date:20180227

[FFmpeg-cvslog] [ffmpeg-web] branch master updated. 12b108a web/download: add 3.0.11

2018-02-27 Thread ffmpeg-git

The branch, master has been updated
   via  12b108af14de44abcae20908c0fc04ef132cde73 (commit)
   via  fa818fea531d5eaeb586a5bcf64d0327a9d3e724 (commit)
  from  4ee8d5d5a42fc942f3e0dbc85557074117ab4ab1 (commit)


- Log -
commit 12b108af14de44abcae20908c0fc04ef132cde73
Author: Michael Niedermayer 
AuthorDate: Tue Feb 27 23:41:18 2018 +0100
Commit: Michael Niedermayer 
CommitDate: Tue Feb 27 23:41:18 2018 +0100

web/download: add 3.0.11

diff --git a/src/download b/src/download
index 93e6e1a..6783c35 100644
--- a/src/download
+++ b/src/download
@@ -386,10 +386,10 @@ libpostproc54.  1.100
  

 
-  FFmpeg 3.0.10 "Einstein"
+  FFmpeg 3.0.11 "Einstein"
 
   
-3.0.10 was released on 2017-12-01. It is the latest stable FFmpeg release
+3.0.11 was released on 2018-02-27. It is the latest stable FFmpeg release
 from the 3.0 release branch, which was cut from master on 2016-02-14.
   
   It includes the following library versions:
@@ -407,19 +407,19 @@ libpostproc54.  0.100
 
   
 
-  Download 
xz tarball
-  PGP 
signature
+  Download 
xz tarball
+  PGP 
signature
  
 
-  Download bzip2 tarball
-  PGP 
signature
+  Download bzip2 tarball
+  PGP 
signature
  
 
-  Download 
gzip tarball
-  PGP 
signature
+  Download 
gzip tarball
+  PGP 
signature
  
 
-  https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n3.0.10;>Changelog
+  https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n3.0.11;>Changelog
   https://git.ffmpeg.org/gitweb/ffmpeg.git/blob/refs/heads/release/3.0:/RELEASE_NOTES;>Release
 Notes
  


commit fa818fea531d5eaeb586a5bcf64d0327a9d3e724
Author: Michael Niedermayer 
AuthorDate: Mon Feb 19 02:36:19 2018 +0100
Commit: Michael Niedermayer 
CommitDate: Mon Feb 19 02:38:07 2018 +0100

web/(old)download: Move 3.1 to olddownloads

No currently maintained distro or app uses 3.1 on 
https://trac.ffmpeg.org/wiki/Downstreams
so it would help noone if we continue maintaining 3.1.*

diff --git a/src/download b/src/download
index 737b880..93e6e1a 100644
--- a/src/download
+++ b/src/download
@@ -386,45 +386,6 @@ libpostproc54.  1.100
  

 
-  FFmpeg 3.1.11 "Laplace"
-
-  
-3.1.11 was released on 2017-09-25. It is the latest stable FFmpeg release
-from the 3.1 release branch, which was cut from master on 2016-06-26.
-  
-  It includes the following library versions:
-  
-  
-libavutil  55. 28.100
-libavcodec 57. 48.101
-libavformat57. 41.100
-libavdevice57.  0.101
-libavfilter 6. 47.100
-libavresample   3.  0.  0
-libswscale  4.  1.100
-libswresample   2.  1.100
-libpostproc54.  0.100
-
-  
-
-  Download 
xz tarball
-  PGP 
signature
- 
-
-  Download bzip2 tarball
-  PGP 
signature
- 
-
-  Download 
gzip tarball
-  PGP 
signature
- 
-
-  https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n3.1.11;>Changelog
-  https://git.ffmpeg.org/gitweb/ffmpeg.git/blob/refs/heads/release/3.1:/RELEASE_NOTES;>Release
 Notes
- 
-   
-
-
   FFmpeg 3.0.10 "Einstein"
 
   
diff --git a/src/olddownload b/src/olddownload
index d380b2f..cc3c9ae 100644
--- a/src/olddownload
+++ b/src/olddownload
@@ -6,6 +6,45 @@
   maintaining an old release.
 
