael Niedermayer Changelog: update > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=568c374568b5938c5c3304eb887c92d31dedc952 --- Changelog | 150 ++ 1 file changed, 150 insertions(+) diff --git a/Changelog b/Changelog index 620ca2bf40..4d296caf82 100644 --- a/Changelog +++ b/Changelog @@ -1,6 +1,156 @@ Entries are sorted chronologically from oldest to youngest within each release, releases are sorted from youngest to oldest. +version 4.4.5: + fate/subtitles: Ignore line endings for sub-scc test + avformat/mxfdec: Check index_edit_rate + swscale/utils: Fix xInc overflow + avcodec/exr: Dont use 64bits to hold 6bits + avcodec/exr: Check for remaining bits in huf_unpack_enc_table() + avformat/mpegts: Reset local nb_prg on add_program() failure + avformat/mxfdec: Make edit_unit_byte_count unsigned + avformat/movenc: Check that cts fits in 32bit + avformat/mxfdec: Check first case of offset_temp computation for overflow + avfilter/vf_signature: Dont crash on no frames + avformat/westwood_vqa: Fix 2g packets + avformat/matroskadec: Check timescale + avformat/wavdec: satuarte next_tag_ofs, data_end + avformat/sbgdec: Check for negative duration + avformat/rpl: Use 64bit for total_audio_size and check it + avformat/timecode: use 64bit for intermediate for rounding in fps_from_frame_rate() + avformat/jacosubdec: Use 64bit for abs + avformat/concatdec: Check user_duration sum + avcodec/truemotion1: Height not being a multiple of 4 is unsupported + avcodec/hcadec: do not set hfr_group_count to invalid values + avformat/concatdec: clip outpoint - inpoint overflow in get_best_effort_duration() + avformat/jacosubdec: clarify code + avformat/cafdec: Check that data chunk end fits within 64bit + avformat/iff: Saturate avio_tell() + 12 + avformat/dxa: Adjust order of operations around block align + avformat/cafdec: dont seek beyond 64bit + avformat/id3v2: read_uslt() check for the amount read + avcodec/proresenc_kostya: Remove bug similarity text + avcodec/vorbisdec: Check remaining data in vorbis_residue_decode_internal() + libswscale/utils: Fix bayer to yuvj + swscale/swscale: Check srcSliceH for bayer + swscale/utils: Allocate more dithererror + avcodec/indeo3: Round dimensions up in allocate_frame_buffers() + avutil/rational: Document what is to be expected from av_d2q() of doubles representing rational numbers + avfilter/signature_lookup: Do not dereference NULL pointers after malloc failure + avfilter/signature_lookup: dont leave uncleared pointers in sll_free() + avcodec/mpegvideo_enc: Use ptrdiff_t for stride + libavformat/hlsenc.c: Populate OTI using AAC profile in write_codec_attr. + avcodec/mpegvideo_enc: Dont copy beyond the image + avfilter/vf_minterpolate: Check pts before division + avformat/flacdec: Avoid double AVERRORS + avfilter/vf_vidstabdetect: Avoid double AVERRORS + avfilter/vf_swaprect: round coordinates down + avfilter/vf_swaprect: Use height for vertical variables + avfilter/vf_swaprect: assert that rectangles are within memory + avfilter/af_alimiter: Check nextpos before use + avfilter/af_stereowiden: Check length + avfilter/vf_weave: Fix odd height handling + avfilter/vf_gradfun: Do not overread last line + avformat/mov: do not set sign bit for chunk_offsets + avcodec/jpeglsdec: Check Jpeg-LS LSE + configure: Enable section_data_rel_ro for FreeBSD and NetBSD aarch64 / arm + avformat/mov: Check if a key is longer than the atom containing it + avcodec/nvdec: reset bitstream_len/nb_slices when resetting bitstream pointer + avformat/mov: don't abort on duplicate Mastering Display Metadata boxes + avcodec/x86/mathops: clip constants used with shift instructions within inline assembly + avcodec/av1dec: fix matrix coefficients exposed by codec context + avcodec/nvdec: don't free NVDECContext->bitstream + avcodec/av1dec: Fix resolving zero divisor + avformat/mov: Ignore duplicate ftyp + avformat/mov: Fix integer overflow in mov_read_packet(). + seek: Fix crashes in ff_seek_frame_binary if built with latest Clang 14 + avcodec/4xm: Check for cfrm exhaustion + avformat/mov: Disallow FTYP after streams + doc/html: fix styling issue with Texinfo 7.0 + doc/html: support texinfo 7.0 + doc/t2h.pm: fix missing TOC with texinfo 6.8 and above + doc/t2h.pm: fix missing CSS with texinfo 6.8 and above + avformat/matroskadec: Fix declaration-after-statement warnings + avformat/rtsp: Use rtsp_st->stream_index + avcodec/jpeg2000dec: Check image offset + avformat/mxfdec: Check klv offset + libavutil/ppc/cpu.c: check that AT_HWCAP2 is defined + avcodec/h2645_parse: Avoid EAGAIN + avcodec/xvididct: Make c* unsigned to avoid undefined overflows + avformat/tmv: Check video chunk size + avcodec/h264_parser: saturate dts a bit + avformat/asfdec_f: Saturate presenta
[FFmpeg-cvslog] avcodec/jpeg2000dec: remove ST=3 case
ffmpeg | branch: master | Michael Niedermayer | Fri
May 10 16:07:04 2024 +0200| [4ed4f9a6c0a99c823706bfc4bb4df53f963f2f5a] |
committer: Michael Niedermayer
avcodec/jpeg2000dec: remove ST=3 case
Fixes: CID1460979 Logically dead code
Sponsored-by: Sovereign Tech Fund
Reviewed-by: Tomas Härdin
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4ed4f9a6c0a99c823706bfc4bb4df53f963f2f5a
---
libavcodec/jpeg2000dec.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c
index 28bf6be2fe..135537b52f 100644
--- a/libavcodec/jpeg2000dec.c
+++ b/libavcodec/jpeg2000dec.c
@@ -835,9 +835,6 @@ static int get_tlm(Jpeg2000DecoderContext *s, int n)
case 2:
bytestream2_get_be16(>g);
break;
-case 3:
-bytestream2_get_be32(>g);
-break;
}
if (SP == 0) {
bytestream2_get_be16(>g);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/qsvdec: Check av_image_get_buffer_size() for failure
ffmpeg | branch: master | Michael Niedermayer | Mon
May 13 02:05:56 2024 +0200| [8789c550faf4587527faf0bd4f6c6c5c64a04ae2] |
committer: Michael Niedermayer
avcodec/qsvdec: Check av_image_get_buffer_size() for failure
Fixes: CID1477406 Improper use of negative value
Sponsored-by: Sovereign Tech Fund
Reviewed-by: "Xiang, Haihao"
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8789c550faf4587527faf0bd4f6c6c5c64a04ae2
---
libavcodec/qsvdec.c | 9 ++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/libavcodec/qsvdec.c b/libavcodec/qsvdec.c
index ed0bfe4c8b..a51ddace62 100644
--- a/libavcodec/qsvdec.c
+++ b/libavcodec/qsvdec.c
@@ -379,9 +379,12 @@ static int qsv_decode_init_context(AVCodecContext *avctx,
QSVContext *q, mfxVide
q->frame_info = param->mfx.FrameInfo;
-if (!avctx->hw_frames_ctx)
-q->pool = av_buffer_pool_init(av_image_get_buffer_size(avctx->pix_fmt,
-FFALIGN(avctx->width, 128), FFALIGN(avctx->height, 64),
1), av_buffer_allocz);
+if (!avctx->hw_frames_ctx) {
+ret = av_image_get_buffer_size(avctx->pix_fmt, FFALIGN(avctx->width,
128), FFALIGN(avctx->height, 64), 1);
+if (ret < 0)
+return ret;
+q->pool = av_buffer_pool_init(ret, av_buffer_allocz);
+}
return 0;
