[FFmpeg-cvslog] avcodec/mscc & mwsc: Check loop counts before use
ffmpeg | branch: release/7.0 | Michael Niedermayer | Sun May 12 00:43:48 2024 +0200| [a49a8dc0d69b916b856f57e9fb48aef1b4243751] | committer: Michael Niedermayer avcodec/mscc & mwsc: Check loop counts before use This could cause timeouts Fixes: CID1439568 Untrusted loop bound Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer (cherry picked from commit e35fe3d8b9e345527a05b1ae958ac851fe09f1ed) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a49a8dc0d69b916b856f57e9fb48aef1b4243751 --- libavcodec/mscc.c | 6 ++ libavcodec/mwsc.c | 11 +++ 2 files changed, 17 insertions(+) diff --git a/libavcodec/mscc.c b/libavcodec/mscc.c index d1d23e6751..e467b48baf 100644 --- a/libavcodec/mscc.c +++ b/libavcodec/mscc.c @@ -53,6 +53,9 @@ static int rle_uncompress(AVCodecContext *avctx, GetByteContext *gb, PutByteCont unsigned run = bytestream2_get_byte(gb); if (run) { +if (bytestream2_get_bytes_left_p(pb) < run * s->bpp) +return AVERROR_INVALIDDATA; + switch (avctx->bits_per_coded_sample) { case 8: fill = bytestream2_get_byte(gb); @@ -101,6 +104,9 @@ static int rle_uncompress(AVCodecContext *avctx, GetByteContext *gb, PutByteCont bytestream2_seek_p(pb, y * avctx->width * s->bpp + x * s->bpp, SEEK_SET); } else { +if (bytestream2_get_bytes_left_p(pb) < copy * s->bpp) +return AVERROR_INVALIDDATA; + for (j = 0; j < copy; j++) { switch (avctx->bits_per_coded_sample) { case 8: diff --git a/libavcodec/mwsc.c b/libavcodec/mwsc.c index f8c53c33ff..a7e8702580 100644 --- a/libavcodec/mwsc.c +++ b/libavcodec/mwsc.c @@ -50,6 +50,10 @@ static int rle_uncompress(GetByteContext *gb, PutByteContext *pb, GetByteContext if (run == 0) { run = bytestream2_get_le32(gb); + +if (bytestream2_tell_p(pb) + width - w < run) +return AVERROR_INVALIDDATA; + for (int j = 0; j < run; j++, w++) { if (w == width) { w = 0; @@ -61,6 +65,10 @@ static int rle_uncompress(GetByteContext *gb, PutByteContext *pb, GetByteContext int pos = bytestream2_tell_p(pb); bytestream2_seek(gbp, pos, SEEK_SET); + +if (pos + width - w < fill) +return AVERROR_INVALIDDATA; + for (int j = 0; j < fill; j++, w++) { if (w == width) { w = 0; @@ -72,6 +80,9 @@ static int rle_uncompress(GetByteContext *gb, PutByteContext *pb, GetByteContext intra = 0; } else { +if (bytestream2_tell_p(pb) + width - w < run) +return AVERROR_INVALIDDATA; + for (int j = 0; j < run; j++, w++) { if (w == width) { w = 0; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/mpeg4videodec: assert impossible wrap points
ffmpeg | branch: release/7.0 | Michael Niedermayer | Sat May 11 22:08:21 2024 +0200| [b4fdbbe6aa805d867258e5fadc1b8682b0a65d4c] | committer: Michael Niedermayer avcodec/mpeg4videodec: assert impossible wrap points Helps: CID1473517 Uninitialized scalar variable Helps: CID1473497 Uninitialized scalar variable Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer (cherry picked from commit 8fc649b931a3cbc3a2dd9b50b75a9261a2fb4b49) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b4fdbbe6aa805d867258e5fadc1b8682b0a65d4c --- libavcodec/mpeg4videodec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/mpeg4videodec.c b/libavcodec/mpeg4videodec.c index 07de5d6d91..04a9ae504e 100644 --- a/libavcodec/mpeg4videodec.c +++ b/libavcodec/mpeg4videodec.c @@ -597,6 +597,8 @@ static int mpeg4_decode_sprite_trajectory(Mpeg4DecContext *ctx, GetBitContext *g ctx->sprite_shift[0] = alpha + beta + rho - min_ab; ctx->sprite_shift[1] = alpha + beta + rho - min_ab + 2; break; +default: +av_assert0(0); } /* try to simplify the situation */ if (sprite_delta[0][0] == a << ctx->sprite_shift[0] && ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/mpegvideo_enc: Fix potential overflow in RD
ffmpeg | branch: release/7.0 | Michael Niedermayer | Sun May 12 00:13:58 2024 +0200| [435b74c6a5d4e457d9526aa21e7a6e68926bf52c] | committer: Michael Niedermayer avcodec/mpegvideo_enc: Fix potential overflow in RD Fixes: CID1500285 Unintentional integer overflow Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer (cherry picked from commit b6b2b01025e016ce29e5add57305384a663edcfc) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=435b74c6a5d4e457d9526aa21e7a6e68926bf52c --- libavcodec/mpegvideo_enc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/mpegvideo_enc.c b/libavcodec/mpegvideo_enc.c index 9d048e3dec..c4c174a02e 100644 --- a/libavcodec/mpegvideo_enc.c +++ b/libavcodec/mpegvideo_enc.c @@ -1433,7 +1433,7 @@ static int estimate_best_b_count(MpegEncContext *s) goto fail; } -rd += (out_size * lambda2) >> (FF_LAMBDA_SHIFT - 3); +rd += (out_size * (uint64_t)lambda2) >> (FF_LAMBDA_SHIFT - 3); } /* get the delayed frames */ @@ -1442,7 +1442,7 @@ static int estimate_best_b_count(MpegEncContext *s) ret = out_size; goto fail; } -rd += (out_size * lambda2) >> (FF_LAMBDA_SHIFT - 3); +rd += (out_size * (uint64_t)lambda2) >> (FF_LAMBDA_SHIFT - 3); rd += c->error[0] + c->error[1] + c->error[2]; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/mpeg12dec: Use 64bit in bit computation
ffmpeg | branch: release/7.0 | Michael Niedermayer | Sat May 11 21:04:00 2024 +0200| [39da4ac79b3446d4ce0878b9eee5416b90655fcd] | committer: Michael Niedermayer avcodec/mpeg12dec: Use 64bit in bit computation I dont think this can actually overflow but 64bit seems reasonable to use Fixes: CID1521983 Unintentional integer overflow Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer (cherry picked from commit 4c725df059dd9a5f2071e204924105b3ceb74cbc) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=39da4ac79b3446d4ce0878b9eee5416b90655fcd --- libavcodec/mpeg12dec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/mpeg12dec.c b/libavcodec/mpeg12dec.c index 4ad1eb6572..d05d6355e0 100644 --- a/libavcodec/mpeg12dec.c +++ b/libavcodec/mpeg12dec.c @@ -2733,7 +2733,7 @@ static int ipu_decode_frame(AVCodecContext *avctx, AVFrame *frame, int ret; // Check for minimal intra MB size (considering mb header, luma & chroma dc VLC, ac EOB VLC) -if (avpkt->size*8LL < (avctx->width+15)/16 * ((avctx->height+15)/16) * (2 + 3*4 + 2*2 + 2*6)) +if (avpkt->size*8LL < (avctx->width+15)/16 * ((avctx->height+15)/16) * (2LL + 3*4 + 2*2 + 2*6)) return AVERROR_INVALIDDATA; ret = ff_get_buffer(avctx, frame, 0); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/vble: Check av_image_get_buffer_size() for failure
ffmpeg | branch: release/7.0 | Michael Niedermayer | Sat May 18 00:32:43 2024 +0200| [68763d6a6ffc7bc561513469f43afb51047a4b09] | committer: Michael Niedermayer avcodec/vble: Check av_image_get_buffer_size() for failure Fixes: CID1461482 Improper use of negative value Sponsored-by: Sovereign Tech Fund Reviewed-.by: "Xiang, Haihao" Signed-off-by: Michael Niedermayer (cherry picked from commit dd5379db5d83d8b06654582afe327daa6be678a3) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=68763d6a6ffc7bc561513469f43afb51047a4b09 --- libavcodec/vble.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/vble.c b/libavcodec/vble.c index 7711bf1bb1..d27ab658dd 100644 --- a/libavcodec/vble.c +++ b/libavcodec/vble.c @@ -191,6 +191,9 @@ static av_cold int vble_decode_init(AVCodecContext *avctx) ctx->size = av_image_get_buffer_size(avctx->pix_fmt, avctx->width, avctx->height, 1); +if (ctx->size < 0) +return ctx->size; + ctx->val = av_malloc_array(ctx->size, sizeof(*ctx->val)); if (!ctx->val) { ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/vqcdec: Check init_get_bits8() for failure
ffmpeg | branch: release/7.0 | Michael Niedermayer | Sun May 19 00:47:11 2024 +0200| [c250e3b101d91e86681796941ef0eb2ad75148f3] | committer: Michael Niedermayer avcodec/vqcdec: Check init_get_bits8() for failure Fixes: CID1516090 Unchecked return value Sponsored-by: Sovereign Tech Fund Reviewed-by: Peter Ross Signed-off-by: Michael Niedermayer (cherry picked from commit 6a9302739f5b20791eac7f40d9d999f87fd1) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c250e3b101d91e86681796941ef0eb2ad75148f3 --- libavcodec/vqcdec.c | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libavcodec/vqcdec.c b/libavcodec/vqcdec.c index dc9248d99f..dbcaba7b23 100644 --- a/libavcodec/vqcdec.c +++ b/libavcodec/vqcdec.c @@ -146,10 +146,13 @@ static int decode_vectors(VqcContext * s, const uint8_t * buf, int size, int wid GetBitContext gb; uint8_t * vectors = s->vectors; uint8_t * vectors_end = s->vectors + (width * height * 3) / 2; +int ret; memset(vectors, 0, 3 * width * height / 2); -init_get_bits8(, buf, size); +ret = init_get_bits8(, buf, size); +if (ret < 0) +return ret; for (int i = 0; i < 3 * width * height / 2 / 32; i++) { uint8_t * dst = vectors; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/vvc/dec: Check init_get_bits8() for failure
ffmpeg | branch: release/7.0 | Michael Niedermayer | Sun May 19 01:21:37 2024 +0200| [b27c156c155887c2a0db6180162513d3a627e929] | committer: Michael Niedermayer avcodec/vvc/dec: Check init_get_bits8() for failure Fixes: CID1560042 Unchecked return value Sponsored-by: Sovereign Tech Fund Reviewed-by: Nuo Mi Signed-off-by: Michael Niedermayer (cherry picked from commit 4a8506c794d92744514aac26ac9a1b898a7401ab) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b27c156c155887c2a0db6180162513d3a627e929 --- libavcodec/vvc/vvcdec.c | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libavcodec/vvc/vvcdec.c b/libavcodec/vvc/vvcdec.c index 2f8b84f63b..c29d59a330 100644 --- a/libavcodec/vvc/vvcdec.c +++ b/libavcodec/vvc/vvcdec.c @@ -511,6 +511,7 @@ static int slice_init_entry_points(SliceContext *sc, int nb_eps= sh->r->num_entry_points + 1; int ctu_addr = 0; GetBitContext gb; +int ret; if (sc->nb_eps != nb_eps) { eps_free(sc); @@ -520,7 +521,9 @@ static int slice_init_entry_points(SliceContext *sc, sc->nb_eps = nb_eps; } -init_get_bits8(, slice->data, slice->data_size); +ret = init_get_bits8(, slice->data, slice->data_size); +if (ret < 0) +return ret; for (int i = 0; i < sc->nb_eps; i++) { EntryPoint *ep = sc->eps + i; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/jpeg2000dec: remove ST=3 case
ffmpeg | branch: release/7.0 | Michael Niedermayer | Fri May 10 16:07:04 2024 +0200| [8c5358c617efeb8ba303bfa9580bd70bbeff6307] | committer: Michael Niedermayer avcodec/jpeg2000dec: remove ST=3 case Fixes: CID1460979 Logically dead code Sponsored-by: Sovereign Tech Fund Reviewed-by: Tomas Härdin Signed-off-by: Michael Niedermayer (cherry picked from commit 4ed4f9a6c0a99c823706bfc4bb4df53f963f2f5a) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8c5358c617efeb8ba303bfa9580bd70bbeff6307 --- libavcodec/jpeg2000dec.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c index 4d28be3656..72aaefbdb3 100644 --- a/libavcodec/jpeg2000dec.c +++ b/libavcodec/jpeg2000dec.c @@ -834,9 +834,6 @@ static int get_tlm(Jpeg2000DecoderContext *s, int n) case 2: bytestream2_get_be16(>g); break; -case 3: -bytestream2_get_be32(>g); -break; } if (SP == 0) { bytestream2_get_be16(>g); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/qsvdec: Check av_image_get_buffer_size() for failure
ffmpeg | branch: release/7.0 | Michael Niedermayer | Mon May 13 02:05:56 2024 +0200| [1e67935ab196aa0072cfd84e1e2d3c99be71940d] | committer: Michael Niedermayer avcodec/qsvdec: Check av_image_get_buffer_size() for failure Fixes: CID1477406 Improper use of negative value Sponsored-by: Sovereign Tech Fund Reviewed-by: "Xiang, Haihao" Signed-off-by: Michael Niedermayer (cherry picked from commit 8789c550faf4587527faf0bd4f6c6c5c64a04ae2) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1e67935ab196aa0072cfd84e1e2d3c99be71940d --- libavcodec/qsvdec.c | 9 ++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/libavcodec/qsvdec.c b/libavcodec/qsvdec.c index fd9267c6f4..bacb21afdf 100644 --- a/libavcodec/qsvdec.c +++ b/libavcodec/qsvdec.c @@ -378,9 +378,12 @@ static int qsv_decode_init_context(AVCodecContext *avctx, QSVContext *q, mfxVide q->frame_info = param->mfx.FrameInfo; -if (!avctx->hw_frames_ctx) -q->pool = av_buffer_pool_init(av_image_get_buffer_size(avctx->pix_fmt, -FFALIGN(avctx->width, 128), FFALIGN(avctx->height, 64), 1), av_buffer_allocz); +if (!avctx->hw_frames_ctx) { +ret = av_image_get_buffer_size(avctx->pix_fmt, FFALIGN(avctx->width, 128), FFALIGN(avctx->height, 64), 1); +if (ret < 0) +return ret; +q->pool = av_buffer_pool_init(ret, av_buffer_allocz); +} return 0; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/vp3: Replace check by assert
ffmpeg | branch: release/7.0 | Michael Niedermayer | Sat May 18 03:16:08 2024 +0200| [3a0320e95a76e7ba6fe48a7e656b3b1d49cce1e9] | committer: Michael Niedermayer avcodec/vp3: Replace check by assert Fixes: CID1452425 Logically dead code Sponsored-by: Sovereign Tech Fund Reviewed-by: Peter Ross Signed-off-by: Michael Niedermayer (cherry picked from commit 1b991e77b9b19392214f6a788541bea5662de337) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3a0320e95a76e7ba6fe48a7e656b3b1d49cce1e9 --- libavcodec/vp3.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c index 89946135dc..96b0b66005 100644 --- a/libavcodec/vp3.c +++ b/libavcodec/vp3.c @@ -2007,8 +2007,7 @@ static int vp4_mc_loop_filter(Vp3DecodeContext *s, int plane, int motion_x, int x_offset = (-(x + 2) & 7) + 2; y_offset = (-(y + 2) & 7) + 2; -if (x_offset > 8 + x_subpel && y_offset > 8 + y_subpel) -return 0; +av_assert1(!(x_offset > 8 + x_subpel && y_offset > 8 + y_subpel)); s->vdsp.emulated_edge_mc(loop, motion_source - stride - 1, loop_stride, stride, ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/vp8: Forward return of ff_vpx_init_range_decoder()
ffmpeg | branch: release/7.0 | Michael Niedermayer | Sat May 18 03:06:46 2024 +0200| [7f05002e05e8c2809455f6e36557f9498c015e8b] | committer: Michael Niedermayer avcodec/vp8: Forward return of ff_vpx_init_range_decoder() Fixes: CID1507483 Unchecked return value Sponsored-by: Sovereign Tech Fund Reviewed-by: "Ronald S. Bultje" Signed-off-by: Michael Niedermayer (cherry picked from commit 63feed1519c5e38d6ce146f265c48592236e3abc) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7f05002e05e8c2809455f6e36557f9498c015e8b --- libavcodec/vp8.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libavcodec/vp8.c b/libavcodec/vp8.c index dd6c1b361b..3ebf1c2df9 100644 --- a/libavcodec/vp8.c +++ b/libavcodec/vp8.c @@ -354,9 +354,8 @@ static int setup_partitions(VP8Context *s, const uint8_t *buf, int buf_size) } s->coeff_partition_size[i] = buf_size; -ff_vpx_init_range_decoder(>coeff_partition[i], buf, buf_size); -return 0; +return ff_vpx_init_range_decoder(>coeff_partition[i], buf, buf_size); } static void vp7_get_quants(VP8Context *s) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/exr: Fix preview overflow
ffmpeg | branch: release/7.0 | Michael Niedermayer | Fri May 3 23:25:10 2024 +0200| [14bd2b4b87cef5016ded50be8cf059c5d7d22edd] | committer: Michael Niedermayer avcodec/exr: Fix preview overflow Fixes: CID1515456 Unintentional integer overflow Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer (cherry picked from commit 36126e4c142e43cc703f4b8c535d388ac5e403a4) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=14bd2b4b87cef5016ded50be8cf059c5d7d22edd --- libavcodec/exr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/exr.c b/libavcodec/exr.c index e680f9b9e0..cf62953436 100644 --- a/libavcodec/exr.c +++ b/libavcodec/exr.c @@ -1942,7 +1942,7 @@ static int decode_header(EXRContext *s, AVFrame *frame) "preview", 16)) >= 0) { uint32_t pw = bytestream2_get_le32(gb); uint32_t ph = bytestream2_get_le32(gb); -uint64_t psize = pw * ph; +uint64_t psize = pw * (uint64_t)ph; if (psize > INT64_MAX / 4) { ret = AVERROR_INVALIDDATA; goto fail; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/decode: decode_simple_internal() only implements audio and video
ffmpeg | branch: release/7.0 | Michael Niedermayer | Fri May 3 21:51:42 2024 +0200| [b01e6a7e0b961d44138bf683713563ac0fedac32] | committer: Michael Niedermayer avcodec/decode: decode_simple_internal() only implements audio and video Fixes: CID1538861 Uninitialized scalar variable Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer (cherry picked from commit e9bb586543d83fe0ed901834b853b6d64e327529) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b01e6a7e0b961d44138bf683713563ac0fedac32 --- libavcodec/decode.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/decode.c b/libavcodec/decode.c index 34bcb7cc64..ac18544b2e 100644 --- a/libavcodec/decode.c +++ b/libavcodec/decode.c @@ -428,7 +428,8 @@ FF_ENABLE_DEPRECATION_WARNINGS } else if (avctx->codec->type == AVMEDIA_TYPE_AUDIO) { ret = !got_frame ? AVERROR(EAGAIN) : discard_samples(avctx, frame, discarded_samples); -} +} else +av_assert0(0); if (ret == AVERROR(EAGAIN)) av_frame_unref(frame); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/fmvc: remove dead assignment