 
+  FFmpeg 3.1.11 "Laplace"
+
+  
+3.1.11 was released on 2017-09-25. It is the latest stable FFmpeg release
+from the 3.1 release branch, which was cut from master on 2016-06-26.
+  
+  It includes the following library versions:
+  
+  
+libavutil  55. 28.100
+libavcodec 57. 48.101
+libavformat57. 41.100
+libavdevice57.  0.101
+libavfilter 6. 47.100
+libavresample   3.  0.  0
+libswscale  4.  1.100
+libswresample   2.  1.100
+libpostproc54.  0.100
+
+  
+
+  Download 
xz tarball
+  PGP 
signature
+ 
+
+  Download bzip2 tarball
+  PGP 
signature
+ 
+
+  Download 
gzip tarball
+  PGP 
signature
+ 
+
+  https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n3.1.11;>Changelog
+  https://git.ffmpeg.org/gitweb/ffmpeg.git/blob/refs/heads/release/3.1:/RELEASE_NOTES;>Release
 Notes
+ 
+   
+
+
   FFmpeg 2.7.7 "Nash"
 
   

---

Summary of changes:
 src/download| 57 +
 src/olddownload | 39 +++
 2 files changed, 48 insertions(+), 48 deletions(-)


hooks/post-receive
-- 

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] Tag n3.0.11 : FFmpeg 3.0.11 release

2018-02-27 Thread git

[ffmpeg] [branch: refs/tags/n3.0.11]
Tag:c84fbc3085b6270d485a8d5e76757da2837d05ed
> http://git.videolan.org/gitweb.cgi/ffmpeg.git?a=tag;h=c84fbc3085b6270d485a8d5e76757da2837d05ed

Tagger: Michael Niedermayer 
Date:   Tue Feb 27 22:37:00 2018 +0100

FFmpeg 3.0.11 release
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/diracdec: Fix integer overflow in mv computation

2018-02-27 Thread Michael Niedermayer

ffmpeg | branch: release/3.0 | Michael Niedermayer  | 
Sun Feb 18 21:51:38 2018 +0100| [6822bd50c1eaa385b202ba692d954e1fb2a97fc3] | 
committer: Michael Niedermayer

avcodec/diracdec: Fix integer overflow in mv computation

Fixes: signed integer overflow: -2072 + -2147483646 cannot be represented in 
type 'int'
Fixes: 6097/clusterfuzz-testcase-minimized-5034145253163008

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 47e65ad63b3d067445c4de41a7718b83fc07767c)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6822bd50c1eaa385b202ba692d954e1fb2a97fc3
---

 libavcodec/diracdec.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c
index 033fbe4261..da5240a135 100644
--- a/libavcodec/diracdec.c
+++ b/libavcodec/diracdec.c
@@ -1353,8 +1353,8 @@ static void decode_block_params(DiracContext *s, 
DiracArith arith[8], DiracBlock
 global_mv(s, block, x, y, i);
 } else {
 pred_mv(block, stride, x, y, i);
-block->u.mv[i][0] += dirac_get_arith_int(arith + 4 + 2 * i, 
CTX_MV_F1, CTX_MV_DATA);
-block->u.mv[i][1] += dirac_get_arith_int(arith + 5 + 2 * i, 
CTX_MV_F1, CTX_MV_DATA);
+block->u.mv[i][0] += (unsigned)dirac_get_arith_int(arith + 4 + 
2 * i, CTX_MV_F1, CTX_MV_DATA);
+block->u.mv[i][1] += (unsigned)dirac_get_arith_int(arith + 5 + 
2 * i, CTX_MV_F1, CTX_MV_DATA);
 }
 }
 }

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/cavsdec: Check alpha/beta offset

2018-02-27 Thread Michael Niedermayer

ffmpeg | branch: release/3.0 | Michael Niedermayer  | 
Tue Feb 20 23:11:01 2018 +0100| [24a3c45da511c58f550f33db507c3fda50e496af] | 
committer: Michael Niedermayer

avcodec/cavsdec: Check alpha/beta offset

Fixes: Integer overflow
Fixes: 6183/clusterfuzz-testcase-minimized-6269224436629504