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/exr: Fix preview overflow
ffmpeg | branch: master | Michael Niedermayer | Fri
May 3 23:25:10 2024 +0200| [36126e4c142e43cc703f4b8c535d388ac5e403a4] |
committer: Michael Niedermayer
avcodec/exr: Fix preview overflow
Fixes: CID1515456 Unintentional integer overflow
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=36126e4c142e43cc703f4b8c535d388ac5e403a4
---
libavcodec/exr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/exr.c b/libavcodec/exr.c
index 8bd39f78a4..4bac0be89b 100644
--- a/libavcodec/exr.c
+++ b/libavcodec/exr.c
@@ -1943,7 +1943,7 @@ static int decode_header(EXRContext *s, AVFrame *frame)
"preview", 16)) >= 0) {
uint32_t pw = bytestream2_get_le32(gb);
uint32_t ph = bytestream2_get_le32(gb);
-uint64_t psize = pw * ph;
+uint64_t psize = pw * (uint64_t)ph;
if (psize > INT64_MAX / 4) {
ret = AVERROR_INVALIDDATA;
goto fail;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/fmvc: remove dead assignment
ffmpeg | branch: master | Michael Niedermayer | Sat May 4 23:29:26 2024 +0200| [96c116254527cc40b386f14b77e17fbe2388d5da] | committer: Michael Niedermayer avcodec/fmvc: remove dead assignment Fixes: CID1529220 Unused value Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=96c116254527cc40b386f14b77e17fbe2388d5da --- libavcodec/fmvc.c | 1 - 1 file changed, 1 deletion(-) diff --git a/libavcodec/fmvc.c b/libavcodec/fmvc.c index 30f7aaf6bc..b51b18a9ee 100644 --- a/libavcodec/fmvc.c +++ b/libavcodec/fmvc.c @@ -101,7 +101,6 @@ static int decode_type2(GetByteContext *gb, PutByteContext *pb) continue; } } -repeat = 0; } repeat = 1; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/dovi_rpuenc: fix compaatibility
ffmpeg | branch: master | Michael Niedermayer | Fri
May 3 22:34:00 2024 +0200| [73d6d9f1292424a09756c56b279b8764ef0befeb] |
committer: Michael Niedermayer
avcodec/dovi_rpuenc: fix compaatibility
Fixes: a frequency
Found while reviewing: CID1596607
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=73d6d9f1292424a09756c56b279b8764ef0befeb
---
libavcodec/dovi_rpuenc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/dovi_rpuenc.c b/libavcodec/dovi_rpuenc.c
index 5a482a7a6e..3c3e0f84c0 100644
--- a/libavcodec/dovi_rpuenc.c
+++ b/libavcodec/dovi_rpuenc.c
@@ -133,7 +133,7 @@ int ff_dovi_configure(DOVIContext *s, AVCodecContext *avctx)
if (!dv_profile || bl_compat_id < 0) {
if (s->enable > 0) {
av_log(s->logctx, AV_LOG_ERROR, "Dolby Vision enabled, but could "
- "not determine profile and compaatibility mode.
Double-check "
+ "not determine profile and compatibility mode. Double-check
"
"colorspace and format settings for compatibility?\n");
return AVERROR(EINVAL);
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/dovi_rpuenc: initialize profile
ffmpeg | branch: master | Michael Niedermayer | Fri
May 3 22:28:16 2024 +0200| [46ad68084e4b1bb1c8f822a7252ce7351a17bac7] |
committer: Michael Niedermayer
avcodec/dovi_rpuenc: initialize profile
Code is taken from dovi_rpudec
Fixes: CID1596604 Uninitialized scalar variable
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=46ad68084e4b1bb1c8f822a7252ce7351a17bac7
---
libavcodec/dovi_rpuenc.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavcodec/dovi_rpuenc.c b/libavcodec/dovi_rpuenc.c
index ad03e143ee..5a482a7a6e 100644
--- a/libavcodec/dovi_rpuenc.c
+++ b/libavcodec/dovi_rpuenc.c
@@ -565,6 +565,8 @@ int ff_dovi_rpu_generate(DOVIContext *s, const
AVDOVIMetadata *metadata,
set_ue_golomb(pb, vdr_rpu_id);
s->mapping = >vdr[vdr_rpu_id]->mapping;
+profile = s->cfg.dv_profile ? s->cfg.dv_profile :
ff_dovi_guess_profile_hevc(hdr);
+
if (!use_prev_vdr_rpu) {
set_ue_golomb(pb, mapping->mapping_color_space);
set_ue_golomb(pb, mapping->mapping_chroma_format_idc);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/decode: decode_simple_internal() only implements audio and video
ffmpeg | branch: master | Michael Niedermayer | Fri
May 3 21:51:42 2024 +0200| [e9bb586543d83fe0ed901834b853b6d64e327529] |
committer: Michael Niedermayer
avcodec/decode: decode_simple_internal() only implements audio and video
Fixes: CID1538861 Uninitialized scalar variable
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e9bb586543d83fe0ed901834b853b6d64e327529
---
libavcodec/decode.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libavcodec/decode.c b/libavcodec/decode.c
index d031b1ca17..900b0c07a3 100644
--- a/libavcodec/decode.c
+++ b/libavcodec/decode.c
@@ -431,7 +431,8 @@ FF_ENABLE_DEPRECATION_WARNINGS
} else if (avctx->codec->type == AVMEDIA_TYPE_AUDIO) {
ret = !got_frame ? AVERROR(EAGAIN)
: discard_samples(avctx, frame, discarded_samples);
-}
+} else
+av_assert0(0);
if (ret == AVERROR(EAGAIN))
av_frame_unref(frame);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/h2645_sei: Remove dead checks
ffmpeg | branch: master | Michael Niedermayer | Mon May 6 01:00:17 2024 +0200| [fdaa6ae2b62de51ac0584b51feec7b2369799549] | committer: Michael Niedermayer avcodec/h2645_sei: Remove dead checks Fixes: CID1596534 Dereference after null check Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fdaa6ae2b62de51ac0584b51feec7b2369799549 --- libavcodec/h2645_sei.c | 6 ++ 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/libavcodec/h2645_sei.c b/libavcodec/h2645_sei.c index 96a22e7cf6..1deb76c765 100644 --- a/libavcodec/h2645_sei.c +++ b/libavcodec/h2645_sei.c @@ -757,8 +757,7 @@ int ff_h2645_sei_to_frame(AVFrame *frame, H2645SEI *sei, if (!sd) av_buffer_unref(>buf_ref); a53->buf_ref = NULL; -if (avctx) -avctx->properties |= FF_CODEC_PROPERTY_CLOSED_CAPTIONS; +avctx->properties |= FF_CODEC_PROPERTY_CLOSED_CAPTIONS; } ret = h2645_sei_to_side_data(avctx, sei, >side_data, >nb_side_data); @@ -844,8 +843,7 @@ FF_ENABLE_DEPRECATION_WARNINGS else fgc->present = fgc->persistence_flag; -if (avctx) -avctx->properties |= FF_CODEC_PROPERTY_FILM_GRAIN; +avctx->properties |= FF_CODEC_PROPERTY_FILM_GRAIN; } #if CONFIG_HEVC_SEI ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/h264_slice: Remove dead sps check
ffmpeg | branch: master | Michael Niedermayer | Mon
May 6 03:17:26 2024 +0200| [a68aa951b21b8b7db0a5200bcfebc0a077a5f094] |
committer: Michael Niedermayer
avcodec/h264_slice: Remove dead sps check
Fixes: CID1439574 Dereference after null check
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a68aa951b21b8b7db0a5200bcfebc0a077a5f094
---
libavcodec/h264_slice.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/h264_slice.c b/libavcodec/h264_slice.c
index 90d37f6084..ce2c4caca1 100644
--- a/libavcodec/h264_slice.c
+++ b/libavcodec/h264_slice.c
@@ -1396,7 +1396,7 @@ static int h264_field_start(H264Context *h, const
H264SliceContext *sl,
sps = h->ps.sps;
-if (sps && sps->bitstream_restriction_flag &&
+if (sps->bitstream_restriction_flag &&
h->avctx->has_b_frames < sps->num_reorder_frames) {
h->avctx->has_b_frames = sps->num_reorder_frames;