ffmpeg | branch: release/7.0 | Michael Niedermayer | Sat May 4 23:29:26 2024 +0200| [271c364eb59c867284b113a8226e3520047b8293] | committer: Michael Niedermayer avcodec/fmvc: remove dead assignment Fixes: CID1529220 Unused value Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer (cherry picked from commit 96c116254527cc40b386f14b77e17fbe2388d5da) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=271c364eb59c867284b113a8226e3520047b8293 --- libavcodec/fmvc.c | 1 - 1 file changed, 1 deletion(-) diff --git a/libavcodec/fmvc.c b/libavcodec/fmvc.c index 5e26a541ca..a9e5afd17b 100644 --- a/libavcodec/fmvc.c +++ b/libavcodec/fmvc.c @@ -100,7 +100,6 @@ static int decode_type2(GetByteContext *gb, PutByteContext *pb) continue; } } -repeat = 0; } repeat = 1; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/h2645_sei: Remove dead checks
ffmpeg | branch: release/7.0 | Michael Niedermayer | Mon May 6 01:00:17 2024 +0200| [15de2a9b969086cec71cea96ae8ab3961d1c03d8] | committer: Michael Niedermayer avcodec/h2645_sei: Remove dead checks Fixes: CID1596534 Dereference after null check Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer (cherry picked from commit fdaa6ae2b62de51ac0584b51feec7b2369799549) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=15de2a9b969086cec71cea96ae8ab3961d1c03d8 --- libavcodec/h2645_sei.c | 6 ++ 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/libavcodec/h2645_sei.c b/libavcodec/h2645_sei.c index afc103b69c..3b58d22d6f 100644 --- a/libavcodec/h2645_sei.c +++ b/libavcodec/h2645_sei.c @@ -621,8 +621,7 @@ int ff_h2645_sei_to_frame(AVFrame *frame, H2645SEI *sei, if (!sd) av_buffer_unref(>buf_ref); a53->buf_ref = NULL; -if (avctx) -avctx->properties |= FF_CODEC_PROPERTY_CLOSED_CAPTIONS; +avctx->properties |= FF_CODEC_PROPERTY_CLOSED_CAPTIONS; } for (unsigned i = 0; i < sei->unregistered.nb_buf_ref; i++) { @@ -718,8 +717,7 @@ FF_ENABLE_DEPRECATION_WARNINGS else fgc->present = fgc->persistence_flag; -if (avctx) -avctx->properties |= FF_CODEC_PROPERTY_FILM_GRAIN; +avctx->properties |= FF_CODEC_PROPERTY_FILM_GRAIN; } #if CONFIG_HEVC_SEI ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/h264_slice: Remove dead sps check
ffmpeg | branch: release/7.0 | Michael Niedermayer | Mon May 6 03:17:26 2024 +0200| [402a2c730f9e74da4f0390f1513a7efc77dfde8f] | committer: Michael Niedermayer avcodec/h264_slice: Remove dead sps check Fixes: CID1439574 Dereference after null check Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer (cherry picked from commit a68aa951b21b8b7db0a5200bcfebc0a077a5f094) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=402a2c730f9e74da4f0390f1513a7efc77dfde8f --- libavcodec/h264_slice.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/h264_slice.c b/libavcodec/h264_slice.c index e9a404e41b..752735cc54 100644 --- a/libavcodec/h264_slice.c +++ b/libavcodec/h264_slice.c @@ -1396,7 +1396,7 @@ static int h264_field_start(H264Context *h, const H264SliceContext *sl, sps = h->ps.sps; -if (sps && sps->bitstream_restriction_flag && +if (sps->bitstream_restriction_flag && h->avctx->has_b_frames < sps->num_reorder_frames) { h->avctx->has_b_frames = sps->num_reorder_frames; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/lpc: copy levenson coeffs only when they have been computed
ffmpeg | branch: release/7.0 | Michael Niedermayer | Sat May 11 20:50:44 2024 +0200| [e94527f38fdb90f347b0206d2ccd94cfd5925b99] | committer: Michael Niedermayer avcodec/lpc: copy levenson coeffs only when they have been computed Fixes: CID1473514 Uninitialized scalar variable Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer (cherry picked from commit c2d897f3566fdf5c190583c6f5197ead5abec2ed) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e94527f38fdb90f347b0206d2ccd94cfd5925b99 --- libavcodec/lpc.c | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libavcodec/lpc.c b/libavcodec/lpc.c index 53f5c3d379..88ab37e761 100644 --- a/libavcodec/lpc.c +++ b/libavcodec/lpc.c @@ -281,8 +281,10 @@ int ff_lpc_calc_coefs(LPCContext *s, double av_uninit(weight); memset(var, 0, FFALIGN(MAX_LPC_ORDER+1,4)*sizeof(*var)); -for(j=0; j 1) +for(j=0; jhttps://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avutil/tests/base64: Check with too short output array
ffmpeg | branch: release/7.0 | Michael Niedermayer | Sat May 11 03:14:16 2024 +0200| [9eb6558fa91e2f3584769551dc396e189564f56d] | committer: Michael Niedermayer avutil/tests/base64: Check with too short output array Signed-off-by: Michael Niedermayer (cherry picked from commit c304784a86cc7e2af211ed80ce2121e788680a8e) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9eb6558fa91e2f3584769551dc396e189564f56d --- libavutil/tests/base64.c | 10 ++ 1 file changed, 10 insertions(+) diff --git a/libavutil/tests/base64.c b/libavutil/tests/base64.c index 400e01cefe..66d0fdc1fc 100644 --- a/libavutil/tests/base64.c +++ b/libavutil/tests/base64.c @@ -64,6 +64,16 @@ static int test_encode_decode(const uint8_t *data, unsigned int data_size, printf("Failed: decode to NULL buffer\n"); return 1; } +if (data_size > 0 && (data2_size = av_base64_decode(data2, encoded, data_size - 1)) != data_size - 1) { +printf("Failed: out of array write\n" + "Encoded:\n%s\n", encoded); +return 1; +} +if (data_size > 1 && (data2_size = av_base64_decode(data2, encoded, data_size - 2)) != data_size - 2) { +printf("Failed: out of array write\n" + "Encoded:\n%s\n", encoded); +return 1; +} if (strlen(encoded)) { char *end = strchr(encoded, '='); if (!end) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] tools/opt_common: Check for malloc failure
ffmpeg | branch: release/7.0 | Michael Niedermayer | Sun Apr 28 18:33:24 2024 +0200| [4d920afb825856a83f140ccc6b8f4bdb050e4cb7] | committer: Michael Niedermayer tools/opt_common: Check for malloc failure Fixes: CID1539100 Negative loop bound Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer (cherry picked from commit ba7038043a46420bc86b060dbb13b956ea50ac03) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4d920afb825856a83f140ccc6b8f4bdb050e4cb7 --- fftools/opt_common.c | 14 -- 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/fftools/opt_common.c b/fftools/opt_common.c index 947a226d8d..9d2d5184a0 100644 --- a/fftools/opt_common.c +++ b/fftools/opt_common.c @@ -724,10 +724,13 @@ int show_codecs(void *optctx, const char *opt, const char *arg) return 0; } -static void print_codecs(int encoder) +static int print_codecs(int encoder) { const AVCodecDescriptor **codecs; -unsigned i, nb_codecs = get_codecs_sorted(); +int i, nb_codecs = get_codecs_sorted(); + +if (nb_codecs < 0) +return nb_codecs; printf("%s:\n" " V. = Video\n" @@ -762,18 +765,17 @@ static void print_codecs(int encoder) } } av_free(codecs); +return 0; } int show_decoders(void *optctx, const char *opt, const char *arg) { -print_codecs(0); -return 0; +return print_codecs(0); } int show_encoders(void *optctx, const char *opt, const char *arg) { -print_codecs(1); -return 0; +return print_codecs(1); } int show_bsfs(void *optctx, const char *opt, const char *arg) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] libavutil/base64: Try not to write over the array end
ffmpeg | branch: release/7.0 | Michael Niedermayer | Sat May 11 03:13:17 2024 +0200| [b9985f105ed5ca9dd049cff7ea9a31bdd2f8ccf0] | committer: Michael Niedermayer libavutil/base64: Try not to write over the array end Signed-off-by: Michael Niedermayer (cherry picked from commit 2d216566f258badd07bc58de1e089b6e4175dc46) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b9985f105ed5ca9dd049cff7ea9a31bdd2f8ccf0 --- libavutil/base64.c | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libavutil/base64.c b/libavutil/base64.c index 3e66f4fcbe..69e11e6f5e 100644 --- a/libavutil/base64.c +++ b/libavutil/base64.c @@ -127,10 +127,12 @@ validity_check: } out3: -*dst++ = v >> 10; +if (end - dst) +*dst++ = v >> 10; v <<= 2; out2: -*dst++ = v >> 4; +if (end - dst) +*dst++ = v >> 4; out1: out0: return bits & 1 ? AVERROR_INVALIDDATA : out ? dst - out : 0; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/cbs_av1: Avoid shift overflow
ffmpeg | branch: release/7.0 | Michael Niedermayer | Wed May 1 21:44:33 2024 +0200| [559dd6f68af7041268a4ac4bda4cbfc935f1740d] | committer: Michael Niedermayer avcodec/cbs_av1: Avoid shift overflow Fixes: CID1465488 Unintentional integer overflow Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer (cherry picked from commit d7924a4f60f2088de1e6790345caba929eb97030) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=559dd6f68af7041268a4ac4bda4cbfc935f1740d --- libavcodec/cbs_av1.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/cbs_av1.c b/libavcodec/cbs_av1.c index 1d9ac5ab44..fb82996022 100644 --- a/libavcodec/cbs_av1.c +++ b/libavcodec/cbs_av1.c @@ -301,7 +301,7 @@ static int cbs_av1_write_increment(CodedBitstreamContext *ctx, PutBitContext *pb return AVERROR(ENOSPC); if (len > 0) -put_bits(pbc, len, (1 << len) - 1 - (value != range_max)); +put_bits(pbc, len, (1U << len) - 1 - (value != range_max)); CBS_TRACE_WRITE_END_NO_SUBSCRIPTS(); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] doc/examples/demux_decode: Simplify loop
ffmpeg | branch: release/7.0 | Michael Niedermayer | Wed Apr 24 03:08:14 2024 +0200| [c8a9e355146e8258a368be05f89ac8061c45be60] | committer: Michael Niedermayer doc/examples/demux_decode: Simplify loop Fixes: CID1463550 Logically dead code Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer (cherry picked from commit 91d27f7e02e5bec4b6e53cc7a7f15df8be017bb3) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c8a9e355146e8258a368be05f89ac8061c45be60 --- doc/examples/demux_decode.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/doc/examples/demux_decode.c b/doc/examples/demux_decode.c index f26611d8f4..64f5547bc4 100644 --- a/doc/examples/demux_decode.c +++ b/doc/examples/demux_decode.c @@ -138,11 +138,9 @@ static int decode_packet(AVCodecContext *dec, const AVPacket *pkt) ret = output_audio_frame(frame); av_frame_unref(frame); -if (ret < 0) -return ret; } -return 0; +return ret; } static int open_codec_context(int *stream_idx, ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] fftools/ffplay: Check return of swr_alloc_set_opts2()
ffmpeg | branch: release/7.0 | Michael Niedermayer | Sun Apr 28 01:10:50 2024 +0200| [44b0e6a99f1d3adba1c9d3a799ecd90fbff47076] | committer: Michael Niedermayer fftools/ffplay: Check return of swr_alloc_set_opts2() This probably makes no difference but its more correct Fixes: CID1503080 Unchecked return value Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer (cherry picked from commit f44f44155533822922f6d2f24e5c53c14e432612) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=44b0e6a99f1d3adba1c9d3a799ecd90fbff47076 --- fftools/ffplay.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/fftools/ffplay.c b/fftools/ffplay.c index fcd1319ce7..69d0b09a6a 100644 --- a/fftools/ffplay.c +++ b/fftools/ffplay.c @@ -2394,12 +2394,13 @@ static int audio_decode_frame(VideoState *is) av_channel_layout_compare(>frame->ch_layout, >audio_src.ch_layout) || af->frame->sample_rate != is->audio_src.freq || (wanted_nb_samples != af->frame->nb_samples && !is->swr_ctx)) { +int ret; swr_free(>swr_ctx); -swr_alloc_set_opts2(>swr_ctx, +ret = swr_alloc_set_opts2(>swr_ctx, >audio_tgt.ch_layout, is->audio_tgt.fmt, is->audio_tgt.freq, >frame->ch_layout, af->frame->format, af->frame->sample_rate, 0, NULL); -if (!is->swr_ctx || swr_init(is->swr_ctx) < 0) { +if (ret < 0 || swr_init(is->swr_ctx) < 0) { av_log(NULL, AV_LOG_ERROR, "Cannot create sample rate converter for conversion of %d Hz %s %d channels to %d Hz %s %d channels!\n", af->frame->sample_rate, av_get_sample_fmt_name(af->frame->format), af->frame->ch_layout.nb_channels, ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/concatdec: Check file
ffmpeg | branch: release/7.0 | Michael Niedermayer | Tue Apr 30 00:47:31 2024 +0200| [4eccabcc262ab282bd16984518a49b409a32921d] | committer: Michael Niedermayer avformat/concatdec: Check file Fixes: null pointer dereference Fixes: -stream_loop 1 -ss 00:00:05 -i zgclab/ffmpeg_crash/poc2 -codec:v copy -codec:a aac -y output.mp4 Found-by: Wang Dawei and Zhou Geng, from Zhongguancun Laboratory Signed-off-by: Michael Niedermayer (cherry picked from commit a5d1497f33afa17b6a3578b66638e69bf8a558de) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4eccabcc262ab282bd16984518a49b409a32921d --- libavformat/concatdec.c | 5 + 1 file changed, 5 insertions(+) diff --git a/libavformat/concatdec.c b/libavformat/concatdec.c index b1d0de18f1..93cab01ce0 100644 --- a/libavformat/concatdec.c +++ b/libavformat/concatdec.c @@ -638,6 +638,11 @@ static int concat_parse_script(AVFormatContext *avf) } } +if (!file) { +ret = AVERROR_INVALIDDATA; +goto fail; +} + if (file->inpoint != AV_NOPTS_VALUE && file->outpoint != AV_NOPTS_VALUE) { if (file->inpoint > file->outpoint || file->outpoint - (uint64_t)file->inpoint > INT64_MAX) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/mpegvideo_enc: Fix 1 line and one column images
ffmpeg | branch: release/7.0 | Michael Niedermayer | Mon Apr 8 18:38:42 2024 +0200| [67ca3a5ee7d4ddb55fbe93de9cf7898eb09b7887] | committer: Michael Niedermayer avcodec/mpegvideo_enc: Fix 1 line and one column images Fixes: Ticket10952 Fixes: poc21ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 96449cfeaeb95fcfd7a2b8d9ccf7719e97471ed1) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=67ca3a5ee7d4ddb55fbe93de9cf7898eb09b7887 --- libavcodec/mpegvideo_enc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/mpegvideo_enc.c b/libavcodec/mpegvideo_enc.c index c20e364cac..9d048e3dec 100644 --- a/libavcodec/mpegvideo_enc.c +++ b/libavcodec/mpegvideo_enc.c @@ -1198,8 +1198,8 @@ static int load_input_picture(MpegEncContext *s, const AVFrame *pic_arg) ptrdiff_t dst_stride = i ? s->uvlinesize : s->linesize; int h_shift = i ? s->chroma_x_shift : 0; int v_shift = i ? s->chroma_y_shift : 0; -int w = s->width >> h_shift; -int h = s->height >> v_shift; +int w = AV_CEIL_RSHIFT(s->width , h_shift); +int h = AV_CEIL_RSHIFT(s->height, v_shift); const uint8_t *src = pic_arg->data[i]; uint8_t *dst = pic->f->data[i]; int vpad = 16; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/wavarc: fix integer overflow in decode_5elp() block type 2
ffmpeg | branch: release/7.0 | Michael Niedermayer | Fri Apr 26 05:08:38 2024 +0200| [0047b51b8dc10e0ea14eaaf767a566e38a56ba99] | committer: Michael Niedermayer avcodec/wavarc: fix integer overflow in decode_5elp() block type 2 Fixes: signed integer overflow: 2097152000 + 107142979 cannot be represented in type 'int' Fixes: 67919/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVARC_fuzzer-5955101769400320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit a2ec2bd49317ab16a3c30c0824efc580ea9a8aef) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0047b51b8dc10e0ea14eaaf767a566e38a56ba99 --- libavcodec/wavarc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/wavarc.c b/libavcodec/wavarc.c index e121f1bc61..536c74e478 100644 --- a/libavcodec/wavarc.c +++ b/libavcodec/wavarc.c @@ -690,7 +690,7 @@ static int decode_5elp(AVCodecContext *avctx, for (int o = 0; o < order; o++) sum += s->filter[ch][o] * (unsigned)samples[n + 70 - o - 1]; -samples[n + 70] += ac_out[n] + (sum >> 4); +samples[n + 70] += ac_out[n] + (unsigned)(sum >> 4); } for (int n = 0; n < 70; n++) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/amrwbdec: assert mode to be valid in decode_fixed_vector()