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit ae2eb04648839bfc6c61c32cb0f124e91bb7ff8e)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=24a3c45da511c58f550f33db507c3fda50e496af
---

 libavcodec/cavsdec.c | 5 +
 1 file changed, 5 insertions(+)

diff --git a/libavcodec/cavsdec.c b/libavcodec/cavsdec.c
index cd4eec9caf..b7aeb45603 100644
--- a/libavcodec/cavsdec.c
+++ b/libavcodec/cavsdec.c
@@ -1067,6 +1067,11 @@ static int decode_pic(AVSContext *h)
 if (!h->loop_filter_disable && get_bits1(>gb)) {
 h->alpha_offset= get_se_golomb(>gb);
 h->beta_offset = get_se_golomb(>gb);
+if (   h->alpha_offset < -64 || h->alpha_offset > 64
+|| h-> beta_offset < -64 || h-> beta_offset > 64) {
+h->alpha_offset = h->beta_offset  = 0;
+return AVERROR_INVALIDDATA;
+}
 } else {
 h->alpha_offset = h->beta_offset  = 0;
 }

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/bintext: sanity check dimensions

2018-02-27 Thread Michael Niedermayer

ffmpeg | branch: release/3.0 | Michael Niedermayer  | 
Mon Feb 26 21:17:08 2018 +0100| [add3c2468e960767c7fc7232ab8a492f8c55e65b] | 
committer: Michael Niedermayer

avcodec/bintext: sanity check dimensions

Fixes: Timeout
Fixes: 
6277/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XBIN_fuzzer-6047202288861184

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 090c0abff9c8b27304614f15d9464dbf4ea59833)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=add3c2468e960767c7fc7232ab8a492f8c55e65b
---

 libavcodec/bintext.c | 7 +--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/libavcodec/bintext.c b/libavcodec/bintext.c
index 90bbe67b59..d967317671 100644
--- a/libavcodec/bintext.c
+++ b/libavcodec/bintext.c
@@ -35,6 +35,8 @@
 #include "bintext.h"
 #include "internal.h"
 
+#define FONT_WIDTH 8
+
 typedef struct XbinContext {
 AVFrame *frame;
 int palette[16];
@@ -91,6 +93,9 @@ static av_cold int decode_init(AVCodecContext *avctx)
 break;
 }
 }
+if (avctx->width < FONT_WIDTH || avctx->height < s->font_height)
+return AVERROR_INVALIDDATA;
+
 
 s->frame = av_frame_alloc();
 if (!s->frame)
@@ -113,8 +118,6 @@ av_unused static void hscroll(AVCodecContext *avctx)
 }
 }
 
-#define FONT_WIDTH 8
-
 /**
  * Draw character to screen
  */

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/smc: Check input packet size

2018-02-27 Thread Michael Niedermayer

ffmpeg | branch: release/3.0 | Michael Niedermayer  | 
Fri Feb 23 03:40:02 2018 +0100| [789a12b140ba2426a1c9bb9ce31a7a4f50d0216a] | 
committer: Michael Niedermayer

avcodec/smc: Check input packet size

Fixes: Timeout
Fixes: 
6261/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMC_fuzzer-5811309653262336

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 0293663483ab5dbfff23602a62800d84e021b33c)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=789a12b140ba2426a1c9bb9ce31a7a4f50d0216a
---

 libavcodec/smc.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/libavcodec/smc.c b/libavcodec/smc.c
index 18174fa57e..66de691e2c 100644
--- a/libavcodec/smc.c
+++ b/libavcodec/smc.c
@@ -437,6 +437,10 @@ static int smc_decode_frame(AVCodecContext *avctx,
 SmcContext *s = avctx->priv_data;
 const uint8_t *pal = av_packet_get_side_data(avpkt, AV_PKT_DATA_PALETTE, 
NULL);
 int ret;
+int total_blocks = ((s->avctx->width + 3) / 4) * ((s->avctx->height + 3) / 
4);
+
+if (total_blocks / 1024 > avpkt->size)
+return AVERROR_INVALIDDATA;
 
 bytestream2_init(>gb, buf, buf_size);
 

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] Changelog: update

2018-02-27 Thread Michael Niedermayer

ffmpeg | branch: release/3.0 | Michael Niedermayer  | 
Tue Feb 27 20:00:58 2018 +0100| [b910b34926657531d84269bd7c61fb8c74e5d905] | 
committer: Michael Niedermayer

Changelog: update

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b910b34926657531d84269bd7c61fb8c74e5d905
---

 Changelog | 11 +++
 1 file changed, 11 insertions(+)

diff --git a/Changelog b/Changelog
index f10fc09633..a3bf744044 100644
--- a/Changelog
+++ b/Changelog
@@ -2,6 +2,17 @@ Entries are sorted chronologically from oldest to youngest 
within each release,
 releases are sorted from youngest to oldest.
 