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/lpc: copy levenson coeffs only when they have been computed
ffmpeg | branch: master | Michael Niedermayer | Sat May 11 20:50:44 2024 +0200| [c2d897f3566fdf5c190583c6f5197ead5abec2ed] | committer: Michael Niedermayer avcodec/lpc: copy levenson coeffs only when they have been computed Fixes: CID1473514 Uninitialized scalar variable Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c2d897f3566fdf5c190583c6f5197ead5abec2ed --- libavcodec/lpc.c | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libavcodec/lpc.c b/libavcodec/lpc.c index 8305cc0596..dfd6114690 100644 --- a/libavcodec/lpc.c +++ b/libavcodec/lpc.c @@ -282,8 +282,10 @@ int ff_lpc_calc_coefs(LPCContext *s, double av_uninit(weight); memset(var, 0, FFALIGN(MAX_LPC_ORDER+1,4)*sizeof(*var)); -for(j=0; j 1) +for(j=0; jhttps://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avutil/tests/base64: Check with too short output array
ffmpeg | branch: master | Michael Niedermayer | Sat
May 11 03:14:16 2024 +0200| [c304784a86cc7e2af211ed80ce2121e788680a8e] |
committer: Michael Niedermayer
avutil/tests/base64: Check with too short output array
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c304784a86cc7e2af211ed80ce2121e788680a8e
---
libavutil/tests/base64.c | 10 ++
1 file changed, 10 insertions(+)
diff --git a/libavutil/tests/base64.c b/libavutil/tests/base64.c
index 400e01cefe..66d0fdc1fc 100644
--- a/libavutil/tests/base64.c
+++ b/libavutil/tests/base64.c
@@ -64,6 +64,16 @@ static int test_encode_decode(const uint8_t *data, unsigned
int data_size,
printf("Failed: decode to NULL buffer\n");
return 1;
}
+if (data_size > 0 && (data2_size = av_base64_decode(data2, encoded,
data_size - 1)) != data_size - 1) {
+printf("Failed: out of array write\n"
+ "Encoded:\n%s\n", encoded);
+return 1;
+}
+if (data_size > 1 && (data2_size = av_base64_decode(data2, encoded,
data_size - 2)) != data_size - 2) {
+printf("Failed: out of array write\n"
+ "Encoded:\n%s\n", encoded);
+return 1;
+}
if (strlen(encoded)) {
char *end = strchr(encoded, '=');
if (!end)
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] libavutil/base64: Try not to write over the array end
ffmpeg | branch: master | Michael Niedermayer | Sat May 11 03:13:17 2024 +0200| [2d216566f258badd07bc58de1e089b6e4175dc46] | committer: Michael Niedermayer libavutil/base64: Try not to write over the array end Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2d216566f258badd07bc58de1e089b6e4175dc46 --- libavutil/base64.c | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libavutil/base64.c b/libavutil/base64.c index 3e66f4fcbe..69e11e6f5e 100644 --- a/libavutil/base64.c +++ b/libavutil/base64.c @@ -127,10 +127,12 @@ validity_check: } out3: -*dst++ = v >> 10; +if (end - dst) +*dst++ = v >> 10; v <<= 2; out2: -*dst++ = v >> 4; +if (end - dst) +*dst++ = v >> 4; out1: out0: return bits & 1 ? AVERROR_INVALIDDATA : out ? dst - out : 0; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] fftools/ffplay: Check return of swr_alloc_set_opts2()
ffmpeg | branch: master | Michael Niedermayer | Sun
Apr 28 01:10:50 2024 +0200| [f44f44155533822922f6d2f24e5c53c14e432612] |
committer: Michael Niedermayer
fftools/ffplay: Check return of swr_alloc_set_opts2()
This probably makes no difference but its more correct
Fixes: CID1503080 Unchecked return value
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f44f44155533822922f6d2f24e5c53c14e432612
---
fftools/ffplay.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/fftools/ffplay.c b/fftools/ffplay.c
index d4300d5d46..b9d11eecee 100644
--- a/fftools/ffplay.c
+++ b/fftools/ffplay.c
@@ -2391,12 +2391,13 @@ static int audio_decode_frame(VideoState *is)
av_channel_layout_compare(>frame->ch_layout,
>audio_src.ch_layout) ||
af->frame->sample_rate != is->audio_src.freq ||
(wanted_nb_samples != af->frame->nb_samples && !is->swr_ctx)) {
+int ret;
swr_free(>swr_ctx);
-swr_alloc_set_opts2(>swr_ctx,
+ret = swr_alloc_set_opts2(>swr_ctx,
>audio_tgt.ch_layout, is->audio_tgt.fmt,
is->audio_tgt.freq,
>frame->ch_layout, af->frame->format,
af->frame->sample_rate,
0, NULL);
-if (!is->swr_ctx || swr_init(is->swr_ctx) < 0) {
+if (ret < 0 || swr_init(is->swr_ctx) < 0) {
av_log(NULL, AV_LOG_ERROR,
"Cannot create sample rate converter for conversion of %d
Hz %s %d channels to %d Hz %s %d channels!\n",
af->frame->sample_rate,
av_get_sample_fmt_name(af->frame->format), af->frame->ch_layout.nb_channels,
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] tools/opt_common: Check for malloc failure
ffmpeg | branch: master | Michael Niedermayer | Sun
Apr 28 18:33:24 2024 +0200| [ba7038043a46420bc86b060dbb13b956ea50ac03] |
committer: Michael Niedermayer
tools/opt_common: Check for malloc failure
Fixes: CID1539100 Negative loop bound
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ba7038043a46420bc86b060dbb13b956ea50ac03
---
fftools/opt_common.c | 14 --
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/fftools/opt_common.c b/fftools/opt_common.c
index 947a226d8d..9d2d5184a0 100644
--- a/fftools/opt_common.c
+++ b/fftools/opt_common.c
@@ -724,10 +724,13 @@ int show_codecs(void *optctx, const char *opt, const char
*arg)
return 0;
}
-static void print_codecs(int encoder)
+static int print_codecs(int encoder)
{
const AVCodecDescriptor **codecs;
-unsigned i, nb_codecs = get_codecs_sorted();
+int i, nb_codecs = get_codecs_sorted();
+
+if (nb_codecs < 0)
+return nb_codecs;
printf("%s:\n"
" V. = Video\n"
@@ -762,18 +765,17 @@ static void print_codecs(int encoder)
}
}
av_free(codecs);
+return 0;
}
int show_decoders(void *optctx, const char *opt, const char *arg)
{
-print_codecs(0);
-return 0;
+return print_codecs(0);
}
int show_encoders(void *optctx, const char *opt, const char *arg)
{
-print_codecs(1);
-return 0;
+return print_codecs(1);
}
int show_bsfs(void *optctx, const char *opt, const char *arg)
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] doc/examples/demux_decode: Simplify loop
ffmpeg | branch: master | Michael Niedermayer | Wed Apr 24 03:08:14 2024 +0200| [91d27f7e02e5bec4b6e53cc7a7f15df8be017bb3] | committer: Michael Niedermayer doc/examples/demux_decode: Simplify loop Fixes: CID1463550 Logically dead code Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=91d27f7e02e5bec4b6e53cc7a7f15df8be017bb3 --- doc/examples/demux_decode.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/doc/examples/demux_decode.c b/doc/examples/demux_decode.c index f26611d8f4..64f5547bc4 100644 --- a/doc/examples/demux_decode.c +++ b/doc/examples/demux_decode.c @@ -138,11 +138,9 @@ static int decode_packet(AVCodecContext *dec, const AVPacket *pkt) ret = output_audio_frame(frame); av_frame_unref(frame); -if (ret < 0) -return ret; } -return 0; +return ret; } static int open_codec_context(int *stream_idx, ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/cbs_av1: Avoid shift overflow