ffmpeg | branch: release/7.0 | Michael Niedermayer | Sun Apr 28 23:30:51 2024 +0200| [c8ffda5684d1c85f7cf86fbedfd4e8ba69a77231] | committer: Michael Niedermayer avcodec/amrwbdec: assert mode to be valid in decode_fixed_vector() Inspired-by: CID1473499 Uninitialized scalar variable Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer (cherry picked from commit a3bb269db92601e2dc0e99352468d02f7b26c7c2) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c8ffda5684d1c85f7cf86fbedfd4e8ba69a77231 --- libavcodec/amrwbdec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/amrwbdec.c b/libavcodec/amrwbdec.c index 9d75b972fa..21a730b835 100644 --- a/libavcodec/amrwbdec.c +++ b/libavcodec/amrwbdec.c @@ -26,6 +26,7 @@ #include "config.h" +#include "libavutil/avassert.h" #include "libavutil/channel_layout.h" #include "libavutil/common.h" #include "libavutil/lfg.h" @@ -554,6 +555,8 @@ static void decode_fixed_vector(float *fixed_vector, const uint16_t *pulse_hi, decode_6p_track(sig_pos[i], (int) pulse_lo[i] + ((int) pulse_hi[i] << 11), 4, 1); break; +default: +av_assert2(0); } memset(fixed_vector, 0, sizeof(float) * AMRWB_SFR_SIZE); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/avs3_parser: assert the return value of init_get_bits()
ffmpeg | branch: release/7.0 | Michael Niedermayer | Wed May 1 21:17:25 2024 +0200| [13ef4f209f64cc73f6a6c4b668560d3797164dd9] | committer: Michael Niedermayer avcodec/avs3_parser: assert the return value of init_get_bits() Fixes: CID1492867 Unchecked return value Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer (cherry picked from commit f9218e4d52e16494ed816651a110dfe0ad22638c) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=13ef4f209f64cc73f6a6c4b668560d3797164dd9 --- libavcodec/avs3_parser.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/avs3_parser.c b/libavcodec/avs3_parser.c index a819b5783d..ea495b1c7c 100644 --- a/libavcodec/avs3_parser.c +++ b/libavcodec/avs3_parser.c @@ -73,7 +73,8 @@ static void parse_avs3_nal_units(AVCodecParserContext *s, const uint8_t *buf, GetBitContext gb; int profile, ratecode, low_delay; -init_get_bits8(, buf + 4, buf_size - 4); +av_unused int ret = init_get_bits(, buf + 4, 100); +av_assert1(ret >= 0); s->key_frame = 1; s->pict_type = AV_PICTURE_TYPE_I; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] swscale/output: Fix integer overflow in yuv2rgba64_full_1_c_template()
ffmpeg | branch: release/7.0 | Michael Niedermayer | Fri Apr 26 05:08:36 2024 +0200| [ef9d59defb10f36862e6041eb5f6dbaa5e48f5bb] | committer: Michael Niedermayer swscale/output: Fix integer overflow in yuv2rgba64_full_1_c_template() Fixes: signed integer overflow: -1082982400 + -1079364728 cannot be represented in type 'int' Fixes: 67910/clusterfuzz-testcase-minimized-ffmpeg_SWS_fuzzer-5329011971522560 The input is 9bit in 16bit, the fuzzer fills all 16bit thus generating "invalid" input No overflow should happen with valid input. Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 1330a73ccadd855542ac4386f75fd72ff0ab5ea1) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ef9d59defb10f36862e6041eb5f6dbaa5e48f5bb --- libswscale/output.c | 16 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/libswscale/output.c b/libswscale/output.c index 0b6c77e167..b234f9c6b9 100644 --- a/libswscale/output.c +++ b/libswscale/output.c @@ -1429,7 +1429,7 @@ yuv2rgba64_full_1_c_template(SwsContext *c, const int32_t *buf0, if (uvalpha < 2048) { for (i = 0; i < dstW; i++) { -int Y = (buf0[i]) >> 2; +SUINT Y = (buf0[i]) >> 2; int U = (ubuf0[i] - (128 << 11)) >> 2; int V = (vbuf0[i] - (128 << 11)) >> 2; int R, G, B; @@ -1448,9 +1448,9 @@ yuv2rgba64_full_1_c_template(SwsContext *c, const int32_t *buf0, G = V * c->yuv2rgb_v2g_coeff + U * c->yuv2rgb_u2g_coeff; B =U * c->yuv2rgb_u2b_coeff; -output_pixel([0], av_clip_uintp2(((R_B + Y) >> 14) + (1<<15), 16)); -output_pixel([1], av_clip_uintp2((( G + Y) >> 14) + (1<<15), 16)); -output_pixel([2], av_clip_uintp2(((B_R + Y) >> 14) + (1<<15), 16)); +output_pixel([0], av_clip_uintp2(((int)(R_B + Y) >> 14) + (1<<15), 16)); +output_pixel([1], av_clip_uintp2(((int)( G + Y) >> 14) + (1<<15), 16)); +output_pixel([2], av_clip_uintp2(((int)(B_R + Y) >> 14) + (1<<15), 16)); if (eightbytes) { output_pixel([3], av_clip_uintp2(A, 30) >> 14); dest += 4; @@ -1462,7 +1462,7 @@ yuv2rgba64_full_1_c_template(SwsContext *c, const int32_t *buf0, const int32_t *ubuf1 = ubuf[1], *vbuf1 = vbuf[1]; int A = 0x<<14; for (i = 0; i < dstW; i++) { -int Y = (buf0[i]) >> 2; +SUINT Y = (buf0[i]) >> 2; int U = (ubuf0[i] + ubuf1[i] - (128 << 12)) >> 3; int V = (vbuf0[i] + vbuf1[i] - (128 << 12)) >> 3; int R, G, B; @@ -1481,9 +1481,9 @@ yuv2rgba64_full_1_c_template(SwsContext *c, const int32_t *buf0, G = V * c->yuv2rgb_v2g_coeff + U * c->yuv2rgb_u2g_coeff; B =U * c->yuv2rgb_u2b_coeff; -output_pixel([0], av_clip_uintp2(((R_B + Y) >> 14) + (1<<15), 16)); -output_pixel([1], av_clip_uintp2((( G + Y) >> 14) + (1<<15), 16)); -output_pixel([2], av_clip_uintp2(((B_R + Y) >> 14) + (1<<15), 16)); +output_pixel([0], av_clip_uintp2(((int)(R_B + Y) >> 14) + (1<<15), 16)); +output_pixel([1], av_clip_uintp2(((int)( G + Y) >> 14) + (1<<15), 16)); +output_pixel([2], av_clip_uintp2(((int)(B_R + Y) >> 14) + (1<<15), 16)); if (eightbytes) { output_pixel([3], av_clip_uintp2(A, 30) >> 14); dest += 4; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/avs2_parser: Assert init_get_bits8() success with const size 15
ffmpeg | branch: release/7.0 | Michael Niedermayer | Wed May 1 15:50:56 2024 +0200| [ec35ed8bb2d1044dbe7640deef3a8d16f07f046e] | committer: Michael Niedermayer avcodec/avs2_parser: Assert init_get_bits8() success with const size 15 Fixes: CID1506708 Unchecked return value Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer (cherry picked from commit a7c4f119c91bcb3791a3c242ee61a5c60379db4f) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ec35ed8bb2d1044dbe7640deef3a8d16f07f046e --- libavcodec/avs2_parser.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavcodec/avs2_parser.c b/libavcodec/avs2_parser.c index 200134f91d..0d68ab1d00 100644 --- a/libavcodec/avs2_parser.c +++ b/libavcodec/avs2_parser.c @@ -72,13 +72,15 @@ static void parse_avs2_seq_header(AVCodecParserContext *s, const uint8_t *buf, unsigned aspect_ratio; unsigned frame_rate_code; int low_delay; +av_unused int ret; // update buf_size_min if parse more deeper const int buf_size_min = 15; if (buf_size < buf_size_min) return; -init_get_bits8(, buf, buf_size_min); +ret = init_get_bits8(, buf, buf_size_min); +av_assert1(ret >= 0); s->key_frame = 1; s->pict_type = AV_PICTURE_TYPE_I; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] swscale/output: Fix integer overflow in yuv2rgba64_1_c_template
ffmpeg | branch: release/7.0 | Michael Niedermayer | Fri Apr 26 05:08:35 2024 +0200| [ccd7fe3c6727705d00f483d6338048267081a720] | committer: Michael Niedermayer swscale/output: Fix integer overflow in yuv2rgba64_1_c_template Fixes: signed integer overflow: -831176 * 9539 cannot be represented in type 'int' Fixes: 67869/clusterfuzz-testcase-minimized-ffmpeg_SWS_fuzzer-5117342091640832 The input is 9bit in 16bit, the fuzzer fills all 16bit thus generating "invalid" input No overflow should happen with valid input. Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit a56559e688ffde40fcda5588123ffcb978da86d7) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ccd7fe3c6727705d00f483d6338048267081a720 --- libswscale/output.c | 44 ++-- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/libswscale/output.c b/libswscale/output.c index 8849a3201a..0b6c77e167 100644 --- a/libswscale/output.c +++ b/libswscale/output.c @@ -1207,8 +1207,8 @@ yuv2rgba64_1_c_template(SwsContext *c, const int32_t *buf0, if (uvalpha < 2048) { for (i = 0; i < ((dstW + 1) >> 1); i++) { -int Y1 = (buf0[i * 2]) >> 2; -int Y2 = (buf0[i * 2 + 1]) >> 2; +SUINT Y1 = (buf0[i * 2]) >> 2; +SUINT Y2 = (buf0[i * 2 + 1]) >> 2; int U = (ubuf0[i] - (128 << 11)) >> 2; int V = (vbuf0[i] - (128 << 11)) >> 2; int R, G, B; @@ -1232,20 +1232,20 @@ yuv2rgba64_1_c_template(SwsContext *c, const int32_t *buf0, G = V * c->yuv2rgb_v2g_coeff + U * c->yuv2rgb_u2g_coeff; B =U * c->yuv2rgb_u2b_coeff; -output_pixel([0], av_clip_uintp2(((R_B + Y1) >> 14) + (1<<15), 16)); -output_pixel([1], av_clip_uintp2((( G + Y1) >> 14) + (1<<15), 16)); -output_pixel([2], av_clip_uintp2(((B_R + Y1) >> 14) + (1<<15), 16)); +output_pixel([0], av_clip_uintp2(((int)(R_B + Y1) >> 14) + (1<<15), 16)); +output_pixel([1], av_clip_uintp2(((int)( G + Y1) >> 14) + (1<<15), 16)); +output_pixel([2], av_clip_uintp2(((int)(B_R + Y1) >> 14) + (1<<15), 16)); if (eightbytes) { output_pixel([3], av_clip_uintp2(A1 , 30) >> 14); -output_pixel([4], av_clip_uintp2(((R_B + Y2) >> 14) + (1<<15), 16)); -output_pixel([5], av_clip_uintp2((( G + Y2) >> 14) + (1<<15), 16)); -output_pixel([6], av_clip_uintp2(((B_R + Y2) >> 14) + (1<<15), 16)); +output_pixel([4], av_clip_uintp2(((int)(R_B + Y2) >> 14) + (1<<15), 16)); +output_pixel([5], av_clip_uintp2(((int)( G + Y2) >> 14) + (1<<15), 16)); +output_pixel([6], av_clip_uintp2(((int)(B_R + Y2) >> 14) + (1<<15), 16)); output_pixel([7], av_clip_uintp2(A2 , 30) >> 14); dest += 8; } else { -output_pixel([3], av_clip_uintp2(((R_B + Y2) >> 14) + (1<<15), 16)); -output_pixel([4], av_clip_uintp2((( G + Y2) >> 14) + (1<<15), 16)); -output_pixel([5], av_clip_uintp2(((B_R + Y2) >> 14) + (1<<15), 16)); +output_pixel([3], av_clip_uintp2(((int)(R_B + Y2) >> 14) + (1<<15), 16)); +output_pixel([4], av_clip_uintp2(((int)( G + Y2) >> 14) + (1<<15), 16)); +output_pixel([5], av_clip_uintp2(((int)(B_R + Y2) >> 14) + (1<<15), 16)); dest += 6; } } @@ -1253,8 +1253,8 @@ yuv2rgba64_1_c_template(SwsContext *c, const int32_t *buf0, const int32_t *ubuf1 = ubuf[1], *vbuf1 = vbuf[1]; int A1 = 0x<<14, A2 = 0x<<14; for (i = 0; i < ((dstW + 1) >> 1); i++) { -int Y1 = (buf0[i * 2]) >> 2; -int Y2 = (buf0[i * 2 + 1]) >> 2; +SUINT Y1 = (buf0[i * 2]) >> 2; +SUINT Y2 = (buf0[i * 2 + 1]) >> 2; int U = (ubuf0[i] + ubuf1[i] - (128 << 12)) >> 3; int V = (vbuf0[i] + vbuf1[i] - (128 << 12)) >> 3; int R, G, B; @@ -1278,20 +1278,20 @@ yuv2rgba64_1_c_template(SwsContext *c, const int32_t *buf0, G = V * c->yuv2rgb_v2g_coeff + U * c->yuv2rgb_u2g_coeff; B =U * c->yuv2rgb_u2b_coeff; -output_pixel([0], av_clip_uintp2(((R_B + Y1) >> 14) + (1<&l
[FFmpeg-cvslog] avcodec/av1dec: Change bit_depth to int
ffmpeg | branch: release/7.0 | Michael Niedermayer | Fri May 3 00:10:01 2024 +0200| [8170914a34b6b29e3745a346e5ea46a1436c5310] | committer: Michael Niedermayer avcodec/av1dec: Change bit_depth to int Suggested-by: James Almer Signed-off-by: Michael Niedermayer (cherry picked from commit 69b4d9736b0d0ad01c41fcae2d66eaa534b76969) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8170914a34b6b29e3745a346e5ea46a1436c5310 --- libavcodec/av1dec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/av1dec.c b/libavcodec/av1dec.c index d13c2c4a6b..32c2379a45 100644 --- a/libavcodec/av1dec.c +++ b/libavcodec/av1dec.c @@ -468,7 +468,7 @@ static int get_tiles_info(AVCodecContext *avctx, const AV1RawTileGroup *tile_gro static enum AVPixelFormat get_sw_pixel_format(void *logctx, const AV1RawSequenceHeader *seq) { -uint8_t bit_depth; +int bit_depth; enum AVPixelFormat pix_fmt = AV_PIX_FMT_NONE; if (seq->seq_profile == 2 && seq->color_config.high_bitdepth) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/av1dec: bit_depth cannot be another values than 8,10,12
ffmpeg | branch: release/7.0 | Michael Niedermayer | Wed May 1 13:10:57 2024 +0200| [c5671e9de91cb51e4a8d730d030fc3d7aaab1ad0] | committer: Michael Niedermayer avcodec/av1dec: bit_depth cannot be another values than 8,10,12 Fixes: CID1544265 Logically dead code Sponsored-by: Sovereign Tech Fund Reviewed-by: James Almer Signed-off-by: Michael Niedermayer (cherry picked from commit fd7d24fa3f39fc1013fb0d06b42c98b8ff1f8942) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c5671e9de91cb51e4a8d730d030fc3d7aaab1ad0 --- libavcodec/av1dec.c | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libavcodec/av1dec.c b/libavcodec/av1dec.c index 11c852786f..d13c2c4a6b 100644 --- a/libavcodec/av1dec.c +++ b/libavcodec/av1dec.c @@ -492,7 +492,7 @@ static enum AVPixelFormat get_sw_pixel_format(void *logctx, else if (bit_depth == 12) pix_fmt = AV_PIX_FMT_YUV444P12; else -av_log(logctx, AV_LOG_WARNING, "Unknown AV1 pixel format.\n"); +av_assert0(0); } else if (seq->color_config.subsampling_x == 1 && seq->color_config.subsampling_y == 0) { if (bit_depth == 8) @@ -502,7 +502,7 @@ static enum AVPixelFormat get_sw_pixel_format(void *logctx, else if (bit_depth == 12) pix_fmt = AV_PIX_FMT_YUV422P12; else -av_log(logctx, AV_LOG_WARNING, "Unknown AV1 pixel format.\n"); +av_assert0(0); } else if (seq->color_config.subsampling_x == 1 && seq->color_config.subsampling_y == 1) { if (bit_depth == 8) @@ -512,7 +512,7 @@ static enum AVPixelFormat get_sw_pixel_format(void *logctx, else if (bit_depth == 12) pix_fmt = AV_PIX_FMT_YUV420P12; else -av_log(logctx, AV_LOG_WARNING, "Unknown AV1 pixel format.\n"); +av_assert0(0); } } else { if (bit_depth == 8) @@ -522,7 +522,7 @@ static enum AVPixelFormat get_sw_pixel_format(void *logctx, else if (bit_depth == 12) pix_fmt = AV_PIX_FMT_GRAY12; else -av_log(logctx, AV_LOG_WARNING, "Unknown AV1 pixel format.\n"); +av_assert0(0); } return pix_fmt; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/kvag: Check sample_rate
ffmpeg | branch: release/7.0 | Michael Niedermayer | Mon Apr 29 23:44:25 2024 +0200| [dba4b859d86b54fbf4201ca5c86a45d5b0764842] | committer: Michael Niedermayer avformat/kvag: Check sample_rate Fixes: Division by 0 Fixes: -copyts -start_at_zero -itsoffset 00:00:01 -itsscale 1 -ss 00:00:02 -i zgclab/ffmpeg_crash/poc1 output.mp4 Found-by: Wang Dawei and Zhou Geng, from Zhongguancun Laboratory Signed-off-by: Michael Niedermayer (cherry picked from commit c26a762ea1bf028a33554a5f7a18d8dd7d82f5a8) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=dba4b859d86b54fbf4201ca5c86a45d5b0764842 --- libavformat/kvag.c | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libavformat/kvag.c b/libavformat/kvag.c index 1d0aee0994..b55aa893ec 100644 --- a/libavformat/kvag.c +++ b/libavformat/kvag.c @@ -38,7 +38,7 @@ typedef struct KVAGHeader { uint32_tmagic; uint32_tdata_size; -uint32_tsample_rate; +intsample_rate; uint16_tstereo; } KVAGHeader; @@ -70,6 +70,9 @@ static int kvag_read_header(AVFormatContext *s) hdr.sample_rate = AV_RL32(buf + 8); hdr.stereo = AV_RL16(buf + 12); +if (hdr.sample_rate <= 0) +return AVERROR_INVALIDDATA; + par = st->codecpar; par->codec_type = AVMEDIA_TYPE_AUDIO; par->codec_id = AV_CODEC_ID_ADPCM_IMA_SSI; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avfilter/avfiltergraph: return value of ff_request_frame() is unused
ffmpeg | branch: release/7.0 | Michael Niedermayer | Mon Apr 22 02:53:51 2024 +0200| [9a4199c71b6905aaad5d5b8980e692be6f08e411] | committer: Michael Niedermayer avfilter/avfiltergraph: return value of ff_request_frame() is unused Fixes: CID1397741 Unchecked return value Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer (cherry picked from commit e757726e89ff636e0dc6743f635888639a196e36) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9a4199c71b6905aaad5d5b8980e692be6f08e411 --- libavfilter/avfiltergraph.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavfilter/avfiltergraph.c b/libavfilter/avfiltergraph.c index 12ff7d6ffb..8e091d95e0 100644 --- a/libavfilter/avfiltergraph.c +++ b/libavfilter/avfiltergraph.c @@ -1410,7 +1410,7 @@ int avfilter_graph_request_oldest(AVFilterGraph *graph) if (r == AVERROR(EAGAIN) && !oldest->frame_wanted_out && !oldesti->frame_blocked_in && !oldesti->status_in) -ff_request_frame(oldest); +(void)ff_request_frame(oldest); else if (r < 0) return r; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/mxfdec: Check body_offset
ffmpeg | branch: release/7.0 | Michael Niedermayer | Fri Apr 26 03:46:33 2024 +0200| [0e44de3b9b5c7dc99b47c30d24932d9856d3b646] | committer: Michael Niedermayer avformat/mxfdec: Check body_offset Fixes: signed integer overflow: 538976288 - -9223372036315799520 cannot be represented in type 'long' Fixes: 68060/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-5523457266745344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Tomas Härdin Signed-off-by: Michael Niedermayer (cherry picked from commit 20a6bfda0f7c6447ac94611736cee6e9ce6972a0) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0e44de3b9b5c7dc99b47c30d24932d9856d3b646 --- libavformat/mxfdec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c index 4e4beb40b0..518a507539 100644 --- a/libavformat/mxfdec.c +++ b/libavformat/mxfdec.c @@ -790,6 +790,9 @@ static int mxf_read_partition_pack(void *arg, AVIOContext *pb, int tag, int size partition->index_sid = avio_rb32(pb); partition->body_offset = avio_rb64(pb); partition->body_sid = avio_rb32(pb); +if (partition->body_offset < 0) +return AVERROR_INVALIDDATA; + if (avio_read(pb, op, sizeof(UID)) != sizeof(UID)) { av_log(mxf->fc, AV_LOG_ERROR, "Failed reading UID\n"); return AVERROR_INVALIDDATA; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/atrac9dec: Check init_get_bits8() for failure