 version 3.0.11
+- avcodec/bintext: sanity check dimensions
+- avcodec/utvideodec: Check subsample factors
+- avcodec/smc: Check input packet size
+- avcodec/cavsdec: Check alpha/beta offset
+- avcodec/diracdec: Fix integer overflow in mv computation
+- avcodec/aacdec_templat: Fix integer overflow in apply_ltp()
+- avcodec/jpeg2000dwt: Fix integer overflows in sr_1d53()
+- avcodec/diracdec: Use int64 in global mv to prevent overflow
+- avcodec/dxtory: Remove code that corrupts dimensions
+- avformat/hvcc: zero initialize the nal buffers past the last written byte
+- swresample/rematrix: fix update of channel matrix if input or output layout 
is undefined
 - avcodec/dirac_dwt_template: Fix Integer overflow in 
horizontal_compose_dd137i()
 - avcodec/vp8: Check for bitstream end before vp7_fade_frame()
 - avcodec/exr: Check remaining bits in last get code loop

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/diracdec: Use int64 in global mv to prevent overflow

2018-02-27 Thread Michael Niedermayer

ffmpeg | branch: release/3.0 | Michael Niedermayer  | 
Sat Feb 17 23:54:44 2018 +0100| [b4135fb335f0ab1f06996233f45610c3dcb85bb7] | 
committer: Michael Niedermayer

avcodec/diracdec: Use int64 in global mv to prevent overflow

Fixes: runtime error: signed integer overflow: 361 * -6295541 cannot be 
represented in type 'int'
Fixes: 5911/clusterfuzz-testcase-minimized-6450382197751808

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit cbcbefdc3b4cbc917d2f8b2dd216fb12121a838b)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b4135fb335f0ab1f06996233f45610c3dcb85bb7
---

 libavcodec/diracdec.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c
index 2cdebe8700..033fbe4261 100644
--- a/libavcodec/diracdec.c
+++ b/libavcodec/diracdec.c
@@ -1315,8 +1315,8 @@ static void global_mv(DiracContext *s, DiracBlock *block, 
int x, int y, int ref)
 int *c  = s->globalmc[ref].perspective;
 
 int m   = (1<u.mv[ref][0] = (mx + (1<<(ez+ep))) >> (ez+ep);
 block->u.mv[ref][1] = (my + (1<<(ez+ep))) >> (ez+ep);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/dxtory: Remove code that corrupts dimensions

2018-02-27 Thread Michael Niedermayer

ffmpeg | branch: release/3.0 | Michael Niedermayer  | 
Sat Feb 17 21:27:16 2018 +0100| [876ecfccfb2796906e1017fbad0388c411052c06] | 
committer: Michael Niedermayer

avcodec/dxtory: Remove code that corrupts dimensions

Fixes: Timeout
Fixes: 5796/clusterfuzz-testcase-minimized-5206729085157376

Does someone have a valid sample that triggers this path ?

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 3748746a4d6988484d34516f7a3c6febf7bdf488)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=876ecfccfb2796906e1017fbad0388c411052c06
---

 libavcodec/dxtory.c | 6 +-
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/libavcodec/dxtory.c b/libavcodec/dxtory.c
index 19c7dbb012..2ac40dd2d1 100644
--- a/libavcodec/dxtory.c
+++ b/libavcodec/dxtory.c
@@ -304,11 +304,7 @@ static int dxtory_decode_v2(AVCodecContext *avctx, AVFrame 
*pic,
 }
 
 if (avctx->height - line) {
-av_log(avctx, AV_LOG_VERBOSE,
-   "Not enough slice data available, "
-   "cropping the frame by %d pixels\n",
-avctx->height - line);
-avctx->height = line;
+avpriv_request_sample(avctx, "Not enough slice data available");
 }
 
 return 0;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/utvideodec: Check subsample factors

2018-02-27 Thread Michael Niedermayer

ffmpeg | branch: release/3.0 | Michael Niedermayer  | 
Mon Feb 26 03:02:48 2018 +0100| [fbf690d79a611a8dd9df1bce4189e5bf9c05508a] | 
committer: Michael Niedermayer

avcodec/utvideodec: Check subsample factors

Fixes: Out of array read
Fixes: heap_poc

Found-by: GwanYeong Kim 
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 7414d0bda7763f9bd69c26c068e482ab297c1c96)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fbf690d79a611a8dd9df1bce4189e5bf9c05508a
---

 libavcodec/utvideodec.c | 9 +
 1 file changed, 9 insertions(+)

diff --git a/libavcodec/utvideodec.c b/libavcodec/utvideodec.c
index 760d9e5a7f..160528e007 100644
--- a/libavcodec/utvideodec.c
+++ b/libavcodec/utvideodec.c
@@ -28,6 +28,7 @@
 #include 
 