ffmpeg | branch: master | Michael Niedermayer | Wed May 1 21:44:33 2024 +0200| [d7924a4f60f2088de1e6790345caba929eb97030] | committer: Michael Niedermayer avcodec/cbs_av1: Avoid shift overflow Fixes: CID1465488 Unintentional integer overflow Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d7924a4f60f2088de1e6790345caba929eb97030 --- libavcodec/cbs_av1.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/cbs_av1.c b/libavcodec/cbs_av1.c index 1d9ac5ab44..fb82996022 100644 --- a/libavcodec/cbs_av1.c +++ b/libavcodec/cbs_av1.c @@ -301,7 +301,7 @@ static int cbs_av1_write_increment(CodedBitstreamContext *ctx, PutBitContext *pb return AVERROR(ENOSPC); if (len > 0) -put_bits(pbc, len, (1 << len) - 1 - (value != range_max)); +put_bits(pbc, len, (1U << len) - 1 - (value != range_max)); CBS_TRACE_WRITE_END_NO_SUBSCRIPTS(); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/concatdec: Check file
ffmpeg | branch: master | Michael Niedermayer | Tue
Apr 30 00:47:31 2024 +0200| [a5d1497f33afa17b6a3578b66638e69bf8a558de] |
committer: Michael Niedermayer
avformat/concatdec: Check file
Fixes: null pointer dereference
Fixes: -stream_loop 1 -ss 00:00:05 -i zgclab/ffmpeg_crash/poc2 -codec:v copy
-codec:a aac -y output.mp4
Found-by: Wang Dawei and Zhou Geng, from Zhongguancun Laboratory
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a5d1497f33afa17b6a3578b66638e69bf8a558de
---
libavformat/concatdec.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/libavformat/concatdec.c b/libavformat/concatdec.c
index 493659649c..fe65d0c768 100644
--- a/libavformat/concatdec.c
+++ b/libavformat/concatdec.c
@@ -639,6 +639,11 @@ static int concat_parse_script(AVFormatContext *avf)
}
}
+if (!file) {
+ret = AVERROR_INVALIDDATA;
+goto fail;
+}
+
if (file->inpoint != AV_NOPTS_VALUE && file->outpoint != AV_NOPTS_VALUE) {
if (file->inpoint > file->outpoint ||
file->outpoint - (uint64_t)file->inpoint > INT64_MAX)
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] tools/target_enc_fuzzer: Only read pix_fmts if its set
ffmpeg | branch: master | Michael Niedermayer | Sun
May 5 03:14:26 2024 +0200| [24bd01ea65eb5a9902a0ce8e38f82dcec7117f87] |
committer: Michael Niedermayer
tools/target_enc_fuzzer: Only read pix_fmts if its set
Fixes: null pointer dereference
Fixes: rawvideo encoder
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=24bd01ea65eb5a9902a0ce8e38f82dcec7117f87
---
tools/target_enc_fuzzer.c | 10 ++
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/tools/target_enc_fuzzer.c b/tools/target_enc_fuzzer.c
index 1749f6905b..0345595ada 100644
--- a/tools/target_enc_fuzzer.c
+++ b/tools/target_enc_fuzzer.c
@@ -130,10 +130,12 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t
size) {
flags64 = bytestream2_get_le64();
-int npixfmts = 0;
-while (c->p.pix_fmts[npixfmts++] != AV_PIX_FMT_NONE)
-;
-ctx->pix_fmt = c->p.pix_fmts[bytestream2_get_byte() % npixfmts];
+if (c->p.pix_fmts) {
+int npixfmts = 0;
+while (c->p.pix_fmts[npixfmts++] != AV_PIX_FMT_NONE)
+;
+ctx->pix_fmt = c->p.pix_fmts[bytestream2_get_byte() %
npixfmts];
+}
switch (c->p.id) {
case AV_CODEC_ID_FFV1:{
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] tools/target_enc_fuzzer: replace assert by clean exit
ffmpeg | branch: master | Michael Niedermayer | Sun
May 5 03:08:48 2024 +0200| [c2918eb88ecb93764809bd158cddbb8d73f89db8] |
committer: Michael Niedermayer
tools/target_enc_fuzzer: replace assert by clean exit
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c2918eb88ecb93764809bd158cddbb8d73f89db8
---
tools/target_enc_fuzzer.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/tools/target_enc_fuzzer.c b/tools/target_enc_fuzzer.c
index 4357d37636..1749f6905b 100644
--- a/tools/target_enc_fuzzer.c
+++ b/tools/target_enc_fuzzer.c
@@ -89,7 +89,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
av_log_set_level(AV_LOG_PANIC);
}
-av_assert0(c->p.type == AVMEDIA_TYPE_VIDEO);
+if (c->p.type != AVMEDIA_TYPE_VIDEO)
+return 0;
maxpixels = maxpixels_per_frame * maxiteration;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/mpegvideo_enc: Fix 1 line and one column images
ffmpeg | branch: master | Michael Niedermayer | Mon Apr 8 18:38:42 2024 +0200| [96449cfeaeb95fcfd7a2b8d9ccf7719e97471ed1] | committer: Michael Niedermayer avcodec/mpegvideo_enc: Fix 1 line and one column images Fixes: Ticket10952 Fixes: poc21ffmpeg Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=96449cfeaeb95fcfd7a2b8d9ccf7719e97471ed1 --- libavcodec/mpegvideo_enc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/mpegvideo_enc.c b/libavcodec/mpegvideo_enc.c index 0e3255c0fb..2a75973ac4 100644 --- a/libavcodec/mpegvideo_enc.c +++ b/libavcodec/mpegvideo_enc.c @@ -1198,8 +1198,8 @@ static int load_input_picture(MpegEncContext *s, const AVFrame *pic_arg) ptrdiff_t dst_stride = i ? s->uvlinesize : s->linesize; int h_shift = i ? s->chroma_x_shift : 0; int v_shift = i ? s->chroma_y_shift : 0; -int w = s->width >> h_shift; -int h = s->height >> v_shift; +int w = AV_CEIL_RSHIFT(s->width , h_shift); +int h = AV_CEIL_RSHIFT(s->height, v_shift); const uint8_t *src = pic_arg->data[i]; uint8_t *dst = pic->f->data[i]; int vpad = 16; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/amrwbdec: assert mode to be valid in decode_fixed_vector()
ffmpeg | branch: master | Michael Niedermayer | Sun Apr 28 23:30:51 2024 +0200| [a3bb269db92601e2dc0e99352468d02f7b26c7c2] | committer: Michael Niedermayer avcodec/amrwbdec: assert mode to be valid in decode_fixed_vector() Inspired-by: CID1473499 Uninitialized scalar variable Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a3bb269db92601e2dc0e99352468d02f7b26c7c2 --- libavcodec/amrwbdec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/amrwbdec.c b/libavcodec/amrwbdec.c index 9d75b972fa..21a730b835 100644 --- a/libavcodec/amrwbdec.c +++ b/libavcodec/amrwbdec.c @@ -26,6 +26,7 @@ #include "config.h" +#include "libavutil/avassert.h" #include "libavutil/channel_layout.h" #include "libavutil/common.h" #include "libavutil/lfg.h" @@ -554,6 +555,8 @@ static void decode_fixed_vector(float *fixed_vector, const uint16_t *pulse_hi, decode_6p_track(sig_pos[i], (int) pulse_lo[i] + ((int) pulse_hi[i] << 11), 4, 1); break; +default: +av_assert2(0); } memset(fixed_vector, 0, sizeof(float) * AMRWB_SFR_SIZE); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] swscale/output: Fix integer overflow in yuv2rgba64_full_1_c_template()
ffmpeg | branch: master | Michael Niedermayer | Fri
Apr 26 05:08:36 2024 +0200| [1330a73ccadd855542ac4386f75fd72ff0ab5ea1] |
committer: Michael Niedermayer
swscale/output: Fix integer overflow in yuv2rgba64_full_1_c_template()
Fixes: signed integer overflow: -1082982400 + -1079364728 cannot be represented
in type 'int'
Fixes: 67910/clusterfuzz-testcase-minimized-ffmpeg_SWS_fuzzer-5329011971522560
The input is 9bit in 16bit, the fuzzer fills all 16bit thus generating
"invalid" input
No overflow should happen with valid input.