ffmpeg | branch: release/7.0 | Michael Niedermayer | Sun Apr 28 22:57:53 2024 +0200| [e806d36b38603c016f1e39c6c72b31b86253aa2b] | committer: Michael Niedermayer avcodec/atrac9dec: Check init_get_bits8() for failure Fixes: CID1439569 Unchecked return value Fixes: CID1439578 Unchecked return value Sponsored-by: Sovereign Tech Fund Reviewed-by: Lynne Signed-off-by: Michael Niedermayer (cherry picked from commit 615c994739cacbeb0a2f48f8271d911fcd0b4303) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e806d36b38603c016f1e39c6c72b31b86253aa2b --- libavcodec/atrac9dec.c | 8 ++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/libavcodec/atrac9dec.c b/libavcodec/atrac9dec.c index 5b84f0c6d6..91f2e50b05 100644 --- a/libavcodec/atrac9dec.c +++ b/libavcodec/atrac9dec.c @@ -801,7 +801,9 @@ static int atrac9_decode_frame(AVCodecContext *avctx, AVFrame *frame, if (ret < 0) return ret; -init_get_bits8(, avpkt->data, avpkt->size); +ret = init_get_bits8(, avpkt->data, avpkt->size); +if (ret < 0) +return ret; for (int i = 0; i < frames; i++) { for (int j = 0; j < s->block_config->count; j++) { @@ -921,7 +923,9 @@ static av_cold int atrac9_decode_init(AVCodecContext *avctx) return AVERROR_INVALIDDATA; } -init_get_bits8(, avctx->extradata + 4, avctx->extradata_size); +err = init_get_bits8(, avctx->extradata + 4, avctx->extradata_size); +if (err < 0) +return err; if (get_bits(, 8) != 0xFE) { av_log(avctx, AV_LOG_ERROR, "Incorrect magic byte!\n"); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/ac3_parser: Check init_get_bits8() for failure
ffmpeg | branch: release/7.0 | Michael Niedermayer | Sun Apr 28 21:09:45 2024 +0200| [c42248f4664840a14378eb4c4da9ea186ab92514] | committer: Michael Niedermayer avcodec/ac3_parser: Check init_get_bits8() for failure Fixes: CID1420393 Unchecked return value Sponsored-by: Sovereign Tech Fund Reviewed-by: Lynne Signed-off-by: Michael Niedermayer (cherry picked from commit 63415168dbd96475372e37ae0fd47bafe151e2f0) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c42248f4664840a14378eb4c4da9ea186ab92514 --- libavcodec/ac3_parser.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavcodec/ac3_parser.c b/libavcodec/ac3_parser.c index 13b8d3b7d8..283139288c 100644 --- a/libavcodec/ac3_parser.c +++ b/libavcodec/ac3_parser.c @@ -204,7 +204,9 @@ int av_ac3_parse_header(const uint8_t *buf, size_t size, AC3HeaderInfo hdr; int err; -init_get_bits8(, buf, size); +err = init_get_bits8(, buf, size); +if (err < 0) +return AVERROR_INVALIDDATA; err = ff_ac3_parse_header(, ); if (err < 0) return AVERROR_INVALIDDATA; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/pngdec: Check last AVFrame before deref
ffmpeg | branch: release/7.0 | Michael Niedermayer | Fri Apr 26 23:22:53 2024 +0200| [a0577e9877ef83c703a003fe76c82aeea761c2d6] | committer: Michael Niedermayer avcodec/pngdec: Check last AVFrame before deref Fixes: NULL pointer dereference Fixes: 68184/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APNG_fuzzer-4926478069334016 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 091fdce87e88c8622d8af89ffa6cbb0dc20c3816) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a0577e9877ef83c703a003fe76c82aeea761c2d6 --- libavcodec/pngdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c index de50e6a5b6..90c286eb83 100644 --- a/libavcodec/pngdec.c +++ b/libavcodec/pngdec.c @@ -1216,7 +1216,7 @@ static int decode_fctl_chunk(AVCodecContext *avctx, PNGDecContext *s, return AVERROR_INVALIDDATA; } -if ((sequence_number == 0 || !s->last_picture.f->data[0]) && +if ((sequence_number == 0 || !s->last_picture.f) && dispose_op == APNG_DISPOSE_OP_PREVIOUS) { // No previous frame to revert to for the first frame // Spec says to just treat it as a APNG_DISPOSE_OP_BACKGROUND ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] doc/examples/qsv_transcode: Initialize pointer before free
ffmpeg | branch: release/7.0 | Michael Niedermayer | Wed Apr 24 03:30:20 2024 +0200| [7fa0143d7e02c5cd575d14750198ae4dd2ef4166] | committer: Michael Niedermayer doc/examples/qsv_transcode: Initialize pointer before free Fixees: CID1517023 Uninitialized pointer read Sponsored-by: Sovereign Tech Fund Reviewed-by: "Xiang, Haihao" Signed-off-by: Michael Niedermayer (cherry picked from commit cae0f2bc550312c99655057f8ffab5b59556ceeb) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7fa0143d7e02c5cd575d14750198ae4dd2ef4166 --- doc/examples/qsv_transcode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/examples/qsv_transcode.c b/doc/examples/qsv_transcode.c index 486910f09a..ff115f3669 100644 --- a/doc/examples/qsv_transcode.c +++ b/doc/examples/qsv_transcode.c @@ -341,7 +341,7 @@ int main(int argc, char **argv) { const AVCodec *enc_codec; int ret = 0; -AVPacket *dec_pkt; +AVPacket *dec_pkt = NULL; if (argc < 5 || (argc - 5) % 2) { av_log(NULL, AV_LOG_ERROR, "Usage: %s " ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] doc/examples/qsv_transcode: Simplify str_to_dict() loop
ffmpeg | branch: release/7.0 | Michael Niedermayer | Wed Apr 24 03:28:00 2024 +0200| [70191fc0a6bdc09b61ae53d3b93092596c4dd5a0] | committer: Michael Niedermayer doc/examples/qsv_transcode: Simplify str_to_dict() loop Fixes: CID1517022 Logically dead code Sponsored-by: Sovereign Tech Fund Reviewed-by: "Xiang, Haihao" Signed-off-by: Michael Niedermayer (cherry picked from commit 191950d1bfc3924d1b54f236b2c35149ba4487a1) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=70191fc0a6bdc09b61ae53d3b93092596c4dd5a0 --- doc/examples/qsv_transcode.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/doc/examples/qsv_transcode.c b/doc/examples/qsv_transcode.c index 3d98729474..486910f09a 100644 --- a/doc/examples/qsv_transcode.c +++ b/doc/examples/qsv_transcode.c @@ -75,8 +75,7 @@ static int str_to_dict(char* optstr, AVDictionary **opt) if (value == NULL) return AVERROR(EINVAL); av_dict_set(opt, key, value, 0); -} while(key != NULL); -return 0; +} while(1); } static int dynamic_set_parameter(AVCodecContext *avctx) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/hevcdec: Check ref frame
ffmpeg | branch: release/7.0 | Michael Niedermayer | Sat Apr 27 00:09:02 2024 +0200| [62d3e4fd298105026f47c4591db178600104862d] | committer: Michael Niedermayer avcodec/hevcdec: Check ref frame Fixes: NULL pointer dereferences Fixes: 68197/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-6382538823106560 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Andreas Rheinhardt Signed-off-by: Michael Niedermayer (cherry picked from commit 5eb05f44503da3fdff82f1fed8ee2706d9841a9a) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=62d3e4fd298105026f47c4591db178600104862d --- libavcodec/hevcdec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/hevcdec.c b/libavcodec/hevcdec.c index 08fd3be43c..a130eb1d74 100644 --- a/libavcodec/hevcdec.c +++ b/libavcodec/hevcdec.c @@ -1968,13 +1968,13 @@ static void hls_prediction_unit(HEVCLocalContext *lc, int x0, int y0, if (current_mv.pred_flag & PF_L0) { ref0 = refPicList[0].ref[current_mv.ref_idx[0]]; -if (!ref0 || !ref0->frame->data[0]) +if (!ref0 || !ref0->frame) return; hevc_await_progress(s, ref0, _mv.mv[0], y0, nPbH); } if (current_mv.pred_flag & PF_L1) { ref1 = refPicList[1].ref[current_mv.ref_idx[1]]; -if (!ref1 || !ref1->frame->data[0]) +if (!ref1 || !ref1->frame) return; hevc_await_progress(s, ref1, _mv.mv[1], y0, nPbH); } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] doc/examples/vaapi_transcode: Simplify loop
ffmpeg | branch: release/7.0 | Michael Niedermayer | Wed Apr 24 03:20:38 2024 +0200| [6b42ba2094e6ba56cfd66a746cb01e00c7a0d421] | committer: Michael Niedermayer doc/examples/vaapi_transcode: Simplify loop Fixes: CID1428858(1/2) Logically dead code Sponsored-by: Sovereign Tech Fund Reviewed-by: "myp...@gmail.com" Signed-off-by: Michael Niedermayer (cherry picked from commit c9c11a0866d45827201b034349bceb2dc58a3499) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6b42ba2094e6ba56cfd66a746cb01e00c7a0d421 --- doc/examples/vaapi_transcode.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/doc/examples/vaapi_transcode.c b/doc/examples/vaapi_transcode.c index 8367cb3040..e1b7a43883 100644 --- a/doc/examples/vaapi_transcode.c +++ b/doc/examples/vaapi_transcode.c @@ -215,10 +215,8 @@ static int dec_enc(AVPacket *pkt, const AVCodec *enc_codec) fail: av_frame_free(); -if (ret < 0) -return ret; } -return 0; +return ret; } int main(int argc, char **argv) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] doc/examples/qsv_transcode: Simplify loop
ffmpeg | branch: release/7.0 | Michael Niedermayer | Wed Apr 24 03:20:38 2024 +0200| [53868f5193d63e499c0e36aeef9376b40ecbd189] | committer: Michael Niedermayer doc/examples/qsv_transcode: Simplify loop Fixes: CID1428858(2/2) Logically dead code Sponsored-by: Sovereign Tech Fund Reviewed-by: "Xiang, Haihao" Signed-off-by: Michael Niedermayer (cherry picked from commit 82cce209349d2a7c893a4f9691ec8698704b0486) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=53868f5193d63e499c0e36aeef9376b40ecbd189 --- doc/examples/qsv_transcode.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/doc/examples/qsv_transcode.c b/doc/examples/qsv_transcode.c index 972126800b..3d98729474 100644 --- a/doc/examples/qsv_transcode.c +++ b/doc/examples/qsv_transcode.c @@ -334,10 +334,8 @@ static int dec_enc(AVPacket *pkt, const AVCodec *enc_codec, char *optstr) fail: av_frame_free(); -if (ret < 0) -return ret; } -return 0; +return ret; } int main(int argc, char **argv) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/cbs_h2645: Check NAL space
ffmpeg | branch: release/7.0 | Michael Niedermayer | Mon Apr 22 03:23:10 2024 +0200| [ad26b2d05a4cfc583dc502cc6c7bc41bb45c4d69] | committer: Michael Niedermayer avcodec/cbs_h2645: Check NAL space Found-by-reviewing: CID1419833 Untrusted loop bound Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer (cherry picked from commit b91e3c4c908228901b1ec120d59ddf5a86c3b3b8) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ad26b2d05a4cfc583dc502cc6c7bc41bb45c4d69 --- libavcodec/cbs_h2645.c | 4 1 file changed, 4 insertions(+) diff --git a/libavcodec/cbs_h2645.c b/libavcodec/cbs_h2645.c index 8e4af7b2cc..db803ea351 100644 --- a/libavcodec/cbs_h2645.c +++ b/libavcodec/cbs_h2645.c @@ -708,7 +708,11 @@ static int cbs_h2645_split_fragment(CodedBitstreamContext *ctx, start = bytestream2_tell(); for(i = 0; i < num_nalus; i++) { +if (bytestream2_get_bytes_left() < 2) +return AVERROR_INVALIDDATA; size = bytestream2_get_be16(); +if (bytestream2_get_bytes_left() < size) +return AVERROR_INVALIDDATA; bytestream2_skip(, size); } end = bytestream2_tell(); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avfilter/vf_thumbnail_cuda: Set ret before checking it
ffmpeg | branch: release/7.0 | Michael Niedermayer | Mon Apr 22 03:09:54 2024 +0200| [1dbfdd2d306d29b9eadcc817896dd0dac9c9dcae] | committer: Michael Niedermayer avfilter/vf_thumbnail_cuda: Set ret before checking it Fixes: CID1418336 Logically dead code Sponsored-by: Sovereign Tech Fund Reviewed-by: Timo Rothenpieler Signed-off-by: Michael Niedermayer (cherry picked from commit 02301017d28422e4d0a4badb16f2226e70ec534a) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1dbfdd2d306d29b9eadcc817896dd0dac9c9dcae --- libavfilter/vf_thumbnail_cuda.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavfilter/vf_thumbnail_cuda.c b/libavfilter/vf_thumbnail_cuda.c index c8dd905123..40a3b75dd0 100644 --- a/libavfilter/vf_thumbnail_cuda.c +++ b/libavfilter/vf_thumbnail_cuda.c @@ -290,7 +290,7 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *frame) hist[i] = 4 * hist[i]; } -CHECK_CU(cu->cuCtxPopCurrent()); +ret = CHECK_CU(cu->cuCtxPopCurrent()); if (ret < 0) return ret; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avfilter/signature_lookup: Dont copy uninitialized stuff around
ffmpeg | branch: release/7.0 | Michael Niedermayer | Mon Apr 22 00:57:43 2024 +0200| [4197c3203b63f8d90c264eff9ca783c4f8beaafd] | committer: Michael Niedermayer avfilter/signature_lookup: Dont copy uninitialized stuff around Fixes: CID1403238 Uninitialized pointer read Fixes: CID1403239 Uninitialized pointer read Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer (cherry picked from commit e7174e66ac6025cea4b8e590525314d3aea6a134) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4197c3203b63f8d90c264eff9ca783c4f8beaafd --- libavfilter/signature_lookup.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavfilter/signature_lookup.c b/libavfilter/signature_lookup.c index 625d38bd13..ad59106cf0 100644 --- a/libavfilter/signature_lookup.c +++ b/libavfilter/signature_lookup.c @@ -447,14 +447,14 @@ static MatchingInfo evaluate_parameters(AVFilterContext *ctx, SignatureContext * } if (tolerancecount > 2) { -a = aprev; -b = bprev; if (dir == DIR_NEXT) { /* turn around */ a = infos->first; b = infos->second; dir = DIR_PREV; } else { +a = aprev; +b = bprev; break; } } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avfilter/signature_lookup: Fix 2 differences to the refernce SW
ffmpeg | branch: release/7.0 | Michael Niedermayer | Mon Apr 22 00:43:19 2024 +0200| [ba031f8771d2c88a85b0607da2fd1442c8fe368f] | committer: Michael Niedermayer avfilter/signature_lookup: Fix 2 differences to the refernce SW Fixes: CID1403227 Division or modulo by float zero Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer (cherry picked from commit 25cb66369e7b81bd280f0bdd6d51a0e2e11881e3) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ba031f8771d2c88a85b0607da2fd1442c8fe368f --- libavfilter/signature_lookup.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavfilter/signature_lookup.c b/libavfilter/signature_lookup.c index 9c69c02fbf..625d38bd13 100644 --- a/libavfilter/signature_lookup.c +++ b/libavfilter/signature_lookup.c @@ -495,10 +495,10 @@ static MatchingInfo evaluate_parameters(AVFilterContext *ctx, SignatureContext * continue; /* matching sequence is too short */ if ((double) goodfcount / (double) fcount < sc->thit) continue; -if ((double) goodfcount*0.5 < FFMAX(gooda, goodb)) +if ((double) goodfcount*0.5 <= FFMAX(gooda, goodb)) continue; -meandist = (double) goodfcount / (double) distsum; +meandist = (double) distsum / (double) goodfcount; if (meandist < minmeandist || status == (STATUS_END_REACHED | STATUS_BEGIN_REACHED) || ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/mpeg4videodec: assert impossible wrap points
ffmpeg | branch: master | Michael Niedermayer | Sat May 11 22:08:21 2024 +0200| [8fc649b931a3cbc3a2dd9b50b75a9261a2fb4b49] | committer: Michael Niedermayer avcodec/mpeg4videodec: assert impossible wrap points Helps: CID1473517 Uninitialized scalar variable Helps: CID1473497 Uninitialized scalar variable Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8fc649b931a3cbc3a2dd9b50b75a9261a2fb4b49 --- libavcodec/mpeg4videodec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/mpeg4videodec.c b/libavcodec/mpeg4videodec.c index 6a7a37e817..df1e22207d 100644 --- a/libavcodec/mpeg4videodec.c +++ b/libavcodec/mpeg4videodec.c @@ -597,6 +597,8 @@ static int mpeg4_decode_sprite_trajectory(Mpeg4DecContext *ctx, GetBitContext *g ctx->sprite_shift[0] = alpha + beta + rho - min_ab; ctx->sprite_shift[1] = alpha + beta + rho - min_ab + 2; break; +default: +av_assert0(0); } /* try to simplify the situation */ if (sprite_delta[0][0] == a << ctx->sprite_shift[0] && ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/vqcdec: Check init_get_bits8() for failure