 #include "libavutil/intreadwrite.h"
+#include "libavutil/pixdesc.h"
 #include "avcodec.h"
 #include "bswapdsp.h"
 #include "bytestream.h"
@@ -474,6 +475,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, 
int *got_frame,
 static av_cold int decode_init(AVCodecContext *avctx)
 {
 UtvideoContext * const c = avctx->priv_data;
+int h_shift, v_shift;
 
 c->avctx = avctx;
 
@@ -538,6 +540,13 @@ static av_cold int decode_init(AVCodecContext *avctx)
 return AVERROR_INVALIDDATA;
 }
 
+av_pix_fmt_get_chroma_sub_sample(avctx->pix_fmt, _shift, _shift);
+if ((avctx->width  & ((1<height & ((1<

[FFmpeg-cvslog] avcodec/aacdec_templat: Fix integer overflow in apply_ltp()

2018-02-27 Thread Michael Niedermayer

ffmpeg | branch: release/3.0 | Michael Niedermayer  | 
Sun Feb 18 16:55:52 2018 +0100| [6648d3fef6b07f3ec0b60ec4b5ec08aa5e1964ca] | 
committer: Michael Niedermayer

avcodec/aacdec_templat: Fix integer overflow in apply_ltp()

Fixes: signed integer overflow: -1625276744 + -1041893960 cannot be represented 
in type 'int'
Fixes: 5948/clusterfuzz-testcase-minimized-5791479856365568

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 33fe17bdc88d51a8e0c87aa1e8011aaaf38a7a90)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6648d3fef6b07f3ec0b60ec4b5ec08aa5e1964ca
---

 libavcodec/aacdec_template.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/aacdec_template.c b/libavcodec/aacdec_template.c
index 3cb8f32403..f21d215c9e 100644
--- a/libavcodec/aacdec_template.c
+++ b/libavcodec/aacdec_template.c
@@ -2496,7 +2496,7 @@ static void apply_ltp(AACContext *ac, 
SingleChannelElement *sce)
 for (sfb = 0; sfb < FFMIN(sce->ics.max_sfb, MAX_LTP_LONG_SFB); sfb++)
 if (ltp->used[sfb])
 for (i = offsets[sfb]; i < offsets[sfb + 1]; i++)
-sce->coeffs[i] += predFreq[i];
+sce->coeffs[i] += (UINTFLOAT)predFreq[i];
 }
 }
 

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/jpeg2000dwt: Fix integer overflows in sr_1d53()

2018-02-27 Thread Michael Niedermayer

ffmpeg | branch: release/3.0 | Michael Niedermayer  | 
Sun Feb 18 00:11:33 2018 +0100| [afc85dacba4be4b91e2e1ca5df31f55fb94b44d6] | 
committer: Michael Niedermayer

avcodec/jpeg2000dwt: Fix integer overflows in sr_1d53()

Fixes: 5918/clusterfuzz-testcase-minimized-5120505435652096

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 793347a54579ee954b58d336b82eed4a1786de21)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=afc85dacba4be4b91e2e1ca5df31f55fb94b44d6
---

 libavcodec/jpeg2000dwt.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/libavcodec/jpeg2000dwt.c b/libavcodec/jpeg2000dwt.c
index 38a578af3d..5a72335d91 100644
--- a/libavcodec/jpeg2000dwt.c
+++ b/libavcodec/jpeg2000dwt.c
@@ -305,22 +305,22 @@ static void dwt_encode97_int(DWTContext *s, int *t)
 t[i] = (t[i] + ((1<>1)) >> I_PRESHIFT;
 }
 