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1330a73ccadd855542ac4386f75fd72ff0ab5ea1
---
libswscale/output.c | 16
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/libswscale/output.c b/libswscale/output.c
index 0b6c77e167..b234f9c6b9 100644
--- a/libswscale/output.c
+++ b/libswscale/output.c
@@ -1429,7 +1429,7 @@ yuv2rgba64_full_1_c_template(SwsContext *c, const int32_t
*buf0,
if (uvalpha < 2048) {
for (i = 0; i < dstW; i++) {
-int Y = (buf0[i]) >> 2;
+SUINT Y = (buf0[i]) >> 2;
int U = (ubuf0[i] - (128 << 11)) >> 2;
int V = (vbuf0[i] - (128 << 11)) >> 2;
int R, G, B;
@@ -1448,9 +1448,9 @@ yuv2rgba64_full_1_c_template(SwsContext *c, const int32_t
*buf0,
G = V * c->yuv2rgb_v2g_coeff + U * c->yuv2rgb_u2g_coeff;
B =U * c->yuv2rgb_u2b_coeff;
-output_pixel([0], av_clip_uintp2(((R_B + Y) >> 14) + (1<<15),
16));
-output_pixel([1], av_clip_uintp2((( G + Y) >> 14) + (1<<15),
16));
-output_pixel([2], av_clip_uintp2(((B_R + Y) >> 14) + (1<<15),
16));
+output_pixel([0], av_clip_uintp2(((int)(R_B + Y) >> 14) +
(1<<15), 16));
+output_pixel([1], av_clip_uintp2(((int)( G + Y) >> 14) +
(1<<15), 16));
+output_pixel([2], av_clip_uintp2(((int)(B_R + Y) >> 14) +
(1<<15), 16));
if (eightbytes) {
output_pixel([3], av_clip_uintp2(A, 30) >> 14);
dest += 4;
@@ -1462,7 +1462,7 @@ yuv2rgba64_full_1_c_template(SwsContext *c, const int32_t
*buf0,
const int32_t *ubuf1 = ubuf[1], *vbuf1 = vbuf[1];
int A = 0x<<14;
for (i = 0; i < dstW; i++) {
-int Y = (buf0[i]) >> 2;
+SUINT Y = (buf0[i]) >> 2;
int U = (ubuf0[i] + ubuf1[i] - (128 << 12)) >> 3;
int V = (vbuf0[i] + vbuf1[i] - (128 << 12)) >> 3;
int R, G, B;
@@ -1481,9 +1481,9 @@ yuv2rgba64_full_1_c_template(SwsContext *c, const int32_t
*buf0,
G = V * c->yuv2rgb_v2g_coeff + U * c->yuv2rgb_u2g_coeff;
B =U * c->yuv2rgb_u2b_coeff;
-output_pixel([0], av_clip_uintp2(((R_B + Y) >> 14) + (1<<15),
16));
-output_pixel([1], av_clip_uintp2((( G + Y) >> 14) + (1<<15),
16));
-output_pixel([2], av_clip_uintp2(((B_R + Y) >> 14) + (1<<15),
16));
+output_pixel([0], av_clip_uintp2(((int)(R_B + Y) >> 14) +
(1<<15), 16));
+output_pixel([1], av_clip_uintp2(((int)( G + Y) >> 14) +
(1<<15), 16));
+output_pixel([2], av_clip_uintp2(((int)(B_R + Y) >> 14) +
(1<<15), 16));
if (eightbytes) {
output_pixel([3], av_clip_uintp2(A, 30) >> 14);
dest += 4;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/wavarc: fix integer overflow in decode_5elp() block type 2
ffmpeg | branch: master | Michael Niedermayer | Fri Apr 26 05:08:38 2024 +0200| [a2ec2bd49317ab16a3c30c0824efc580ea9a8aef] | committer: Michael Niedermayer avcodec/wavarc: fix integer overflow in decode_5elp() block type 2 Fixes: signed integer overflow: 2097152000 + 107142979 cannot be represented in type 'int' Fixes: 67919/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVARC_fuzzer-5955101769400320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a2ec2bd49317ab16a3c30c0824efc580ea9a8aef --- libavcodec/wavarc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/wavarc.c b/libavcodec/wavarc.c index b4b26958e6..93b76c43e8 100644 --- a/libavcodec/wavarc.c +++ b/libavcodec/wavarc.c @@ -689,7 +689,7 @@ static int decode_5elp(AVCodecContext *avctx, for (int o = 0; o < order; o++) sum += s->filter[ch][o] * (unsigned)samples[n + 70 - o - 1]; -samples[n + 70] += ac_out[n] + (sum >> 4); +samples[n + 70] += ac_out[n] + (unsigned)(sum >> 4); } for (int n = 0; n < 70; n++) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/dovi_rpuenc: Initialize bl_compat_id
ffmpeg | branch: master | Michael Niedermayer | Fri
May 3 22:43:22 2024 +0200| [c7075cdb676e217331d400bf2fb2c4a62268f649] |
committer: Michael Niedermayer
avcodec/dovi_rpuenc: Initialize bl_compat_id
Fixes: CID1596607 Uninitialized scalar variable
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c7075cdb676e217331d400bf2fb2c4a62268f649
---
libavcodec/dovi_rpuenc.c | 8 +---
1 file changed, 1 insertion(+), 7 deletions(-)
diff --git a/libavcodec/dovi_rpuenc.c b/libavcodec/dovi_rpuenc.c
index 3feaa04b9e..ad03e143ee 100644
--- a/libavcodec/dovi_rpuenc.c
+++ b/libavcodec/dovi_rpuenc.c
@@ -57,7 +57,7 @@ int ff_dovi_configure(DOVIContext *s, AVCodecContext *avctx)
AVDOVIDecoderConfigurationRecord *cfg;
const AVDOVIRpuDataHeader *hdr = NULL;
const AVFrameSideData *sd;
-int dv_profile, dv_level, bl_compat_id;
+int dv_profile, dv_level, bl_compat_id = -1;
size_t cfg_size;
uint64_t pps;
@@ -94,9 +94,6 @@ int ff_dovi_configure(DOVIContext *s, AVCodecContext *avctx)
}
switch (dv_profile) {
-case 0: /* None */
-bl_compat_id = -1;
-break;
case 4: /* HEVC with enhancement layer */
case 7:
if (s->enable > 0) {
@@ -130,9 +127,6 @@ int ff_dovi_configure(DOVIContext *s, AVCodecContext *avctx)
avctx->color_primaries == AVCOL_PRI_BT709 &&
avctx->color_trc == AVCOL_TRC_BT709) {
bl_compat_id = 2;
-} else {
-/* Not a valid colorspace combination */
-bl_compat_id = -1;
}
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] swscale/output: Fix integer overflow in yuv2rgba64_1_c_template
ffmpeg | branch: master | Michael Niedermayer | Fri
Apr 26 05:08:35 2024 +0200| [a56559e688ffde40fcda5588123ffcb978da86d7] |
committer: Michael Niedermayer
swscale/output: Fix integer overflow in yuv2rgba64_1_c_template
Fixes: signed integer overflow: -831176 * 9539 cannot be represented in type
'int'
Fixes: 67869/clusterfuzz-testcase-minimized-ffmpeg_SWS_fuzzer-5117342091640832
The input is 9bit in 16bit, the fuzzer fills all 16bit thus generating
"invalid" input
No overflow should happen with valid input.