ffmpeg | branch: master | Michael Niedermayer | Sun May 19 00:47:11 2024 +0200| [6a9302739f5b20791eac7f40d9d999f87fd1] | committer: Michael Niedermayer avcodec/vqcdec: Check init_get_bits8() for failure Fixes: CID1516090 Unchecked return value Sponsored-by: Sovereign Tech Fund Reviewed-by: Peter Ross Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6a9302739f5b20791eac7f40d9d999f87fd1 --- libavcodec/vqcdec.c | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libavcodec/vqcdec.c b/libavcodec/vqcdec.c index 5c6cab3c1a..bb69844327 100644 --- a/libavcodec/vqcdec.c +++ b/libavcodec/vqcdec.c @@ -147,10 +147,13 @@ static int decode_vectors(VqcContext * s, const uint8_t * buf, int size, int wid GetBitContext gb; uint8_t * vectors = s->vectors; uint8_t * vectors_end = s->vectors + (width * height * 3) / 2; +int ret; memset(vectors, 0, 3 * width * height / 2); -init_get_bits8(, buf, size); +ret = init_get_bits8(, buf, size); +if (ret < 0) +return ret; for (int i = 0; i < 3 * width * height / 2 / 32; i++) { uint8_t * dst = vectors; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/vvc/dec: Check init_get_bits8() for failure
ffmpeg | branch: master | Michael Niedermayer | Sun May 19 01:21:37 2024 +0200| [4a8506c794d92744514aac26ac9a1b898a7401ab] | committer: Michael Niedermayer avcodec/vvc/dec: Check init_get_bits8() for failure Fixes: CID1560042 Unchecked return value Sponsored-by: Sovereign Tech Fund Reviewed-by: Nuo Mi Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4a8506c794d92744514aac26ac9a1b898a7401ab --- libavcodec/vvc/dec.c | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libavcodec/vvc/dec.c b/libavcodec/vvc/dec.c index 25cdb39cab..76b1923340 100644 --- a/libavcodec/vvc/dec.c +++ b/libavcodec/vvc/dec.c @@ -514,6 +514,7 @@ static int slice_init_entry_points(SliceContext *sc, int nb_eps= sh->r->num_entry_points + 1; int ctu_addr = 0; GetBitContext gb; +int ret; if (sc->nb_eps != nb_eps) { eps_free(sc); @@ -523,7 +524,9 @@ static int slice_init_entry_points(SliceContext *sc, sc->nb_eps = nb_eps; } -init_get_bits8(, slice->data, slice->data_size); +ret = init_get_bits8(, slice->data, slice->data_size); +if (ret < 0) +return ret; for (int i = 0; i < sc->nb_eps; i++) { EntryPoint *ep = sc->eps + i; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/mscc & mwsc: Check loop counts before use
ffmpeg | branch: master | Michael Niedermayer | Sun May 12 00:43:48 2024 +0200| [e35fe3d8b9e345527a05b1ae958ac851fe09f1ed] | committer: Michael Niedermayer avcodec/mscc & mwsc: Check loop counts before use This could cause timeouts Fixes: CID1439568 Untrusted loop bound Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e35fe3d8b9e345527a05b1ae958ac851fe09f1ed --- libavcodec/mscc.c | 6 ++ libavcodec/mwsc.c | 11 +++ 2 files changed, 17 insertions(+) diff --git a/libavcodec/mscc.c b/libavcodec/mscc.c index 26143bfd5e..2d6f6265bf 100644 --- a/libavcodec/mscc.c +++ b/libavcodec/mscc.c @@ -54,6 +54,9 @@ static int rle_uncompress(AVCodecContext *avctx, GetByteContext *gb, PutByteCont unsigned run = bytestream2_get_byte(gb); if (run) { +if (bytestream2_get_bytes_left_p(pb) < run * s->bpp) +return AVERROR_INVALIDDATA; + switch (avctx->bits_per_coded_sample) { case 8: fill = bytestream2_get_byte(gb); @@ -102,6 +105,9 @@ static int rle_uncompress(AVCodecContext *avctx, GetByteContext *gb, PutByteCont bytestream2_seek_p(pb, y * avctx->width * s->bpp + x * s->bpp, SEEK_SET); } else { +if (bytestream2_get_bytes_left_p(pb) < copy * s->bpp) +return AVERROR_INVALIDDATA; + for (j = 0; j < copy; j++) { switch (avctx->bits_per_coded_sample) { case 8: diff --git a/libavcodec/mwsc.c b/libavcodec/mwsc.c index 06a151a72a..0d4ee9791a 100644 --- a/libavcodec/mwsc.c +++ b/libavcodec/mwsc.c @@ -51,6 +51,10 @@ static int rle_uncompress(GetByteContext *gb, PutByteContext *pb, GetByteContext if (run == 0) { run = bytestream2_get_le32(gb); + +if (bytestream2_tell_p(pb) + width - w < run) +return AVERROR_INVALIDDATA; + for (int j = 0; j < run; j++, w++) { if (w == width) { w = 0; @@ -62,6 +66,10 @@ static int rle_uncompress(GetByteContext *gb, PutByteContext *pb, GetByteContext int pos = bytestream2_tell_p(pb); bytestream2_seek(gbp, pos, SEEK_SET); + +if (pos + width - w < fill) +return AVERROR_INVALIDDATA; + for (int j = 0; j < fill; j++, w++) { if (w == width) { w = 0; @@ -73,6 +81,9 @@ static int rle_uncompress(GetByteContext *gb, PutByteContext *pb, GetByteContext intra = 0; } else { +if (bytestream2_tell_p(pb) + width - w < run) +return AVERROR_INVALIDDATA; + for (int j = 0; j < run; j++, w++) { if (w == width) { w = 0; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/mpeg12dec: Use 64bit in bit computation
ffmpeg | branch: master | Michael Niedermayer | Sat May 11 21:04:00 2024 +0200| [4c725df059dd9a5f2071e204924105b3ceb74cbc] | committer: Michael Niedermayer avcodec/mpeg12dec: Use 64bit in bit computation I dont think this can actually overflow but 64bit seems reasonable to use Fixes: CID1521983 Unintentional integer overflow Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4c725df059dd9a5f2071e204924105b3ceb74cbc --- libavcodec/mpeg12dec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/mpeg12dec.c b/libavcodec/mpeg12dec.c index a9fe3503db..9fd765f030 100644 --- a/libavcodec/mpeg12dec.c +++ b/libavcodec/mpeg12dec.c @@ -2734,7 +2734,7 @@ static int ipu_decode_frame(AVCodecContext *avctx, AVFrame *frame, int ret; // Check for minimal intra MB size (considering mb header, luma & chroma dc VLC, ac EOB VLC) -if (avpkt->size*8LL < (avctx->width+15)/16 * ((avctx->height+15)/16) * (2 + 3*4 + 2*2 + 2*6)) +if (avpkt->size*8LL < (avctx->width+15)/16 * ((avctx->height+15)/16) * (2LL + 3*4 + 2*2 + 2*6)) return AVERROR_INVALIDDATA; ret = ff_get_buffer(avctx, frame, 0); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/vble: Check av_image_get_buffer_size() for failure
ffmpeg | branch: master | Michael Niedermayer | Sat May 18 00:32:43 2024 +0200| [dd5379db5d83d8b06654582afe327daa6be678a3] | committer: Michael Niedermayer avcodec/vble: Check av_image_get_buffer_size() for failure Fixes: CID1461482 Improper use of negative value Sponsored-by: Sovereign Tech Fund Reviewed-.by: "Xiang, Haihao" Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=dd5379db5d83d8b06654582afe327daa6be678a3 --- libavcodec/vble.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/vble.c b/libavcodec/vble.c index c5d92bd6f5..4511433a6c 100644 --- a/libavcodec/vble.c +++ b/libavcodec/vble.c @@ -187,6 +187,9 @@ static av_cold int vble_decode_init(AVCodecContext *avctx) ctx->size = av_image_get_buffer_size(avctx->pix_fmt, avctx->width, avctx->height, 1); +if (ctx->size < 0) +return ctx->size; + ctx->val = av_malloc_array(ctx->size, sizeof(*ctx->val)); if (!ctx->val) { ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/mpegvideo_enc: Fix potential overflow in RD
ffmpeg | branch: master | Michael Niedermayer | Sun May 12 00:13:58 2024 +0200| [b6b2b01025e016ce29e5add57305384a663edcfc] | committer: Michael Niedermayer avcodec/mpegvideo_enc: Fix potential overflow in RD Fixes: CID1500285 Unintentional integer overflow Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b6b2b01025e016ce29e5add57305384a663edcfc --- libavcodec/mpegvideo_enc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/mpegvideo_enc.c b/libavcodec/mpegvideo_enc.c index b601a1a9e4..73a9082265 100644 --- a/libavcodec/mpegvideo_enc.c +++ b/libavcodec/mpegvideo_enc.c @@ -1433,7 +1433,7 @@ static int estimate_best_b_count(MpegEncContext *s) goto fail; } -rd += (out_size * lambda2) >> (FF_LAMBDA_SHIFT - 3); +rd += (out_size * (uint64_t)lambda2) >> (FF_LAMBDA_SHIFT - 3); } /* get the delayed frames */ @@ -1442,7 +1442,7 @@ static int estimate_best_b_count(MpegEncContext *s) ret = out_size; goto fail; } -rd += (out_size * lambda2) >> (FF_LAMBDA_SHIFT - 3); +rd += (out_size * (uint64_t)lambda2) >> (FF_LAMBDA_SHIFT - 3); rd += c->error[0] + c->error[1] + c->error[2]; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/vp8: Forward return of ff_vpx_init_range_decoder()
ffmpeg | branch: master | Michael Niedermayer | Sat May 18 03:06:46 2024 +0200| [63feed1519c5e38d6ce146f265c48592236e3abc] | committer: Michael Niedermayer avcodec/vp8: Forward return of ff_vpx_init_range_decoder() Fixes: CID1507483 Unchecked return value Sponsored-by: Sovereign Tech Fund Reviewed-by: "Ronald S. Bultje" Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=63feed1519c5e38d6ce146f265c48592236e3abc --- libavcodec/vp8.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libavcodec/vp8.c b/libavcodec/vp8.c index 19f32b3400..8e91613068 100644 --- a/libavcodec/vp8.c +++ b/libavcodec/vp8.c @@ -341,9 +341,8 @@ static int setup_partitions(VP8Context *s, const uint8_t *buf, int buf_size) } s->coeff_partition_size[i] = buf_size; -ff_vpx_init_range_decoder(>coeff_partition[i], buf, buf_size); -return 0; +return ff_vpx_init_range_decoder(>coeff_partition[i], buf, buf_size); } static void vp7_get_quants(VP8Context *s) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/vp3: Replace check by assert
ffmpeg | branch: master | Michael Niedermayer | Sat May 18 03:16:08 2024 +0200| [1b991e77b9b19392214f6a788541bea5662de337] | committer: Michael Niedermayer avcodec/vp3: Replace check by assert Fixes: CID1452425 Logically dead code Sponsored-by: Sovereign Tech Fund Reviewed-by: Peter Ross Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1b991e77b9b19392214f6a788541bea5662de337 --- libavcodec/vp3.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c index 0952760776..d03a1c9dbc 100644 --- a/libavcodec/vp3.c +++ b/libavcodec/vp3.c @@ -2001,8 +2001,7 @@ static int vp4_mc_loop_filter(Vp3DecodeContext *s, int plane, int motion_x, int x_offset = (-(x + 2) & 7) + 2; y_offset = (-(y + 2) & 7) + 2; -if (x_offset > 8 + x_subpel && y_offset > 8 + y_subpel) -return 0; +av_assert1(!(x_offset > 8 + x_subpel && y_offset > 8 + y_subpel)); s->vdsp.emulated_edge_mc(loop, motion_source - stride - 1, loop_stride, stride, ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] Changelog: update
ffmpeg | branch: refs/remotes/origin/release/4.4 | Michael Niedermayer | Sun Apr 14 20:31:14 2024 +0200| [568c374568b5938c5c3304eb887c92d31dedc952] | committer: Michael Niedermayer Changelog: update > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=568c374568b5938c5c3304eb887c92d31dedc952 --- Changelog | 150 ++ 1 file changed, 150 insertions(+) diff --git a/Changelog b/Changelog index 620ca2bf40..4d296caf82 100644 --- a/Changelog +++ b/Changelog @@ -1,6 +1,156 @@ Entries are sorted chronologically from oldest to youngest within each release, releases are sorted from youngest to oldest. +version 4.4.5: + fate/subtitles: Ignore line endings for sub-scc test + avformat/mxfdec: Check index_edit_rate + swscale/utils: Fix xInc overflow + avcodec/exr: Dont use 64bits to hold 6bits + avcodec/exr: Check for remaining bits in huf_unpack_enc_table() + avformat/mpegts: Reset local nb_prg on add_program() failure + avformat/mxfdec: Make edit_unit_byte_count unsigned + avformat/movenc: Check that cts fits in 32bit + avformat/mxfdec: Check first case of offset_temp computation for overflow + avfilter/vf_signature: Dont crash on no frames + avformat/westwood_vqa: Fix 2g packets + avformat/matroskadec: Check timescale + avformat/wavdec: satuarte next_tag_ofs, data_end + avformat/sbgdec: Check for negative duration + avformat/rpl: Use 64bit for total_audio_size and check it + avformat/timecode: use 64bit for intermediate for rounding in fps_from_frame_rate() + avformat/jacosubdec: Use 64bit for abs + avformat/concatdec: Check user_duration sum + avcodec/truemotion1: Height not being a multiple of 4 is unsupported + avcodec/hcadec: do not set hfr_group_count to invalid values + avformat/concatdec: clip outpoint - inpoint overflow in get_best_effort_duration() + avformat/jacosubdec: clarify code + avformat/cafdec: Check that data chunk end fits within 64bit + avformat/iff: Saturate avio_tell() + 12 + avformat/dxa: Adjust order of operations around block align + avformat/cafdec: dont seek beyond 64bit + avformat/id3v2: read_uslt() check for the amount read + avcodec/proresenc_kostya: Remove bug similarity text + avcodec/vorbisdec: Check remaining data in vorbis_residue_decode_internal() + libswscale/utils: Fix bayer to yuvj + swscale/swscale: Check srcSliceH for bayer + swscale/utils: Allocate more dithererror + avcodec/indeo3: Round dimensions up in allocate_frame_buffers() + avutil/rational: Document what is to be expected from av_d2q() of doubles representing rational numbers + avfilter/signature_lookup: Do not dereference NULL pointers after malloc failure + avfilter/signature_lookup: dont leave uncleared pointers in sll_free() + avcodec/mpegvideo_enc: Use ptrdiff_t for stride + libavformat/hlsenc.c: Populate OTI using AAC profile in write_codec_attr. + avcodec/mpegvideo_enc: Dont copy beyond the image + avfilter/vf_minterpolate: Check pts before division + avformat/flacdec: Avoid double AVERRORS + avfilter/vf_vidstabdetect: Avoid double AVERRORS + avfilter/vf_swaprect: round coordinates down + avfilter/vf_swaprect: Use height for vertical variables + avfilter/vf_swaprect: assert that rectangles are within memory + avfilter/af_alimiter: Check nextpos before use + avfilter/af_stereowiden: Check length + avfilter/vf_weave: Fix odd height handling + avfilter/vf_gradfun: Do not overread last line + avformat/mov: do not set sign bit for chunk_offsets + avcodec/jpeglsdec: Check Jpeg-LS LSE + configure: Enable section_data_rel_ro for FreeBSD and NetBSD aarch64 / arm + avformat/mov: Check if a key is longer than the atom containing it + avcodec/nvdec: reset bitstream_len/nb_slices when resetting bitstream pointer + avformat/mov: don't abort on duplicate Mastering Display Metadata boxes + avcodec/x86/mathops: clip constants used with shift instructions within inline assembly + avcodec/av1dec: fix matrix coefficients exposed by codec context + avcodec/nvdec: don't free NVDECContext->bitstream + avcodec/av1dec: Fix resolving zero divisor + avformat/mov: Ignore duplicate ftyp + avformat/mov: Fix integer overflow in mov_read_packet(). + seek: Fix crashes in ff_seek_frame_binary if built with latest Clang 14 + avcodec/4xm: Check for cfrm exhaustion + avformat/mov: Disallow FTYP after streams + doc/html: fix styling issue with Texinfo 7.0 + doc/html: support texinfo 7.0 + doc/t2h.pm: fix missing TOC with texinfo 6.8 and above + doc/t2h.pm: fix missing CSS with texinfo 6.8 and above + avformat/matroskadec: Fix declaration-after-statement warnings + avformat/rtsp: Use rtsp_st->stream_index + avcodec/jpeg2000dec: Check image offset + avformat/mxfdec: Check klv offset + libavutil/ppc/cpu.c: check that AT_HWCAP2 is defined + avcodec/h2645_parse: Avoid EAGAIN + avcodec/xvididct: Make c* unsigned to avoid undefined overflows + avformat/tmv: Check video chunk size + avcodec/h264_parser: saturate dts a bit + avformat/asfdec_f: Saturate presenta
[FFmpeg-cvslog] avcodec/jpeg2000dec: remove ST=3 case
ffmpeg | branch: master | Michael Niedermayer | Fri May 10 16:07:04 2024 +0200| [4ed4f9a6c0a99c823706bfc4bb4df53f963f2f5a] | committer: Michael Niedermayer avcodec/jpeg2000dec: remove ST=3 case Fixes: CID1460979 Logically dead code Sponsored-by: Sovereign Tech Fund Reviewed-by: Tomas Härdin Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4ed4f9a6c0a99c823706bfc4bb4df53f963f2f5a --- libavcodec/jpeg2000dec.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c index 28bf6be2fe..135537b52f 100644 --- a/libavcodec/jpeg2000dec.c +++ b/libavcodec/jpeg2000dec.c @@ -835,9 +835,6 @@ static int get_tlm(Jpeg2000DecoderContext *s, int n) case 2: bytestream2_get_be16(>g); break; -case 3: -bytestream2_get_be32(>g); -break; } if (SP == 0) { bytestream2_get_be16(>g); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/qsvdec: Check av_image_get_buffer_size() for failure
ffmpeg | branch: master | Michael Niedermayer | Mon May 13 02:05:56 2024 +0200| [8789c550faf4587527faf0bd4f6c6c5c64a04ae2] | committer: Michael Niedermayer avcodec/qsvdec: Check av_image_get_buffer_size() for failure Fixes: CID1477406 Improper use of negative value Sponsored-by: Sovereign Tech Fund Reviewed-by: "Xiang, Haihao" Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8789c550faf4587527faf0bd4f6c6c5c64a04ae2 --- libavcodec/qsvdec.c | 9 ++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/libavcodec/qsvdec.c b/libavcodec/qsvdec.c index ed0bfe4c8b..a51ddace62 100644 --- a/libavcodec/qsvdec.c +++ b/libavcodec/qsvdec.c @@ -379,9 +379,12 @@ static int qsv_decode_init_context(AVCodecContext *avctx, QSVContext *q, mfxVide q->frame_info = param->mfx.FrameInfo; -if (!avctx->hw_frames_ctx) -q->pool = av_buffer_pool_init(av_image_get_buffer_size(avctx->pix_fmt, -FFALIGN(avctx->width, 128), FFALIGN(avctx->height, 64), 1), av_buffer_allocz); +if (!avctx->hw_frames_ctx) { +ret = av_image_get_buffer_size(avctx->pix_fmt, FFALIGN(avctx->width, 128), FFALIGN(avctx->height, 64), 1); +if (ret < 0) +return ret; +q->pool = av_buffer_pool_init(ret, av_buffer_allocz); +} return 0; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/exr: Fix preview overflow