-static void sr_1d53(int *p, int i0, int i1)
+static void sr_1d53(unsigned *p, int i0, int i1)
 {
 int i;
 
 if (i1 <= i0 + 1) {
 if (i0 == 1)
-p[1] >>= 1;
+p[1] = (int)p[1] >> 1;
 return;
 }
 
 extend53(p, i0, i1);
 
 for (i = (i0 >> 1); i < (i1 >> 1) + 1; i++)
-p[2 * i] -= (p[2 * i - 1] + p[2 * i + 1] + 2) >> 2;
+p[2 * i] -= (int)(p[2 * i - 1] + p[2 * i + 1] + 2) >> 2;
 for (i = (i0 >> 1); i < (i1 >> 1); i++)
-p[2 * i + 1] += (p[2 * i] + p[2 * i + 2]) >> 1;
+p[2 * i + 1] += (int)(p[2 * i] + p[2 * i + 2]) >> 1;
 }
 
 static void dwt_decode53(DWTContext *s, int *t)

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/Makefile: skip nvdec.h header when nvdec is not enabled

2018-02-27 Thread James Almer

ffmpeg | branch: master | James Almer  | Tue Feb 27 17:51:02 
2018 -0300| [40102a21374096ce0ba05c67c6e7474f176af2d0] | committer: James Almer

avcodec/Makefile: skip nvdec.h header when nvdec is not enabled

Fixes make checkheaders now that the cuda headers are no longer in-tree

Signed-off-by: James Almer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=40102a21374096ce0ba05c67c6e7474f176af2d0
---

 libavcodec/Makefile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/libavcodec/Makefile b/libavcodec/Makefile
index f09518b197..b496f0dfb0 100644
--- a/libavcodec/Makefile
+++ b/libavcodec/Makefile
@@ -1086,6 +1086,7 @@ SKIPHEADERS-$(CONFIG_JNI)  += ffjni.h
 SKIPHEADERS-$(CONFIG_LIBVPX)   += libvpx.h
 SKIPHEADERS-$(CONFIG_LIBWEBP_ENCODER)  += libwebpenc_common.h
 SKIPHEADERS-$(CONFIG_MEDIACODEC)   += mediacodecdec_common.h 
mediacodec_surface.h mediacodec_wrapper.h mediacodec_sw_buffer.h
+SKIPHEADERS-$(CONFIG_NVDEC)+= nvdec.h
 SKIPHEADERS-$(CONFIG_NVENC)+= nvenc.h
 SKIPHEADERS-$(CONFIG_QSV)  += qsv.h qsv_internal.h
 SKIPHEADERS-$(CONFIG_QSVDEC)   += qsvdec.h

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/exr: fix invalid shift in unpack_14()

2018-02-27 Thread Michael Niedermayer

ffmpeg | branch: master | Michael Niedermayer  | Wed 
Feb 21 04:29:44 2018 +0100| [49062a90174b6e4104876c0257dc673a0da854ca] | 
committer: Michael Niedermayer

avcodec/exr: fix invalid shift in unpack_14()

Fixes: 6154/clusterfuzz-testcase-minimized-5762231061970944
Fixes: runtime error: shift exponent 63 is too large for 32-bit type 'int'

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=49062a90174b6e4104876c0257dc673a0da854ca
---

 libavcodec/exr.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/exr.c b/libavcodec/exr.c
index 444af17778..5253cc3f13 100644
--- a/libavcodec/exr.c
+++ b/libavcodec/exr.c
@@ -899,7 +899,7 @@ static int pxr24_uncompress(EXRContext *s, const uint8_t 
*src,
 
 static void unpack_14(const uint8_t b[14], uint16_t s[16])
 {
-unsigned short shift = (b[ 2] >> 2);
+unsigned short shift = (b[ 2] >> 2) & 15;
 unsigned short bias = (0x20 << shift);
 int i;
 

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/bintext: sanity check dimensions

2018-02-27 Thread Michael Niedermayer

ffmpeg | branch: master | Michael Niedermayer  | Mon 
Feb 26 21:17:08 2018 +0100| [090c0abff9c8b27304614f15d9464dbf4ea59833] | 
committer: Michael Niedermayer

avcodec/bintext: sanity check dimensions

Fixes: Timeout
Fixes: 
6277/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XBIN_fuzzer-6047202288861184

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=090c0abff9c8b27304614f15d9464dbf4ea59833
---

 libavcodec/bintext.c | 7 +--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/libavcodec/bintext.c b/libavcodec/bintext.c
index 90bbe67b59..d967317671 100644
--- a/libavcodec/bintext.c
+++ b/libavcodec/bintext.c
@@ -35,6 +35,8 @@
 #include "bintext.h"
 #include "internal.h"
 