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a56559e688ffde40fcda5588123ffcb978da86d7
---
libswscale/output.c | 44 ++--
1 file changed, 22 insertions(+), 22 deletions(-)
diff --git a/libswscale/output.c b/libswscale/output.c
index 8849a3201a..0b6c77e167 100644
--- a/libswscale/output.c
+++ b/libswscale/output.c
@@ -1207,8 +1207,8 @@ yuv2rgba64_1_c_template(SwsContext *c, const int32_t
*buf0,
if (uvalpha < 2048) {
for (i = 0; i < ((dstW + 1) >> 1); i++) {
-int Y1 = (buf0[i * 2]) >> 2;
-int Y2 = (buf0[i * 2 + 1]) >> 2;
+SUINT Y1 = (buf0[i * 2]) >> 2;
+SUINT Y2 = (buf0[i * 2 + 1]) >> 2;
int U = (ubuf0[i] - (128 << 11)) >> 2;
int V = (vbuf0[i] - (128 << 11)) >> 2;
int R, G, B;
@@ -1232,20 +1232,20 @@ yuv2rgba64_1_c_template(SwsContext *c, const int32_t
*buf0,
G = V * c->yuv2rgb_v2g_coeff + U * c->yuv2rgb_u2g_coeff;
B =U * c->yuv2rgb_u2b_coeff;
-output_pixel([0], av_clip_uintp2(((R_B + Y1) >> 14) +
(1<<15), 16));
-output_pixel([1], av_clip_uintp2((( G + Y1) >> 14) +
(1<<15), 16));
-output_pixel([2], av_clip_uintp2(((B_R + Y1) >> 14) +
(1<<15), 16));
+output_pixel([0], av_clip_uintp2(((int)(R_B + Y1) >> 14) +
(1<<15), 16));
+output_pixel([1], av_clip_uintp2(((int)( G + Y1) >> 14) +
(1<<15), 16));
+output_pixel([2], av_clip_uintp2(((int)(B_R + Y1) >> 14) +
(1<<15), 16));
if (eightbytes) {
output_pixel([3], av_clip_uintp2(A1 , 30) >> 14);
-output_pixel([4], av_clip_uintp2(((R_B + Y2) >> 14) +
(1<<15), 16));
-output_pixel([5], av_clip_uintp2((( G + Y2) >> 14) +
(1<<15), 16));
-output_pixel([6], av_clip_uintp2(((B_R + Y2) >> 14) +
(1<<15), 16));
+output_pixel([4], av_clip_uintp2(((int)(R_B + Y2) >> 14)
+ (1<<15), 16));
+output_pixel([5], av_clip_uintp2(((int)( G + Y2) >> 14)
+ (1<<15), 16));
+output_pixel([6], av_clip_uintp2(((int)(B_R + Y2) >> 14)
+ (1<<15), 16));
output_pixel([7], av_clip_uintp2(A2 , 30) >> 14);
dest += 8;
} else {
-output_pixel([3], av_clip_uintp2(((R_B + Y2) >> 14) +
(1<<15), 16));
-output_pixel([4], av_clip_uintp2((( G + Y2) >> 14) +
(1<<15), 16));
-output_pixel([5], av_clip_uintp2(((B_R + Y2) >> 14) +
(1<<15), 16));
+output_pixel([3], av_clip_uintp2(((int)(R_B + Y2) >> 14)
+ (1<<15), 16));
+output_pixel([4], av_clip_uintp2(((int)( G + Y2) >> 14)
+ (1<<15), 16));
+output_pixel([5], av_clip_uintp2(((int)(B_R + Y2) >> 14)
+ (1<<15), 16));
dest += 6;
}
}
@@ -1253,8 +1253,8 @@ yuv2rgba64_1_c_template(SwsContext *c, const int32_t
*buf0,
const int32_t *ubuf1 = ubuf[1], *vbuf1 = vbuf[1];
int A1 = 0x<<14, A2 = 0x<<14;
for (i = 0; i < ((dstW + 1) >> 1); i++) {
-int Y1 = (buf0[i * 2]) >> 2;
-int Y2 = (buf0[i * 2 + 1]) >> 2;
+SUINT Y1 = (buf0[i * 2]) >> 2;
+SUINT Y2 = (buf0[i * 2 + 1]) >> 2;
int U = (ubuf0[i] + ubuf1[i] - (128 << 12)) >> 3;
int V = (vbuf0[i] + vbuf1[i] - (128 << 12)) >> 3;
int R, G, B;
@@ -1278,20 +1278,20 @@ yuv2rgba64_1_c_template(SwsContext *c, const int32_t
*buf0,
G = V * c->yuv2rgb_v2g_coeff + U * c->yuv2rgb_u2g_coeff;
B =U * c->yuv2rgb_u2b_coeff;
-output_pixel([0], av_clip_uintp2(((R_B + Y1) >> 14) +
(1<<15), 16));
-output_pixel([1], av_clip_uintp2((( G + Y1) >> 14) +
(1<<15), 16))
[FFmpeg-cvslog] avcodec/av1dec: bit_depth cannot be another values than 8,10,12
ffmpeg | branch: master | Michael Niedermayer | Wed
May 1 13:10:57 2024 +0200| [fd7d24fa3f39fc1013fb0d06b42c98b8ff1f8942] |
committer: Michael Niedermayer
avcodec/av1dec: bit_depth cannot be another values than 8,10,12
Fixes: CID1544265 Logically dead code
Sponsored-by: Sovereign Tech Fund
Reviewed-by: James Almer
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fd7d24fa3f39fc1013fb0d06b42c98b8ff1f8942
---
libavcodec/av1dec.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/libavcodec/av1dec.c b/libavcodec/av1dec.c
index 75cc3fba48..2666134f67 100644
--- a/libavcodec/av1dec.c
+++ b/libavcodec/av1dec.c
@@ -493,7 +493,7 @@ static enum AVPixelFormat get_sw_pixel_format(void *logctx,
else if (bit_depth == 12)
pix_fmt = AV_PIX_FMT_YUV444P12;
else
-av_log(logctx, AV_LOG_WARNING, "Unknown AV1 pixel format.\n");
+av_assert0(0);
} else if (seq->color_config.subsampling_x == 1 &&
seq->color_config.subsampling_y == 0) {
if (bit_depth == 8)
@@ -503,7 +503,7 @@ static enum AVPixelFormat get_sw_pixel_format(void *logctx,
else if (bit_depth == 12)
pix_fmt = AV_PIX_FMT_YUV422P12;
else
-av_log(logctx, AV_LOG_WARNING, "Unknown AV1 pixel format.\n");
+av_assert0(0);
} else if (seq->color_config.subsampling_x == 1 &&
seq->color_config.subsampling_y == 1) {
if (bit_depth == 8)
@@ -513,7 +513,7 @@ static enum AVPixelFormat get_sw_pixel_format(void *logctx,
else if (bit_depth == 12)
pix_fmt = AV_PIX_FMT_YUV420P12;
else
-av_log(logctx, AV_LOG_WARNING, "Unknown AV1 pixel format.\n");
+av_assert0(0);
}
} else {
if (bit_depth == 8)
@@ -523,7 +523,7 @@ static enum AVPixelFormat get_sw_pixel_format(void *logctx,
else if (bit_depth == 12)
pix_fmt = AV_PIX_FMT_GRAY12;
else
-av_log(logctx, AV_LOG_WARNING, "Unknown AV1 pixel format.\n");
+av_assert0(0);
}
return pix_fmt;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/avs3_parser: assert the return value of init_get_bits()
ffmpeg | branch: master | Michael Niedermayer | Wed May 1 21:17:25 2024 +0200| [f9218e4d52e16494ed816651a110dfe0ad22638c] | committer: Michael Niedermayer avcodec/avs3_parser: assert the return value of init_get_bits() Fixes: CID1492867 Unchecked return value Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f9218e4d52e16494ed816651a110dfe0ad22638c --- libavcodec/avs3_parser.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/avs3_parser.c b/libavcodec/avs3_parser.c index a819b5783d..ea495b1c7c 100644 --- a/libavcodec/avs3_parser.c +++ b/libavcodec/avs3_parser.c @@ -73,7 +73,8 @@ static void parse_avs3_nal_units(AVCodecParserContext *s, const uint8_t *buf, GetBitContext gb; int profile, ratecode, low_delay; -init_get_bits8(, buf + 4, buf_size - 4); +av_unused int ret = init_get_bits(, buf + 4, 100); +av_assert1(ret >= 0); s->key_frame = 1; s->pict_type = AV_PICTURE_TYPE_I; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/av1dec: Change bit_depth to int
ffmpeg | branch: master | Michael Niedermayer | Fri
May 3 00:10:01 2024 +0200| [69b4d9736b0d0ad01c41fcae2d66eaa534b76969] |
committer: Michael Niedermayer
avcodec/av1dec: Change bit_depth to int
Suggested-by: James Almer
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=69b4d9736b0d0ad01c41fcae2d66eaa534b76969
---
libavcodec/av1dec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/av1dec.c b/libavcodec/av1dec.c
index 2666134f67..79a87f41c9 100644
--- a/libavcodec/av1dec.c
+++ b/libavcodec/av1dec.c
@@ -469,7 +469,7 @@ static int get_tiles_info(AVCodecContext *avctx, const
AV1RawTileGroup *tile_gro
static enum AVPixelFormat get_sw_pixel_format(void *logctx,
const AV1RawSequenceHeader *seq)
{
-uint8_t bit_depth;
+int bit_depth;
enum AVPixelFormat pix_fmt = AV_PIX_FMT_NONE;
if (seq->seq_profile == 2 && seq->color_config.high_bitdepth)
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/avs2_parser: Assert init_get_bits8() success with const size 15