ffmpeg | branch: master | Michael Niedermayer | Fri May 3 23:25:10 2024 +0200| [36126e4c142e43cc703f4b8c535d388ac5e403a4] | committer: Michael Niedermayer avcodec/exr: Fix preview overflow Fixes: CID1515456 Unintentional integer overflow Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=36126e4c142e43cc703f4b8c535d388ac5e403a4 --- libavcodec/exr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/exr.c b/libavcodec/exr.c index 8bd39f78a4..4bac0be89b 100644 --- a/libavcodec/exr.c +++ b/libavcodec/exr.c @@ -1943,7 +1943,7 @@ static int decode_header(EXRContext *s, AVFrame *frame) "preview", 16)) >= 0) { uint32_t pw = bytestream2_get_le32(gb); uint32_t ph = bytestream2_get_le32(gb); -uint64_t psize = pw * ph; +uint64_t psize = pw * (uint64_t)ph; if (psize > INT64_MAX / 4) { ret = AVERROR_INVALIDDATA; goto fail; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/fmvc: remove dead assignment
ffmpeg | branch: master | Michael Niedermayer | Sat May 4 23:29:26 2024 +0200| [96c116254527cc40b386f14b77e17fbe2388d5da] | committer: Michael Niedermayer avcodec/fmvc: remove dead assignment Fixes: CID1529220 Unused value Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=96c116254527cc40b386f14b77e17fbe2388d5da --- libavcodec/fmvc.c | 1 - 1 file changed, 1 deletion(-) diff --git a/libavcodec/fmvc.c b/libavcodec/fmvc.c index 30f7aaf6bc..b51b18a9ee 100644 --- a/libavcodec/fmvc.c +++ b/libavcodec/fmvc.c @@ -101,7 +101,6 @@ static int decode_type2(GetByteContext *gb, PutByteContext *pb) continue; } } -repeat = 0; } repeat = 1; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/dovi_rpuenc: fix compaatibility
ffmpeg | branch: master | Michael Niedermayer | Fri May 3 22:34:00 2024 +0200| [73d6d9f1292424a09756c56b279b8764ef0befeb] | committer: Michael Niedermayer avcodec/dovi_rpuenc: fix compaatibility Fixes: a frequency Found while reviewing: CID1596607 Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=73d6d9f1292424a09756c56b279b8764ef0befeb --- libavcodec/dovi_rpuenc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/dovi_rpuenc.c b/libavcodec/dovi_rpuenc.c index 5a482a7a6e..3c3e0f84c0 100644 --- a/libavcodec/dovi_rpuenc.c +++ b/libavcodec/dovi_rpuenc.c @@ -133,7 +133,7 @@ int ff_dovi_configure(DOVIContext *s, AVCodecContext *avctx) if (!dv_profile || bl_compat_id < 0) { if (s->enable > 0) { av_log(s->logctx, AV_LOG_ERROR, "Dolby Vision enabled, but could " - "not determine profile and compaatibility mode. Double-check " + "not determine profile and compatibility mode. Double-check " "colorspace and format settings for compatibility?\n"); return AVERROR(EINVAL); } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/dovi_rpuenc: initialize profile
ffmpeg | branch: master | Michael Niedermayer | Fri May 3 22:28:16 2024 +0200| [46ad68084e4b1bb1c8f822a7252ce7351a17bac7] | committer: Michael Niedermayer avcodec/dovi_rpuenc: initialize profile Code is taken from dovi_rpudec Fixes: CID1596604 Uninitialized scalar variable Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=46ad68084e4b1bb1c8f822a7252ce7351a17bac7 --- libavcodec/dovi_rpuenc.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/dovi_rpuenc.c b/libavcodec/dovi_rpuenc.c index ad03e143ee..5a482a7a6e 100644 --- a/libavcodec/dovi_rpuenc.c +++ b/libavcodec/dovi_rpuenc.c @@ -565,6 +565,8 @@ int ff_dovi_rpu_generate(DOVIContext *s, const AVDOVIMetadata *metadata, set_ue_golomb(pb, vdr_rpu_id); s->mapping = >vdr[vdr_rpu_id]->mapping; +profile = s->cfg.dv_profile ? s->cfg.dv_profile : ff_dovi_guess_profile_hevc(hdr); + if (!use_prev_vdr_rpu) { set_ue_golomb(pb, mapping->mapping_color_space); set_ue_golomb(pb, mapping->mapping_chroma_format_idc); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/decode: decode_simple_internal() only implements audio and video
ffmpeg | branch: master | Michael Niedermayer | Fri May 3 21:51:42 2024 +0200| [e9bb586543d83fe0ed901834b853b6d64e327529] | committer: Michael Niedermayer avcodec/decode: decode_simple_internal() only implements audio and video Fixes: CID1538861 Uninitialized scalar variable Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e9bb586543d83fe0ed901834b853b6d64e327529 --- libavcodec/decode.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/decode.c b/libavcodec/decode.c index d031b1ca17..900b0c07a3 100644 --- a/libavcodec/decode.c +++ b/libavcodec/decode.c @@ -431,7 +431,8 @@ FF_ENABLE_DEPRECATION_WARNINGS } else if (avctx->codec->type == AVMEDIA_TYPE_AUDIO) { ret = !got_frame ? AVERROR(EAGAIN) : discard_samples(avctx, frame, discarded_samples); -} +} else +av_assert0(0); if (ret == AVERROR(EAGAIN)) av_frame_unref(frame); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/h2645_sei: Remove dead checks
ffmpeg | branch: master | Michael Niedermayer | Mon May 6 01:00:17 2024 +0200| [fdaa6ae2b62de51ac0584b51feec7b2369799549] | committer: Michael Niedermayer avcodec/h2645_sei: Remove dead checks Fixes: CID1596534 Dereference after null check Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fdaa6ae2b62de51ac0584b51feec7b2369799549 --- libavcodec/h2645_sei.c | 6 ++ 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/libavcodec/h2645_sei.c b/libavcodec/h2645_sei.c index 96a22e7cf6..1deb76c765 100644 --- a/libavcodec/h2645_sei.c +++ b/libavcodec/h2645_sei.c @@ -757,8 +757,7 @@ int ff_h2645_sei_to_frame(AVFrame *frame, H2645SEI *sei, if (!sd) av_buffer_unref(>buf_ref); a53->buf_ref = NULL; -if (avctx) -avctx->properties |= FF_CODEC_PROPERTY_CLOSED_CAPTIONS; +avctx->properties |= FF_CODEC_PROPERTY_CLOSED_CAPTIONS; } ret = h2645_sei_to_side_data(avctx, sei, >side_data, >nb_side_data); @@ -844,8 +843,7 @@ FF_ENABLE_DEPRECATION_WARNINGS else fgc->present = fgc->persistence_flag; -if (avctx) -avctx->properties |= FF_CODEC_PROPERTY_FILM_GRAIN; +avctx->properties |= FF_CODEC_PROPERTY_FILM_GRAIN; } #if CONFIG_HEVC_SEI ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/h264_slice: Remove dead sps check
ffmpeg | branch: master | Michael Niedermayer | Mon May 6 03:17:26 2024 +0200| [a68aa951b21b8b7db0a5200bcfebc0a077a5f094] | committer: Michael Niedermayer avcodec/h264_slice: Remove dead sps check Fixes: CID1439574 Dereference after null check Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a68aa951b21b8b7db0a5200bcfebc0a077a5f094 --- libavcodec/h264_slice.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/h264_slice.c b/libavcodec/h264_slice.c index 90d37f6084..ce2c4caca1 100644 --- a/libavcodec/h264_slice.c +++ b/libavcodec/h264_slice.c @@ -1396,7 +1396,7 @@ static int h264_field_start(H264Context *h, const H264SliceContext *sl, sps = h->ps.sps; -if (sps && sps->bitstream_restriction_flag && +if (sps->bitstream_restriction_flag && h->avctx->has_b_frames < sps->num_reorder_frames) { h->avctx->has_b_frames = sps->num_reorder_frames; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/lpc: copy levenson coeffs only when they have been computed
ffmpeg | branch: master | Michael Niedermayer | Sat May 11 20:50:44 2024 +0200| [c2d897f3566fdf5c190583c6f5197ead5abec2ed] | committer: Michael Niedermayer avcodec/lpc: copy levenson coeffs only when they have been computed Fixes: CID1473514 Uninitialized scalar variable Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c2d897f3566fdf5c190583c6f5197ead5abec2ed --- libavcodec/lpc.c | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libavcodec/lpc.c b/libavcodec/lpc.c index 8305cc0596..dfd6114690 100644 --- a/libavcodec/lpc.c +++ b/libavcodec/lpc.c @@ -282,8 +282,10 @@ int ff_lpc_calc_coefs(LPCContext *s, double av_uninit(weight); memset(var, 0, FFALIGN(MAX_LPC_ORDER+1,4)*sizeof(*var)); -for(j=0; j 1) +for(j=0; jhttps://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avutil/tests/base64: Check with too short output array
ffmpeg | branch: master | Michael Niedermayer | Sat May 11 03:14:16 2024 +0200| [c304784a86cc7e2af211ed80ce2121e788680a8e] | committer: Michael Niedermayer avutil/tests/base64: Check with too short output array Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c304784a86cc7e2af211ed80ce2121e788680a8e --- libavutil/tests/base64.c | 10 ++ 1 file changed, 10 insertions(+) diff --git a/libavutil/tests/base64.c b/libavutil/tests/base64.c index 400e01cefe..66d0fdc1fc 100644 --- a/libavutil/tests/base64.c +++ b/libavutil/tests/base64.c @@ -64,6 +64,16 @@ static int test_encode_decode(const uint8_t *data, unsigned int data_size, printf("Failed: decode to NULL buffer\n"); return 1; } +if (data_size > 0 && (data2_size = av_base64_decode(data2, encoded, data_size - 1)) != data_size - 1) { +printf("Failed: out of array write\n" + "Encoded:\n%s\n", encoded); +return 1; +} +if (data_size > 1 && (data2_size = av_base64_decode(data2, encoded, data_size - 2)) != data_size - 2) { +printf("Failed: out of array write\n" + "Encoded:\n%s\n", encoded); +return 1; +} if (strlen(encoded)) { char *end = strchr(encoded, '='); if (!end) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] libavutil/base64: Try not to write over the array end
ffmpeg | branch: master | Michael Niedermayer | Sat May 11 03:13:17 2024 +0200| [2d216566f258badd07bc58de1e089b6e4175dc46] | committer: Michael Niedermayer libavutil/base64: Try not to write over the array end Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2d216566f258badd07bc58de1e089b6e4175dc46 --- libavutil/base64.c | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libavutil/base64.c b/libavutil/base64.c index 3e66f4fcbe..69e11e6f5e 100644 --- a/libavutil/base64.c +++ b/libavutil/base64.c @@ -127,10 +127,12 @@ validity_check: } out3: -*dst++ = v >> 10; +if (end - dst) +*dst++ = v >> 10; v <<= 2; out2: -*dst++ = v >> 4; +if (end - dst) +*dst++ = v >> 4; out1: out0: return bits & 1 ? AVERROR_INVALIDDATA : out ? dst - out : 0; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] fftools/ffplay: Check return of swr_alloc_set_opts2()
ffmpeg | branch: master | Michael Niedermayer | Sun Apr 28 01:10:50 2024 +0200| [f44f44155533822922f6d2f24e5c53c14e432612] | committer: Michael Niedermayer fftools/ffplay: Check return of swr_alloc_set_opts2() This probably makes no difference but its more correct Fixes: CID1503080 Unchecked return value Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f44f44155533822922f6d2f24e5c53c14e432612 --- fftools/ffplay.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/fftools/ffplay.c b/fftools/ffplay.c index d4300d5d46..b9d11eecee 100644 --- a/fftools/ffplay.c +++ b/fftools/ffplay.c @@ -2391,12 +2391,13 @@ static int audio_decode_frame(VideoState *is) av_channel_layout_compare(>frame->ch_layout, >audio_src.ch_layout) || af->frame->sample_rate != is->audio_src.freq || (wanted_nb_samples != af->frame->nb_samples && !is->swr_ctx)) { +int ret; swr_free(>swr_ctx); -swr_alloc_set_opts2(>swr_ctx, +ret = swr_alloc_set_opts2(>swr_ctx, >audio_tgt.ch_layout, is->audio_tgt.fmt, is->audio_tgt.freq, >frame->ch_layout, af->frame->format, af->frame->sample_rate, 0, NULL); -if (!is->swr_ctx || swr_init(is->swr_ctx) < 0) { +if (ret < 0 || swr_init(is->swr_ctx) < 0) { av_log(NULL, AV_LOG_ERROR, "Cannot create sample rate converter for conversion of %d Hz %s %d channels to %d Hz %s %d channels!\n", af->frame->sample_rate, av_get_sample_fmt_name(af->frame->format), af->frame->ch_layout.nb_channels, ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] tools/opt_common: Check for malloc failure
ffmpeg | branch: master | Michael Niedermayer | Sun Apr 28 18:33:24 2024 +0200| [ba7038043a46420bc86b060dbb13b956ea50ac03] | committer: Michael Niedermayer tools/opt_common: Check for malloc failure Fixes: CID1539100 Negative loop bound Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ba7038043a46420bc86b060dbb13b956ea50ac03 --- fftools/opt_common.c | 14 -- 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/fftools/opt_common.c b/fftools/opt_common.c index 947a226d8d..9d2d5184a0 100644 --- a/fftools/opt_common.c +++ b/fftools/opt_common.c @@ -724,10 +724,13 @@ int show_codecs(void *optctx, const char *opt, const char *arg) return 0; } -static void print_codecs(int encoder) +static int print_codecs(int encoder) { const AVCodecDescriptor **codecs; -unsigned i, nb_codecs = get_codecs_sorted(); +int i, nb_codecs = get_codecs_sorted(); + +if (nb_codecs < 0) +return nb_codecs; printf("%s:\n" " V. = Video\n" @@ -762,18 +765,17 @@ static void print_codecs(int encoder) } } av_free(codecs); +return 0; } int show_decoders(void *optctx, const char *opt, const char *arg) { -print_codecs(0); -return 0; +return print_codecs(0); } int show_encoders(void *optctx, const char *opt, const char *arg) { -print_codecs(1); -return 0; +return print_codecs(1); } int show_bsfs(void *optctx, const char *opt, const char *arg) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] doc/examples/demux_decode: Simplify loop
ffmpeg | branch: master | Michael Niedermayer | Wed Apr 24 03:08:14 2024 +0200| [91d27f7e02e5bec4b6e53cc7a7f15df8be017bb3] | committer: Michael Niedermayer doc/examples/demux_decode: Simplify loop Fixes: CID1463550 Logically dead code Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=91d27f7e02e5bec4b6e53cc7a7f15df8be017bb3 --- doc/examples/demux_decode.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/doc/examples/demux_decode.c b/doc/examples/demux_decode.c index f26611d8f4..64f5547bc4 100644 --- a/doc/examples/demux_decode.c +++ b/doc/examples/demux_decode.c @@ -138,11 +138,9 @@ static int decode_packet(AVCodecContext *dec, const AVPacket *pkt) ret = output_audio_frame(frame); av_frame_unref(frame); -if (ret < 0) -return ret; } -return 0; +return ret; } static int open_codec_context(int *stream_idx, ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/cbs_av1: Avoid shift overflow
ffmpeg | branch: master | Michael Niedermayer | Wed May 1 21:44:33 2024 +0200| [d7924a4f60f2088de1e6790345caba929eb97030] | committer: Michael Niedermayer avcodec/cbs_av1: Avoid shift overflow Fixes: CID1465488 Unintentional integer overflow Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d7924a4f60f2088de1e6790345caba929eb97030 --- libavcodec/cbs_av1.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/cbs_av1.c b/libavcodec/cbs_av1.c index 1d9ac5ab44..fb82996022 100644 --- a/libavcodec/cbs_av1.c +++ b/libavcodec/cbs_av1.c @@ -301,7 +301,7 @@ static int cbs_av1_write_increment(CodedBitstreamContext *ctx, PutBitContext *pb return AVERROR(ENOSPC); if (len > 0) -put_bits(pbc, len, (1 << len) - 1 - (value != range_max)); +put_bits(pbc, len, (1U << len) - 1 - (value != range_max)); CBS_TRACE_WRITE_END_NO_SUBSCRIPTS(); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/concatdec: Check file
ffmpeg | branch: master | Michael Niedermayer | Tue Apr 30 00:47:31 2024 +0200| [a5d1497f33afa17b6a3578b66638e69bf8a558de] | committer: Michael Niedermayer avformat/concatdec: Check file Fixes: null pointer dereference Fixes: -stream_loop 1 -ss 00:00:05 -i zgclab/ffmpeg_crash/poc2 -codec:v copy -codec:a aac -y output.mp4 Found-by: Wang Dawei and Zhou Geng, from Zhongguancun Laboratory Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a5d1497f33afa17b6a3578b66638e69bf8a558de --- libavformat/concatdec.c | 5 + 1 file changed, 5 insertions(+) diff --git a/libavformat/concatdec.c b/libavformat/concatdec.c index 493659649c..fe65d0c768 100644 --- a/libavformat/concatdec.c +++ b/libavformat/concatdec.c @@ -639,6 +639,11 @@ static int concat_parse_script(AVFormatContext *avf) } } +if (!file) { +ret = AVERROR_INVALIDDATA; +goto fail; +} + if (file->inpoint != AV_NOPTS_VALUE && file->outpoint != AV_NOPTS_VALUE) { if (file->inpoint > file->outpoint || file->outpoint - (uint64_t)file->inpoint > INT64_MAX) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] tools/target_enc_fuzzer: Only read pix_fmts if its set