ffmpeg | branch: master | Michael Niedermayer | Wed May 1 15:50:56 2024 +0200| [a7c4f119c91bcb3791a3c242ee61a5c60379db4f] | committer: Michael Niedermayer avcodec/avs2_parser: Assert init_get_bits8() success with const size 15 Fixes: CID1506708 Unchecked return value Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a7c4f119c91bcb3791a3c242ee61a5c60379db4f --- libavcodec/avs2_parser.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavcodec/avs2_parser.c b/libavcodec/avs2_parser.c index 200134f91d..0d68ab1d00 100644 --- a/libavcodec/avs2_parser.c +++ b/libavcodec/avs2_parser.c @@ -72,13 +72,15 @@ static void parse_avs2_seq_header(AVCodecParserContext *s, const uint8_t *buf, unsigned aspect_ratio; unsigned frame_rate_code; int low_delay; +av_unused int ret; // update buf_size_min if parse more deeper const int buf_size_min = 15; if (buf_size < buf_size_min) return; -init_get_bits8(, buf, buf_size_min); +ret = init_get_bits8(, buf, buf_size_min); +av_assert1(ret >= 0); s->key_frame = 1; s->pict_type = AV_PICTURE_TYPE_I; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/iamfdec: check nb_streams in header read
ffmpeg | branch: release/7.0 | Michael Niedermayer | Sat Apr 27 20:51:45 2024 +0200| [da8b2f9704438b80404a97e45015a3881452d6f5] | committer: James Almer avformat/iamfdec: check nb_streams in header read Fixes: Assertion pkt->stream_index < (unsigned)s->nb_streams && "Invalid stream index.\n" failed at libavformat/demux.c:572 Fixes: 67890/clusterfuzz-testcase-minimized-ffmpeg_dem_IAMF_fuzzer-5166340789829632.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: James Almer Signed-off-by: Michael Niedermayer (cherry picked from commit 9f54c13bc4650c59fe2ffb04f5b85145f196fbb7) > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=da8b2f9704438b80404a97e45015a3881452d6f5 --- libavformat/iamfdec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/iamfdec.c b/libavformat/iamfdec.c index e34d13e74c..ce6d4aa064 100644 --- a/libavformat/iamfdec.c +++ b/libavformat/iamfdec.c @@ -154,6 +154,9 @@ static int iamf_read_header(AVFormatContext *s) } } +if (!s->nb_streams) +return AVERROR_INVALIDDATA; + return 0; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avfilter/avfiltergraph: return value of ff_request_frame() is unused
ffmpeg | branch: master | Michael Niedermayer | Mon Apr 22 02:53:51 2024 +0200| [e757726e89ff636e0dc6743f635888639a196e36] | committer: Michael Niedermayer avfilter/avfiltergraph: return value of ff_request_frame() is unused Fixes: CID1397741 Unchecked return value Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e757726e89ff636e0dc6743f635888639a196e36 --- libavfilter/avfiltergraph.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavfilter/avfiltergraph.c b/libavfilter/avfiltergraph.c index 0c569eb218..bd3bed9a35 100644 --- a/libavfilter/avfiltergraph.c +++ b/libavfilter/avfiltergraph.c @@ -1410,7 +1410,7 @@ int avfilter_graph_request_oldest(AVFilterGraph *graph) if (r == AVERROR(EAGAIN) && !oldest->frame_wanted_out && !oldesti->frame_blocked_in && !oldesti->status_in) -ff_request_frame(oldest); +(void)ff_request_frame(oldest); else if (r < 0) return r; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/iamfdec: check nb_streams in header read
ffmpeg | branch: master | Michael Niedermayer | Sat Apr 27 20:51:45 2024 +0200| [9f54c13bc4650c59fe2ffb04f5b85145f196fbb7] | committer: Michael Niedermayer avformat/iamfdec: check nb_streams in header read Fixes: Assertion pkt->stream_index < (unsigned)s->nb_streams && "Invalid stream index.\n" failed at libavformat/demux.c:572 Fixes: 67890/clusterfuzz-testcase-minimized-ffmpeg_dem_IAMF_fuzzer-5166340789829632.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: James Almer Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9f54c13bc4650c59fe2ffb04f5b85145f196fbb7 --- libavformat/iamfdec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/iamfdec.c b/libavformat/iamfdec.c index e34d13e74c..ce6d4aa064 100644 --- a/libavformat/iamfdec.c +++ b/libavformat/iamfdec.c @@ -154,6 +154,9 @@ static int iamf_read_header(AVFormatContext *s) } } +if (!s->nb_streams) +return AVERROR_INVALIDDATA; + return 0; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/mxfdec: Check body_offset
ffmpeg | branch: master | Michael Niedermayer | Fri
Apr 26 03:46:33 2024 +0200| [20a6bfda0f7c6447ac94611736cee6e9ce6972a0] |
committer: Michael Niedermayer
avformat/mxfdec: Check body_offset
Fixes: signed integer overflow: 538976288 - -9223372036315799520 cannot be
represented in type 'long'
Fixes:
68060/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-5523457266745344
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Tomas Härdin
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=20a6bfda0f7c6447ac94611736cee6e9ce6972a0
---
libavformat/mxfdec.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
index 233d614f78..e65cec74c2 100644
--- a/libavformat/mxfdec.c
+++ b/libavformat/mxfdec.c
@@ -791,6 +791,9 @@ static int mxf_read_partition_pack(void *arg, AVIOContext
*pb, int tag, int size
partition->index_sid = avio_rb32(pb);
partition->body_offset = avio_rb64(pb);
partition->body_sid = avio_rb32(pb);
+if (partition->body_offset < 0)
+return AVERROR_INVALIDDATA;
+
if (avio_read(pb, op, sizeof(UID)) != sizeof(UID)) {
av_log(mxf->fc, AV_LOG_ERROR, "Failed reading UID\n");
return AVERROR_INVALIDDATA;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/ac3_parser: Check init_get_bits8() for failure
ffmpeg | branch: master | Michael Niedermayer | Sun Apr 28 21:09:45 2024 +0200| [63415168dbd96475372e37ae0fd47bafe151e2f0] | committer: Michael Niedermayer avcodec/ac3_parser: Check init_get_bits8() for failure Fixes: CID1420393 Unchecked return value Sponsored-by: Sovereign Tech Fund Reviewed-by: Lynne Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=63415168dbd96475372e37ae0fd47bafe151e2f0 --- libavcodec/ac3_parser.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavcodec/ac3_parser.c b/libavcodec/ac3_parser.c index 4152fd4e01..4e0ba73481 100644 --- a/libavcodec/ac3_parser.c +++ b/libavcodec/ac3_parser.c @@ -204,7 +204,9 @@ int av_ac3_parse_header(const uint8_t *buf, size_t size, AC3HeaderInfo hdr; int err; -init_get_bits8(, buf, size); +err = init_get_bits8(, buf, size); +if (err < 0) +return AVERROR_INVALIDDATA; err = ff_ac3_parse_header(, ); if (err < 0) return AVERROR_INVALIDDATA; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/kvag: Check sample_rate
ffmpeg | branch: master | Michael Niedermayer | Mon
Apr 29 23:44:25 2024 +0200| [c26a762ea1bf028a33554a5f7a18d8dd7d82f5a8] |
committer: Michael Niedermayer
avformat/kvag: Check sample_rate
Fixes: Division by 0
Fixes: -copyts -start_at_zero -itsoffset 00:00:01 -itsscale 1 -ss 00:00:02 -i
zgclab/ffmpeg_crash/poc1 output.mp4
Found-by: Wang Dawei and Zhou Geng, from Zhongguancun Laboratory
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c26a762ea1bf028a33554a5f7a18d8dd7d82f5a8
---
libavformat/kvag.c | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/libavformat/kvag.c b/libavformat/kvag.c
index 1d0aee0994..b55aa893ec 100644
--- a/libavformat/kvag.c
+++ b/libavformat/kvag.c
@@ -38,7 +38,7 @@
typedef struct KVAGHeader {
uint32_tmagic;
uint32_tdata_size;
-uint32_tsample_rate;
+intsample_rate;
uint16_tstereo;
} KVAGHeader;
@@ -70,6 +70,9 @@ static int kvag_read_header(AVFormatContext *s)
hdr.sample_rate = AV_RL32(buf + 8);
hdr.stereo = AV_RL16(buf + 12);
+if (hdr.sample_rate <= 0)
+return AVERROR_INVALIDDATA;
+
par = st->codecpar;
par->codec_type = AVMEDIA_TYPE_AUDIO;
par->codec_id = AV_CODEC_ID_ADPCM_IMA_SSI;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/atrac9dec: Check init_get_bits8() for failure
ffmpeg | branch: master | Michael Niedermayer | Sun
Apr 28 22:57:53 2024 +0200| [615c994739cacbeb0a2f48f8271d911fcd0b4303] |
committer: Michael Niedermayer
avcodec/atrac9dec: Check init_get_bits8() for failure
Fixes: CID1439569 Unchecked return value
Fixes: CID1439578 Unchecked return value