ffmpeg | branch: master | Michael Niedermayer | Sun May 5 03:14:26 2024 +0200| [24bd01ea65eb5a9902a0ce8e38f82dcec7117f87] | committer: Michael Niedermayer tools/target_enc_fuzzer: Only read pix_fmts if its set Fixes: null pointer dereference Fixes: rawvideo encoder Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=24bd01ea65eb5a9902a0ce8e38f82dcec7117f87 --- tools/target_enc_fuzzer.c | 10 ++ 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/tools/target_enc_fuzzer.c b/tools/target_enc_fuzzer.c index 1749f6905b..0345595ada 100644 --- a/tools/target_enc_fuzzer.c +++ b/tools/target_enc_fuzzer.c @@ -130,10 +130,12 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { flags64 = bytestream2_get_le64(); -int npixfmts = 0; -while (c->p.pix_fmts[npixfmts++] != AV_PIX_FMT_NONE) -; -ctx->pix_fmt = c->p.pix_fmts[bytestream2_get_byte() % npixfmts]; +if (c->p.pix_fmts) { +int npixfmts = 0; +while (c->p.pix_fmts[npixfmts++] != AV_PIX_FMT_NONE) +; +ctx->pix_fmt = c->p.pix_fmts[bytestream2_get_byte() % npixfmts]; +} switch (c->p.id) { case AV_CODEC_ID_FFV1:{ ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] tools/target_enc_fuzzer: replace assert by clean exit
ffmpeg | branch: master | Michael Niedermayer | Sun May 5 03:08:48 2024 +0200| [c2918eb88ecb93764809bd158cddbb8d73f89db8] | committer: Michael Niedermayer tools/target_enc_fuzzer: replace assert by clean exit Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c2918eb88ecb93764809bd158cddbb8d73f89db8 --- tools/target_enc_fuzzer.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tools/target_enc_fuzzer.c b/tools/target_enc_fuzzer.c index 4357d37636..1749f6905b 100644 --- a/tools/target_enc_fuzzer.c +++ b/tools/target_enc_fuzzer.c @@ -89,7 +89,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { av_log_set_level(AV_LOG_PANIC); } -av_assert0(c->p.type == AVMEDIA_TYPE_VIDEO); +if (c->p.type != AVMEDIA_TYPE_VIDEO) +return 0; maxpixels = maxpixels_per_frame * maxiteration; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/mpegvideo_enc: Fix 1 line and one column images
ffmpeg | branch: master | Michael Niedermayer | Mon Apr 8 18:38:42 2024 +0200| [96449cfeaeb95fcfd7a2b8d9ccf7719e97471ed1] | committer: Michael Niedermayer avcodec/mpegvideo_enc: Fix 1 line and one column images Fixes: Ticket10952 Fixes: poc21ffmpeg Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=96449cfeaeb95fcfd7a2b8d9ccf7719e97471ed1 --- libavcodec/mpegvideo_enc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/mpegvideo_enc.c b/libavcodec/mpegvideo_enc.c index 0e3255c0fb..2a75973ac4 100644 --- a/libavcodec/mpegvideo_enc.c +++ b/libavcodec/mpegvideo_enc.c @@ -1198,8 +1198,8 @@ static int load_input_picture(MpegEncContext *s, const AVFrame *pic_arg) ptrdiff_t dst_stride = i ? s->uvlinesize : s->linesize; int h_shift = i ? s->chroma_x_shift : 0; int v_shift = i ? s->chroma_y_shift : 0; -int w = s->width >> h_shift; -int h = s->height >> v_shift; +int w = AV_CEIL_RSHIFT(s->width , h_shift); +int h = AV_CEIL_RSHIFT(s->height, v_shift); const uint8_t *src = pic_arg->data[i]; uint8_t *dst = pic->f->data[i]; int vpad = 16; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/amrwbdec: assert mode to be valid in decode_fixed_vector()
ffmpeg | branch: master | Michael Niedermayer | Sun Apr 28 23:30:51 2024 +0200| [a3bb269db92601e2dc0e99352468d02f7b26c7c2] | committer: Michael Niedermayer avcodec/amrwbdec: assert mode to be valid in decode_fixed_vector() Inspired-by: CID1473499 Uninitialized scalar variable Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a3bb269db92601e2dc0e99352468d02f7b26c7c2 --- libavcodec/amrwbdec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/amrwbdec.c b/libavcodec/amrwbdec.c index 9d75b972fa..21a730b835 100644 --- a/libavcodec/amrwbdec.c +++ b/libavcodec/amrwbdec.c @@ -26,6 +26,7 @@ #include "config.h" +#include "libavutil/avassert.h" #include "libavutil/channel_layout.h" #include "libavutil/common.h" #include "libavutil/lfg.h" @@ -554,6 +555,8 @@ static void decode_fixed_vector(float *fixed_vector, const uint16_t *pulse_hi, decode_6p_track(sig_pos[i], (int) pulse_lo[i] + ((int) pulse_hi[i] << 11), 4, 1); break; +default: +av_assert2(0); } memset(fixed_vector, 0, sizeof(float) * AMRWB_SFR_SIZE); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] swscale/output: Fix integer overflow in yuv2rgba64_full_1_c_template()
ffmpeg | branch: master | Michael Niedermayer | Fri Apr 26 05:08:36 2024 +0200| [1330a73ccadd855542ac4386f75fd72ff0ab5ea1] | committer: Michael Niedermayer swscale/output: Fix integer overflow in yuv2rgba64_full_1_c_template() Fixes: signed integer overflow: -1082982400 + -1079364728 cannot be represented in type 'int' Fixes: 67910/clusterfuzz-testcase-minimized-ffmpeg_SWS_fuzzer-5329011971522560 The input is 9bit in 16bit, the fuzzer fills all 16bit thus generating "invalid" input No overflow should happen with valid input. Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1330a73ccadd855542ac4386f75fd72ff0ab5ea1 --- libswscale/output.c | 16 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/libswscale/output.c b/libswscale/output.c index 0b6c77e167..b234f9c6b9 100644 --- a/libswscale/output.c +++ b/libswscale/output.c @@ -1429,7 +1429,7 @@ yuv2rgba64_full_1_c_template(SwsContext *c, const int32_t *buf0, if (uvalpha < 2048) { for (i = 0; i < dstW; i++) { -int Y = (buf0[i]) >> 2; +SUINT Y = (buf0[i]) >> 2; int U = (ubuf0[i] - (128 << 11)) >> 2; int V = (vbuf0[i] - (128 << 11)) >> 2; int R, G, B; @@ -1448,9 +1448,9 @@ yuv2rgba64_full_1_c_template(SwsContext *c, const int32_t *buf0, G = V * c->yuv2rgb_v2g_coeff + U * c->yuv2rgb_u2g_coeff; B =U * c->yuv2rgb_u2b_coeff; -output_pixel([0], av_clip_uintp2(((R_B + Y) >> 14) + (1<<15), 16)); -output_pixel([1], av_clip_uintp2((( G + Y) >> 14) + (1<<15), 16)); -output_pixel([2], av_clip_uintp2(((B_R + Y) >> 14) + (1<<15), 16)); +output_pixel([0], av_clip_uintp2(((int)(R_B + Y) >> 14) + (1<<15), 16)); +output_pixel([1], av_clip_uintp2(((int)( G + Y) >> 14) + (1<<15), 16)); +output_pixel([2], av_clip_uintp2(((int)(B_R + Y) >> 14) + (1<<15), 16)); if (eightbytes) { output_pixel([3], av_clip_uintp2(A, 30) >> 14); dest += 4; @@ -1462,7 +1462,7 @@ yuv2rgba64_full_1_c_template(SwsContext *c, const int32_t *buf0, const int32_t *ubuf1 = ubuf[1], *vbuf1 = vbuf[1]; int A = 0x<<14; for (i = 0; i < dstW; i++) { -int Y = (buf0[i]) >> 2; +SUINT Y = (buf0[i]) >> 2; int U = (ubuf0[i] + ubuf1[i] - (128 << 12)) >> 3; int V = (vbuf0[i] + vbuf1[i] - (128 << 12)) >> 3; int R, G, B; @@ -1481,9 +1481,9 @@ yuv2rgba64_full_1_c_template(SwsContext *c, const int32_t *buf0, G = V * c->yuv2rgb_v2g_coeff + U * c->yuv2rgb_u2g_coeff; B =U * c->yuv2rgb_u2b_coeff; -output_pixel([0], av_clip_uintp2(((R_B + Y) >> 14) + (1<<15), 16)); -output_pixel([1], av_clip_uintp2((( G + Y) >> 14) + (1<<15), 16)); -output_pixel([2], av_clip_uintp2(((B_R + Y) >> 14) + (1<<15), 16)); +output_pixel([0], av_clip_uintp2(((int)(R_B + Y) >> 14) + (1<<15), 16)); +output_pixel([1], av_clip_uintp2(((int)( G + Y) >> 14) + (1<<15), 16)); +output_pixel([2], av_clip_uintp2(((int)(B_R + Y) >> 14) + (1<<15), 16)); if (eightbytes) { output_pixel([3], av_clip_uintp2(A, 30) >> 14); dest += 4; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/wavarc: fix integer overflow in decode_5elp() block type 2
ffmpeg | branch: master | Michael Niedermayer | Fri Apr 26 05:08:38 2024 +0200| [a2ec2bd49317ab16a3c30c0824efc580ea9a8aef] | committer: Michael Niedermayer avcodec/wavarc: fix integer overflow in decode_5elp() block type 2 Fixes: signed integer overflow: 2097152000 + 107142979 cannot be represented in type 'int' Fixes: 67919/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVARC_fuzzer-5955101769400320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a2ec2bd49317ab16a3c30c0824efc580ea9a8aef --- libavcodec/wavarc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/wavarc.c b/libavcodec/wavarc.c index b4b26958e6..93b76c43e8 100644 --- a/libavcodec/wavarc.c +++ b/libavcodec/wavarc.c @@ -689,7 +689,7 @@ static int decode_5elp(AVCodecContext *avctx, for (int o = 0; o < order; o++) sum += s->filter[ch][o] * (unsigned)samples[n + 70 - o - 1]; -samples[n + 70] += ac_out[n] + (sum >> 4); +samples[n + 70] += ac_out[n] + (unsigned)(sum >> 4); } for (int n = 0; n < 70; n++) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/dovi_rpuenc: Initialize bl_compat_id
ffmpeg | branch: master | Michael Niedermayer | Fri May 3 22:43:22 2024 +0200| [c7075cdb676e217331d400bf2fb2c4a62268f649] | committer: Michael Niedermayer avcodec/dovi_rpuenc: Initialize bl_compat_id Fixes: CID1596607 Uninitialized scalar variable Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c7075cdb676e217331d400bf2fb2c4a62268f649 --- libavcodec/dovi_rpuenc.c | 8 +--- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/libavcodec/dovi_rpuenc.c b/libavcodec/dovi_rpuenc.c index 3feaa04b9e..ad03e143ee 100644 --- a/libavcodec/dovi_rpuenc.c +++ b/libavcodec/dovi_rpuenc.c @@ -57,7 +57,7 @@ int ff_dovi_configure(DOVIContext *s, AVCodecContext *avctx) AVDOVIDecoderConfigurationRecord *cfg; const AVDOVIRpuDataHeader *hdr = NULL; const AVFrameSideData *sd; -int dv_profile, dv_level, bl_compat_id; +int dv_profile, dv_level, bl_compat_id = -1; size_t cfg_size; uint64_t pps; @@ -94,9 +94,6 @@ int ff_dovi_configure(DOVIContext *s, AVCodecContext *avctx) } switch (dv_profile) { -case 0: /* None */ -bl_compat_id = -1; -break; case 4: /* HEVC with enhancement layer */ case 7: if (s->enable > 0) { @@ -130,9 +127,6 @@ int ff_dovi_configure(DOVIContext *s, AVCodecContext *avctx) avctx->color_primaries == AVCOL_PRI_BT709 && avctx->color_trc == AVCOL_TRC_BT709) { bl_compat_id = 2; -} else { -/* Not a valid colorspace combination */ -bl_compat_id = -1; } } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] swscale/output: Fix integer overflow in yuv2rgba64_1_c_template
ffmpeg | branch: master | Michael Niedermayer | Fri Apr 26 05:08:35 2024 +0200| [a56559e688ffde40fcda5588123ffcb978da86d7] | committer: Michael Niedermayer swscale/output: Fix integer overflow in yuv2rgba64_1_c_template Fixes: signed integer overflow: -831176 * 9539 cannot be represented in type 'int' Fixes: 67869/clusterfuzz-testcase-minimized-ffmpeg_SWS_fuzzer-5117342091640832 The input is 9bit in 16bit, the fuzzer fills all 16bit thus generating "invalid" input No overflow should happen with valid input. Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a56559e688ffde40fcda5588123ffcb978da86d7 --- libswscale/output.c | 44 ++-- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/libswscale/output.c b/libswscale/output.c index 8849a3201a..0b6c77e167 100644 --- a/libswscale/output.c +++ b/libswscale/output.c @@ -1207,8 +1207,8 @@ yuv2rgba64_1_c_template(SwsContext *c, const int32_t *buf0, if (uvalpha < 2048) { for (i = 0; i < ((dstW + 1) >> 1); i++) { -int Y1 = (buf0[i * 2]) >> 2; -int Y2 = (buf0[i * 2 + 1]) >> 2; +SUINT Y1 = (buf0[i * 2]) >> 2; +SUINT Y2 = (buf0[i * 2 + 1]) >> 2; int U = (ubuf0[i] - (128 << 11)) >> 2; int V = (vbuf0[i] - (128 << 11)) >> 2; int R, G, B; @@ -1232,20 +1232,20 @@ yuv2rgba64_1_c_template(SwsContext *c, const int32_t *buf0, G = V * c->yuv2rgb_v2g_coeff + U * c->yuv2rgb_u2g_coeff; B =U * c->yuv2rgb_u2b_coeff; -output_pixel([0], av_clip_uintp2(((R_B + Y1) >> 14) + (1<<15), 16)); -output_pixel([1], av_clip_uintp2((( G + Y1) >> 14) + (1<<15), 16)); -output_pixel([2], av_clip_uintp2(((B_R + Y1) >> 14) + (1<<15), 16)); +output_pixel([0], av_clip_uintp2(((int)(R_B + Y1) >> 14) + (1<<15), 16)); +output_pixel([1], av_clip_uintp2(((int)( G + Y1) >> 14) + (1<<15), 16)); +output_pixel([2], av_clip_uintp2(((int)(B_R + Y1) >> 14) + (1<<15), 16)); if (eightbytes) { output_pixel([3], av_clip_uintp2(A1 , 30) >> 14); -output_pixel([4], av_clip_uintp2(((R_B + Y2) >> 14) + (1<<15), 16)); -output_pixel([5], av_clip_uintp2((( G + Y2) >> 14) + (1<<15), 16)); -output_pixel([6], av_clip_uintp2(((B_R + Y2) >> 14) + (1<<15), 16)); +output_pixel([4], av_clip_uintp2(((int)(R_B + Y2) >> 14) + (1<<15), 16)); +output_pixel([5], av_clip_uintp2(((int)( G + Y2) >> 14) + (1<<15), 16)); +output_pixel([6], av_clip_uintp2(((int)(B_R + Y2) >> 14) + (1<<15), 16)); output_pixel([7], av_clip_uintp2(A2 , 30) >> 14); dest += 8; } else { -output_pixel([3], av_clip_uintp2(((R_B + Y2) >> 14) + (1<<15), 16)); -output_pixel([4], av_clip_uintp2((( G + Y2) >> 14) + (1<<15), 16)); -output_pixel([5], av_clip_uintp2(((B_R + Y2) >> 14) + (1<<15), 16)); +output_pixel([3], av_clip_uintp2(((int)(R_B + Y2) >> 14) + (1<<15), 16)); +output_pixel([4], av_clip_uintp2(((int)( G + Y2) >> 14) + (1<<15), 16)); +output_pixel([5], av_clip_uintp2(((int)(B_R + Y2) >> 14) + (1<<15), 16)); dest += 6; } } @@ -1253,8 +1253,8 @@ yuv2rgba64_1_c_template(SwsContext *c, const int32_t *buf0, const int32_t *ubuf1 = ubuf[1], *vbuf1 = vbuf[1]; int A1 = 0x<<14, A2 = 0x<<14; for (i = 0; i < ((dstW + 1) >> 1); i++) { -int Y1 = (buf0[i * 2]) >> 2; -int Y2 = (buf0[i * 2 + 1]) >> 2; +SUINT Y1 = (buf0[i * 2]) >> 2; +SUINT Y2 = (buf0[i * 2 + 1]) >> 2; int U = (ubuf0[i] + ubuf1[i] - (128 << 12)) >> 3; int V = (vbuf0[i] + vbuf1[i] - (128 << 12)) >> 3; int R, G, B; @@ -1278,20 +1278,20 @@ yuv2rgba64_1_c_template(SwsContext *c, const int32_t *buf0, G = V * c->yuv2rgb_v2g_coeff + U * c->yuv2rgb_u2g_coeff; B =U * c->yuv2rgb_u2b_coeff; -output_pixel([0], av_clip_uintp2(((R_B + Y1) >> 14) + (1<<15), 16)); -output_pixel([1], av_clip_uintp2((( G + Y1) >> 14) + (1<<15), 16))
[FFmpeg-cvslog] avcodec/av1dec: bit_depth cannot be another values than 8,10,12
ffmpeg | branch: master | Michael Niedermayer | Wed May 1 13:10:57 2024 +0200| [fd7d24fa3f39fc1013fb0d06b42c98b8ff1f8942] | committer: Michael Niedermayer avcodec/av1dec: bit_depth cannot be another values than 8,10,12 Fixes: CID1544265 Logically dead code Sponsored-by: Sovereign Tech Fund Reviewed-by: James Almer Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fd7d24fa3f39fc1013fb0d06b42c98b8ff1f8942 --- libavcodec/av1dec.c | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libavcodec/av1dec.c b/libavcodec/av1dec.c index 75cc3fba48..2666134f67 100644 --- a/libavcodec/av1dec.c +++ b/libavcodec/av1dec.c @@ -493,7 +493,7 @@ static enum AVPixelFormat get_sw_pixel_format(void *logctx, else if (bit_depth == 12) pix_fmt = AV_PIX_FMT_YUV444P12; else -av_log(logctx, AV_LOG_WARNING, "Unknown AV1 pixel format.\n"); +av_assert0(0); } else if (seq->color_config.subsampling_x == 1 && seq->color_config.subsampling_y == 0) { if (bit_depth == 8) @@ -503,7 +503,7 @@ static enum AVPixelFormat get_sw_pixel_format(void *logctx, else if (bit_depth == 12) pix_fmt = AV_PIX_FMT_YUV422P12; else -av_log(logctx, AV_LOG_WARNING, "Unknown AV1 pixel format.\n"); +av_assert0(0); } else if (seq->color_config.subsampling_x == 1 && seq->color_config.subsampling_y == 1) { if (bit_depth == 8) @@ -513,7 +513,7 @@ static enum AVPixelFormat get_sw_pixel_format(void *logctx, else if (bit_depth == 12) pix_fmt = AV_PIX_FMT_YUV420P12; else -av_log(logctx, AV_LOG_WARNING, "Unknown AV1 pixel format.\n"); +av_assert0(0); } } else { if (bit_depth == 8) @@ -523,7 +523,7 @@ static enum AVPixelFormat get_sw_pixel_format(void *logctx, else if (bit_depth == 12) pix_fmt = AV_PIX_FMT_GRAY12; else -av_log(logctx, AV_LOG_WARNING, "Unknown AV1 pixel format.\n"); +av_assert0(0); } return pix_fmt; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/avs3_parser: assert the return value of init_get_bits()
ffmpeg | branch: master | Michael Niedermayer | Wed May 1 21:17:25 2024 +0200| [f9218e4d52e16494ed816651a110dfe0ad22638c] | committer: Michael Niedermayer avcodec/avs3_parser: assert the return value of init_get_bits() Fixes: CID1492867 Unchecked return value Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f9218e4d52e16494ed816651a110dfe0ad22638c --- libavcodec/avs3_parser.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/avs3_parser.c b/libavcodec/avs3_parser.c index a819b5783d..ea495b1c7c 100644 --- a/libavcodec/avs3_parser.c +++ b/libavcodec/avs3_parser.c @@ -73,7 +73,8 @@ static void parse_avs3_nal_units(AVCodecParserContext *s, const uint8_t *buf, GetBitContext gb; int profile, ratecode, low_delay; -init_get_bits8(, buf + 4, buf_size - 4); +av_unused int ret = init_get_bits(, buf + 4, 100); +av_assert1(ret >= 0); s->key_frame = 1; s->pict_type = AV_PICTURE_TYPE_I; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/av1dec: Change bit_depth to int
ffmpeg | branch: master | Michael Niedermayer | Fri May 3 00:10:01 2024 +0200| [69b4d9736b0d0ad01c41fcae2d66eaa534b76969] | committer: Michael Niedermayer avcodec/av1dec: Change bit_depth to int Suggested-by: James Almer Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=69b4d9736b0d0ad01c41fcae2d66eaa534b76969 --- libavcodec/av1dec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/av1dec.c b/libavcodec/av1dec.c index 2666134f67..79a87f41c9 100644 --- a/libavcodec/av1dec.c +++ b/libavcodec/av1dec.c @@ -469,7 +469,7 @@ static int get_tiles_info(AVCodecContext *avctx, const AV1RawTileGroup *tile_gro static enum AVPixelFormat get_sw_pixel_format(void *logctx, const AV1RawSequenceHeader *seq) { -uint8_t bit_depth; +int bit_depth; enum AVPixelFormat pix_fmt = AV_PIX_FMT_NONE; if (seq->seq_profile == 2 && seq->color_config.high_bitdepth) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/avs2_parser: Assert init_get_bits8() success with const size 15
ffmpeg | branch: master | Michael Niedermayer | Wed May 1 15:50:56 2024 +0200| [a7c4f119c91bcb3791a3c242ee61a5c60379db4f] | committer: Michael Niedermayer avcodec/avs2_parser: Assert init_get_bits8() success with const size 15 Fixes: CID1506708 Unchecked return value Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a7c4f119c91bcb3791a3c242ee61a5c60379db4f --- libavcodec/avs2_parser.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavcodec/avs2_parser.c b/libavcodec/avs2_parser.c index 200134f91d..0d68ab1d00 100644 --- a/libavcodec/avs2_parser.c +++ b/libavcodec/avs2_parser.c @@ -72,13 +72,15 @@ static void parse_avs2_seq_header(AVCodecParserContext *s, const uint8_t *buf, unsigned aspect_ratio; unsigned frame_rate_code; int low_delay; +av_unused int ret; // update buf_size_min if parse more deeper const int buf_size_min = 15; if (buf_size < buf_size_min) return; -init_get_bits8(, buf, buf_size_min); +ret = init_get_bits8(, buf, buf_size_min); +av_assert1(ret >= 0); s->key_frame = 1; s->pict_type = AV_PICTURE_TYPE_I; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/iamfdec: check nb_streams in header read
ffmpeg | branch: release/7.0 | Michael Niedermayer | Sat Apr 27 20:51:45 2024 +0200| [da8b2f9704438b80404a97e45015a3881452d6f5] | committer: James Almer avformat/iamfdec: check nb_streams in header read Fixes: Assertion pkt->stream_index < (unsigned)s->nb_streams && "Invalid stream index.\n" failed at libavformat/demux.c:572 Fixes: 67890/clusterfuzz-testcase-minimized-ffmpeg_dem_IAMF_fuzzer-5166340789829632.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: James Almer Signed-off-by: Michael Niedermayer (cherry picked from commit 9f54c13bc4650c59fe2ffb04f5b85145f196fbb7) > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=da8b2f9704438b80404a97e45015a3881452d6f5 --- libavformat/iamfdec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/iamfdec.c b/libavformat/iamfdec.c index e34d13e74c..ce6d4aa064 100644 --- a/libavformat/iamfdec.c +++ b/libavformat/iamfdec.c @@ -154,6 +154,9 @@ static int iamf_read_header(AVFormatContext *s) } } +if (!s->nb_streams) +return AVERROR_INVALIDDATA; + return 0; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avfilter/avfiltergraph: return value of ff_request_frame() is unused
ffmpeg | branch: master | Michael Niedermayer | Mon Apr 22 02:53:51 2024 +0200| [e757726e89ff636e0dc6743f635888639a196e36] | committer: Michael Niedermayer avfilter/avfiltergraph: return value of ff_request_frame() is unused Fixes: CID1397741 Unchecked return value Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e757726e89ff636e0dc6743f635888639a196e36 --- libavfilter/avfiltergraph.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavfilter/avfiltergraph.c b/libavfilter/avfiltergraph.c index 0c569eb218..bd3bed9a35 100644 --- a/libavfilter/avfiltergraph.c +++ b/libavfilter/avfiltergraph.c @@ -1410,7 +1410,7 @@ int avfilter_graph_request_oldest(AVFilterGraph *graph) if (r == AVERROR(EAGAIN) && !oldest->frame_wanted_out && !oldesti->frame_blocked_in && !oldesti->status_in) -ff_request_frame(oldest); +(void)ff_request_frame(oldest); else if (r < 0) return r; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/iamfdec: check nb_streams in header read
ffmpeg | branch: master | Michael Niedermayer | Sat Apr 27 20:51:45 2024 +0200| [9f54c13bc4650c59fe2ffb04f5b85145f196fbb7] | committer: Michael Niedermayer avformat/iamfdec: check nb_streams in header read Fixes: Assertion pkt->stream_index < (unsigned)s->nb_streams && "Invalid stream index.\n" failed at libavformat/demux.c:572 Fixes: 67890/clusterfuzz-testcase-minimized-ffmpeg_dem_IAMF_fuzzer-5166340789829632.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: James Almer Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9f54c13bc4650c59fe2ffb04f5b85145f196fbb7 --- libavformat/iamfdec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/iamfdec.c b/libavformat/iamfdec.c index e34d13e74c..ce6d4aa064 100644 --- a/libavformat/iamfdec.c +++ b/libavformat/iamfdec.c @@ -154,6 +154,9 @@ static int iamf_read_header(AVFormatContext *s) } } +if (!s->nb_streams) +return AVERROR_INVALIDDATA; + return 0; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/mxfdec: Check body_offset
ffmpeg | branch: master | Michael Niedermayer | Fri Apr 26 03:46:33 2024 +0200| [20a6bfda0f7c6447ac94611736cee6e9ce6972a0] | committer: Michael Niedermayer avformat/mxfdec: Check body_offset Fixes: signed integer overflow: 538976288 - -9223372036315799520 cannot be represented in type 'long' Fixes: 68060/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-5523457266745344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Tomas Härdin Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=20a6bfda0f7c6447ac94611736cee6e9ce6972a0 --- libavformat/mxfdec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c index 233d614f78..e65cec74c2 100644 --- a/libavformat/mxfdec.c +++ b/libavformat/mxfdec.c @@ -791,6 +791,9 @@ static int mxf_read_partition_pack(void *arg, AVIOContext *pb, int tag, int size partition->index_sid = avio_rb32(pb); partition->body_offset = avio_rb64(pb); partition->body_sid = avio_rb32(pb); +if (partition->body_offset < 0) +return AVERROR_INVALIDDATA; + if (avio_read(pb, op, sizeof(UID)) != sizeof(UID)) { av_log(mxf->fc, AV_LOG_ERROR, "Failed reading UID\n"); return AVERROR_INVALIDDATA; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/ac3_parser: Check init_get_bits8() for failure
ffmpeg | branch: master | Michael Niedermayer | Sun Apr 28 21:09:45 2024 +0200| [63415168dbd96475372e37ae0fd47bafe151e2f0] | committer: Michael Niedermayer avcodec/ac3_parser: Check init_get_bits8() for failure Fixes: CID1420393 Unchecked return value Sponsored-by: Sovereign Tech Fund Reviewed-by: Lynne Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=63415168dbd96475372e37ae0fd47bafe151e2f0 --- libavcodec/ac3_parser.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavcodec/ac3_parser.c b/libavcodec/ac3_parser.c index 4152fd4e01..4e0ba73481 100644 --- a/libavcodec/ac3_parser.c +++ b/libavcodec/ac3_parser.c @@ -204,7 +204,9 @@ int av_ac3_parse_header(const uint8_t *buf, size_t size, AC3HeaderInfo hdr; int err; -init_get_bits8(, buf, size); +err = init_get_bits8(, buf, size); +if (err < 0) +return AVERROR_INVALIDDATA; err = ff_ac3_parse_header(, ); if (err < 0) return AVERROR_INVALIDDATA; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/kvag: Check sample_rate
ffmpeg | branch: master | Michael Niedermayer | Mon Apr 29 23:44:25 2024 +0200| [c26a762ea1bf028a33554a5f7a18d8dd7d82f5a8] | committer: Michael Niedermayer avformat/kvag: Check sample_rate Fixes: Division by 0 Fixes: -copyts -start_at_zero -itsoffset 00:00:01 -itsscale 1 -ss 00:00:02 -i zgclab/ffmpeg_crash/poc1 output.mp4 Found-by: Wang Dawei and Zhou Geng, from Zhongguancun Laboratory Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c26a762ea1bf028a33554a5f7a18d8dd7d82f5a8 --- libavformat/kvag.c | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libavformat/kvag.c b/libavformat/kvag.c index 1d0aee0994..b55aa893ec 100644 --- a/libavformat/kvag.c +++ b/libavformat/kvag.c @@ -38,7 +38,7 @@ typedef struct KVAGHeader { uint32_tmagic; uint32_tdata_size; -uint32_tsample_rate; +intsample_rate; uint16_tstereo; } KVAGHeader; @@ -70,6 +70,9 @@ static int kvag_read_header(AVFormatContext *s) hdr.sample_rate = AV_RL32(buf + 8); hdr.stereo = AV_RL16(buf + 12); +if (hdr.sample_rate <= 0) +return AVERROR_INVALIDDATA; + par = st->codecpar; par->codec_type = AVMEDIA_TYPE_AUDIO; par->codec_id = AV_CODEC_ID_ADPCM_IMA_SSI; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/atrac9dec: Check init_get_bits8() for failure
ffmpeg | branch: master | Michael Niedermayer | Sun Apr 28 22:57:53 2024 +0200| [615c994739cacbeb0a2f48f8271d911fcd0b4303] | committer: Michael Niedermayer avcodec/atrac9dec: Check init_get_bits8() for failure Fixes: CID1439569 Unchecked return value Fixes: CID1439578 Unchecked return value Sponsored-by: Sovereign Tech Fund Reviewed-by: Lynne Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=615c994739cacbeb0a2f48f8271d911fcd0b4303 --- libavcodec/atrac9dec.c | 8 ++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/libavcodec/atrac9dec.c b/libavcodec/atrac9dec.c index df68407af9..e375f46fd0 100644 --- a/libavcodec/atrac9dec.c +++ b/libavcodec/atrac9dec.c @@ -802,7 +802,9 @@ static int atrac9_decode_frame(AVCodecContext *avctx, AVFrame *frame, if (ret < 0) return ret; -init_get_bits8(, avpkt->data, avpkt->size); +ret = init_get_bits8(, avpkt->data, avpkt->size); +if (ret < 0) +return ret; for (int i = 0; i < frames; i++) { for (int j = 0; j < s->block_config->count; j++) { @@ -922,7 +924,9 @@ static av_cold int atrac9_decode_init(AVCodecContext *avctx) return AVERROR_INVALIDDATA; } -init_get_bits8(, avctx->extradata + 4, avctx->extradata_size); +err = init_get_bits8(, avctx->extradata + 4, avctx->extradata_size); +if (err < 0) +return err; if (get_bits(, 8) != 0xFE) { av_log(avctx, AV_LOG_ERROR, "Incorrect magic byte!\n"); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/vp3: Call ff_progress_frame_unref() before ff_progress_frame_get_buffer()
ffmpeg | branch: master | Michael Niedermayer | Fri Apr 26 23:46:38 2024 +0200| [d9699464c3b2b2b02f21d60ead49c8eb829052fb] | committer: Michael Niedermayer avcodec/vp3: Call ff_progress_frame_unref() before ff_progress_frame_get_buffer() Fixes: Assertion !f->f && !f->progress failed at libavcodec/decode.c:1688 Fixes: 68190/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THEORA_fuzzer-5942090287611904 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Andreas Rheinhardt Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d9699464c3b2b2b02f21d60ead49c8eb829052fb --- libavcodec/vp3.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c index 2a5f68dfa8..0952760776 100644 --- a/libavcodec/vp3.c +++ b/libavcodec/vp3.c @@ -2651,6 +2651,7 @@ static int vp3_decode_frame(AVCodecContext *avctx, AVFrame *frame, if (avctx->skip_frame >= AVDISCARD_NONKEY && !s->keyframe) return buf_size; +ff_progress_frame_unref(>current_frame); ret = ff_progress_frame_get_buffer(avctx, >current_frame, AV_GET_BUFFER_FLAG_REF); if (ret < 0) { ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/pngdec: Check last AVFrame before deref
ffmpeg | branch: master | Michael Niedermayer | Fri Apr 26 23:22:53 2024 +0200| [091fdce87e88c8622d8af89ffa6cbb0dc20c3816] | committer: Michael Niedermayer avcodec/pngdec: Check last AVFrame before deref Fixes: NULL pointer dereference Fixes: 68184/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APNG_fuzzer-4926478069334016 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=091fdce87e88c8622d8af89ffa6cbb0dc20c3816 --- libavcodec/pngdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c index f7751223b8..8934a95a7f 100644 --- a/libavcodec/pngdec.c +++ b/libavcodec/pngdec.c @@ -1218,7 +1218,7 @@ static int decode_fctl_chunk(AVCodecContext *avctx, PNGDecContext *s, return AVERROR_INVALIDDATA; } -if ((sequence_number == 0 || !s->last_picture.f->data[0]) && +if ((sequence_number == 0 || !s->last_picture.f) && dispose_op == APNG_DISPOSE_OP_PREVIOUS) { // No previous frame to revert to for the first frame // Spec says to just treat it as a APNG_DISPOSE_OP_BACKGROUND ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/hevcdec: Check ref frame
ffmpeg | branch: master | Michael Niedermayer | Sat Apr 27 00:09:02 2024 +0200| [5eb05f44503da3fdff82f1fed8ee2706d9841a9a] | committer: Michael Niedermayer avcodec/hevcdec: Check ref frame Fixes: NULL pointer dereferences Fixes: 68197/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-6382538823106560 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Andreas Rheinhardt Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5eb05f44503da3fdff82f1fed8ee2706d9841a9a --- libavcodec/hevcdec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/hevcdec.c b/libavcodec/hevcdec.c index fcfb275f63..b41dc46053 100644 --- a/libavcodec/hevcdec.c +++ b/libavcodec/hevcdec.c @@ -1969,13 +1969,13 @@ static void hls_prediction_unit(HEVCLocalContext *lc, int x0, int y0, if (current_mv.pred_flag & PF_L0) { ref0 = refPicList[0].ref[current_mv.ref_idx[0]]; -if (!ref0 || !ref0->frame->data[0]) +if (!ref0 || !ref0->frame) return; hevc_await_progress(s, ref0, _mv.mv[0], y0, nPbH); } if (current_mv.pred_flag & PF_L1) { ref1 = refPicList[1].ref[current_mv.ref_idx[1]]; -if (!ref1 || !ref1->frame->data[0]) +if (!ref1 || !ref1->frame) return; hevc_await_progress(s, ref1, _mv.mv[1], y0, nPbH); } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] doc/examples/qsv_transcode: Initialize pointer before free
ffmpeg | branch: master | Michael Niedermayer | Wed Apr 24 03:30:20 2024 +0200| [cae0f2bc550312c99655057f8ffab5b59556ceeb] | committer: Michael Niedermayer doc/examples/qsv_transcode: Initialize pointer before free Fixees: CID1517023 Uninitialized pointer read Sponsored-by: Sovereign Tech Fund Reviewed-by: "Xiang, Haihao" Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cae0f2bc550312c99655057f8ffab5b59556ceeb --- doc/examples/qsv_transcode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/examples/qsv_transcode.c b/doc/examples/qsv_transcode.c index 8e843ddd84..665a76af2e 100644 --- a/doc/examples/qsv_transcode.c +++ b/doc/examples/qsv_transcode.c @@ -342,7 +342,7 @@ int main(int argc, char **argv) { const AVCodec *enc_codec; int ret = 0; -AVPacket *dec_pkt; +AVPacket *dec_pkt = NULL; if (argc < 5 || (argc - 5) % 2) { av_log(NULL, AV_LOG_ERROR, "Usage: %s " ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] doc/examples/qsv_transcode: Simplify str_to_dict() loop
ffmpeg | branch: master | Michael Niedermayer | Wed Apr 24 03:28:00 2024 +0200| [191950d1bfc3924d1b54f236b2c35149ba4487a1] | committer: Michael Niedermayer doc/examples/qsv_transcode: Simplify str_to_dict() loop Fixes: CID1517022 Logically dead code Sponsored-by: Sovereign Tech Fund Reviewed-by: "Xiang, Haihao" Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=191950d1bfc3924d1b54f236b2c35149ba4487a1 --- doc/examples/qsv_transcode.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/doc/examples/qsv_transcode.c b/doc/examples/qsv_transcode.c index a4440a3403..8e843ddd84 100644 --- a/doc/examples/qsv_transcode.c +++ b/doc/examples/qsv_transcode.c @@ -76,8 +76,7 @@ static int str_to_dict(char* optstr, AVDictionary **opt) if (value == NULL) return AVERROR(EINVAL); av_dict_set(opt, key, value, 0); -} while(key != NULL); -return 0; +} while(1); } static int dynamic_set_parameter(AVCodecContext *avctx) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] doc/examples/vaapi_transcode: Simplify loop
ffmpeg | branch: master | Michael Niedermayer | Wed Apr 24 03:20:38 2024 +0200| [c9c11a0866d45827201b034349bceb2dc58a3499] | committer: Michael Niedermayer doc/examples/vaapi_transcode: Simplify loop Fixes: CID1428858(1/2) Logically dead code Sponsored-by: Sovereign Tech Fund Reviewed-by: "myp...@gmail.com" Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c9c11a0866d45827201b034349bceb2dc58a3499 --- doc/examples/vaapi_transcode.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/doc/examples/vaapi_transcode.c b/doc/examples/vaapi_transcode.c index 8367cb3040..e1b7a43883 100644 --- a/doc/examples/vaapi_transcode.c +++ b/doc/examples/vaapi_transcode.c @@ -215,10 +215,8 @@ static int dec_enc(AVPacket *pkt, const AVCodec *enc_codec) fail: av_frame_free(); -if (ret < 0) -return ret; } -return 0; +return ret; } int main(int argc, char **argv) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".