Sponsored-by: Sovereign Tech Fund
Reviewed-by: Lynne
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=615c994739cacbeb0a2f48f8271d911fcd0b4303
---
libavcodec/atrac9dec.c | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/libavcodec/atrac9dec.c b/libavcodec/atrac9dec.c
index df68407af9..e375f46fd0 100644
--- a/libavcodec/atrac9dec.c
+++ b/libavcodec/atrac9dec.c
@@ -802,7 +802,9 @@ static int atrac9_decode_frame(AVCodecContext *avctx,
AVFrame *frame,
if (ret < 0)
return ret;
-init_get_bits8(, avpkt->data, avpkt->size);
+ret = init_get_bits8(, avpkt->data, avpkt->size);
+if (ret < 0)
+return ret;
for (int i = 0; i < frames; i++) {
for (int j = 0; j < s->block_config->count; j++) {
@@ -922,7 +924,9 @@ static av_cold int atrac9_decode_init(AVCodecContext *avctx)
return AVERROR_INVALIDDATA;
}
-init_get_bits8(, avctx->extradata + 4, avctx->extradata_size);
+err = init_get_bits8(, avctx->extradata + 4, avctx->extradata_size);
+if (err < 0)
+return err;
if (get_bits(, 8) != 0xFE) {
av_log(avctx, AV_LOG_ERROR, "Incorrect magic byte!\n");
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/vp3: Call ff_progress_frame_unref() before ff_progress_frame_get_buffer()
ffmpeg | branch: master | Michael Niedermayer | Fri
Apr 26 23:46:38 2024 +0200| [d9699464c3b2b2b02f21d60ead49c8eb829052fb] |
committer: Michael Niedermayer
avcodec/vp3: Call ff_progress_frame_unref() before
ff_progress_frame_get_buffer()
Fixes: Assertion !f->f && !f->progress failed at libavcodec/decode.c:1688
Fixes:
68190/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THEORA_fuzzer-5942090287611904
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d9699464c3b2b2b02f21d60ead49c8eb829052fb
---
libavcodec/vp3.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c
index 2a5f68dfa8..0952760776 100644
--- a/libavcodec/vp3.c
+++ b/libavcodec/vp3.c
@@ -2651,6 +2651,7 @@ static int vp3_decode_frame(AVCodecContext *avctx,
AVFrame *frame,
if (avctx->skip_frame >= AVDISCARD_NONKEY && !s->keyframe)
return buf_size;
+ff_progress_frame_unref(>current_frame);
ret = ff_progress_frame_get_buffer(avctx, >current_frame,
AV_GET_BUFFER_FLAG_REF);
if (ret < 0) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/pngdec: Check last AVFrame before deref
ffmpeg | branch: master | Michael Niedermayer | Fri
Apr 26 23:22:53 2024 +0200| [091fdce87e88c8622d8af89ffa6cbb0dc20c3816] |
committer: Michael Niedermayer
avcodec/pngdec: Check last AVFrame before deref
Fixes: NULL pointer dereference
Fixes:
68184/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APNG_fuzzer-4926478069334016
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=091fdce87e88c8622d8af89ffa6cbb0dc20c3816
---
libavcodec/pngdec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c
index f7751223b8..8934a95a7f 100644
--- a/libavcodec/pngdec.c
+++ b/libavcodec/pngdec.c
@@ -1218,7 +1218,7 @@ static int decode_fctl_chunk(AVCodecContext *avctx,
PNGDecContext *s,
return AVERROR_INVALIDDATA;
}
-if ((sequence_number == 0 || !s->last_picture.f->data[0]) &&
+if ((sequence_number == 0 || !s->last_picture.f) &&
dispose_op == APNG_DISPOSE_OP_PREVIOUS) {
// No previous frame to revert to for the first frame
// Spec says to just treat it as a APNG_DISPOSE_OP_BACKGROUND
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/hevcdec: Check ref frame
ffmpeg | branch: master | Michael Niedermayer | Sat
Apr 27 00:09:02 2024 +0200| [5eb05f44503da3fdff82f1fed8ee2706d9841a9a] |
committer: Michael Niedermayer
avcodec/hevcdec: Check ref frame
Fixes: NULL pointer dereferences
Fixes:
68197/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-6382538823106560
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5eb05f44503da3fdff82f1fed8ee2706d9841a9a
---
libavcodec/hevcdec.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/hevcdec.c b/libavcodec/hevcdec.c
index fcfb275f63..b41dc46053 100644
--- a/libavcodec/hevcdec.c
+++ b/libavcodec/hevcdec.c
@@ -1969,13 +1969,13 @@ static void hls_prediction_unit(HEVCLocalContext *lc,
int x0, int y0,
if (current_mv.pred_flag & PF_L0) {
ref0 = refPicList[0].ref[current_mv.ref_idx[0]];
-if (!ref0 || !ref0->frame->data[0])
+if (!ref0 || !ref0->frame)
return;
hevc_await_progress(s, ref0, _mv.mv[0], y0, nPbH);
}
if (current_mv.pred_flag & PF_L1) {
ref1 = refPicList[1].ref[current_mv.ref_idx[1]];
-if (!ref1 || !ref1->frame->data[0])
+if (!ref1 || !ref1->frame)
return;
hevc_await_progress(s, ref1, _mv.mv[1], y0, nPbH);
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] doc/examples/qsv_transcode: Initialize pointer before free
ffmpeg | branch: master | Michael Niedermayer | Wed
Apr 24 03:30:20 2024 +0200| [cae0f2bc550312c99655057f8ffab5b59556ceeb] |
committer: Michael Niedermayer
doc/examples/qsv_transcode: Initialize pointer before free
Fixees: CID1517023 Uninitialized pointer read
Sponsored-by: Sovereign Tech Fund
Reviewed-by: "Xiang, Haihao"
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cae0f2bc550312c99655057f8ffab5b59556ceeb
---
doc/examples/qsv_transcode.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/doc/examples/qsv_transcode.c b/doc/examples/qsv_transcode.c
index 8e843ddd84..665a76af2e 100644
--- a/doc/examples/qsv_transcode.c
+++ b/doc/examples/qsv_transcode.c
@@ -342,7 +342,7 @@ int main(int argc, char **argv)
{
const AVCodec *enc_codec;
int ret = 0;
-AVPacket *dec_pkt;
+AVPacket *dec_pkt = NULL;
if (argc < 5 || (argc - 5) % 2) {
av_log(NULL, AV_LOG_ERROR, "Usage: %s "
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] doc/examples/qsv_transcode: Simplify str_to_dict() loop
ffmpeg | branch: master | Michael Niedermayer | Wed Apr 24 03:28:00 2024 +0200| [191950d1bfc3924d1b54f236b2c35149ba4487a1] | committer: Michael Niedermayer doc/examples/qsv_transcode: Simplify str_to_dict() loop Fixes: CID1517022 Logically dead code Sponsored-by: Sovereign Tech Fund Reviewed-by: "Xiang, Haihao" Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=191950d1bfc3924d1b54f236b2c35149ba4487a1 --- doc/examples/qsv_transcode.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/doc/examples/qsv_transcode.c b/doc/examples/qsv_transcode.c index a4440a3403..8e843ddd84 100644 --- a/doc/examples/qsv_transcode.c +++ b/doc/examples/qsv_transcode.c @@ -76,8 +76,7 @@ static int str_to_dict(char* optstr, AVDictionary **opt) if (value == NULL) return AVERROR(EINVAL); av_dict_set(opt, key, value, 0); -} while(key != NULL); -return 0; +} while(1); } static int dynamic_set_parameter(AVCodecContext *avctx) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] doc/examples/vaapi_transcode: Simplify loop
ffmpeg | branch: master | Michael Niedermayer | Wed Apr 24 03:20:38 2024 +0200| [c9c11a0866d45827201b034349bceb2dc58a3499] | committer: Michael Niedermayer doc/examples/vaapi_transcode: Simplify loop Fixes: CID1428858(1/2) Logically dead code Sponsored-by: Sovereign Tech Fund Reviewed-by: "myp...@gmail.com" Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c9c11a0866d45827201b034349bceb2dc58a3499 --- doc/examples/vaapi_transcode.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/doc/examples/vaapi_transcode.c b/doc/examples/vaapi_transcode.c index 8367cb3040..e1b7a43883 100644 --- a/doc/examples/vaapi_transcode.c +++ b/doc/examples/vaapi_transcode.c @@ -215,10 +215,8 @@ static int dec_enc(AVPacket *pkt, const AVCodec *enc_codec) fail: av_frame_free(); -if (ret < 0) -return ret; } -return 0; +return ret; } int main(int argc, char **argv) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