+#define FONT_WIDTH 8
+
 typedef struct XbinContext {
 AVFrame *frame;
 int palette[16];
@@ -91,6 +93,9 @@ static av_cold int decode_init(AVCodecContext *avctx)
 break;
 }
 }
+if (avctx->width < FONT_WIDTH || avctx->height < s->font_height)
+return AVERROR_INVALIDDATA;
+
 
 s->frame = av_frame_alloc();
 if (!s->frame)
@@ -113,8 +118,6 @@ av_unused static void hscroll(AVCodecContext *avctx)
 }
 }
 
-#define FONT_WIDTH 8
-
 /**
  * Draw character to screen
  */

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/msmpeg4dec: Check for input end in msmpeg4v34_decode_mb()

2018-02-27 Thread Michael Niedermayer

ffmpeg | branch: master | Michael Niedermayer  | Mon 
Feb 26 16:44:50 2018 +0100| [f9cb17f988cc72048f2051ce120ccbd6d05ce1c2] | 
committer: Michael Niedermayer

avcodec/msmpeg4dec: Check for input end in msmpeg4v34_decode_mb()

Fixes: Timeout
Fixes: 
6276/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV1_fuzzer-5881196690014208

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f9cb17f988cc72048f2051ce120ccbd6d05ce1c2
---

 libavcodec/msmpeg4dec.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavcodec/msmpeg4dec.c b/libavcodec/msmpeg4dec.c
index 4105d4ba7d..457a37e745 100644
--- a/libavcodec/msmpeg4dec.c
+++ b/libavcodec/msmpeg4dec.c
@@ -208,6 +208,9 @@ static int msmpeg4v34_decode_mb(MpegEncContext *s, int16_t 
block[6][64])
 uint8_t *coded_val;
 uint32_t * const mb_type_ptr = >current_picture.mb_type[s->mb_x + 
s->mb_y*s->mb_stride];
 
+if (get_bits_left(>gb) <= 0)
+return AVERROR_INVALIDDATA;
+
 if (s->pict_type == AV_PICTURE_TYPE_P) {
 if (s->use_skip_mb_code) {
 if (get_bits1(>gb)) {

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/g2meet: Check tile dimensions with av_image_check_size2()

2018-02-27 Thread Michael Niedermayer

ffmpeg | branch: master | Michael Niedermayer  | Thu 
Feb 22 02:34:05 2018 +0100| [3981fb8d2a03cdb3399590da8621a7bcc22e2964] | 
committer: Michael Niedermayer

avcodec/g2meet: Check tile dimensions with av_image_check_size2()

Fixes: OOM
Fixes: 
6216/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G2M_fuzzer-4983807968018432

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3981fb8d2a03cdb3399590da8621a7bcc22e2964
---

 libavcodec/g2meet.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libavcodec/g2meet.c b/libavcodec/g2meet.c
index 842095ba3b..a46157218f 100644
--- a/libavcodec/g2meet.c
+++ b/libavcodec/g2meet.c
@@ -28,6 +28,7 @@
 #include 
 #include 
 
+#include "libavutil/imgutils.h"
 #include "libavutil/intreadwrite.h"
 
 #include "avcodec.h"
@@ -1451,7 +1452,8 @@ static int g2m_decode_frame(AVCodecContext *avctx, void 
*data,
 c->tile_height = bytestream2_get_be32();
 if (c->tile_width <= 0 || c->tile_height <= 0 ||
 ((c->tile_width | c->tile_height) & 0xF) ||
-c->tile_width * (uint64_t)c->tile_height >= INT_MAX / 4
+c->tile_width * (uint64_t)c->tile_height >= INT_MAX / 4 ||
+av_image_check_size2(c->tile_width, c->tile_height, 
avctx->max_pixels, avctx->pix_fmt, 0, avctx) < 0
 ) {
 av_log(avctx, AV_LOG_ERROR,
"Invalid tile dimensions %dx%d\n",

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/rscc: Skip empty frames (nb_tiles == 0)

2018-02-27 Thread Michael Niedermayer

ffmpeg | branch: master | Michael Niedermayer  | Mon 
Feb 26 02:15:34 2018 +0100| [bbed942dfd64c43d8f943532d8e12f10e7613938] | 
committer: Michael Niedermayer

avcodec/rscc: Skip empty frames (nb_tiles == 0)

Fixes: Timeout
Fixes: 
6266/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RSCC_fuzzer-5692431816196096

Its not known if nb_tiles is allowed so it is not treated as an error

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bbed942dfd64c43d8f943532d8e12f10e7613938
---

 libavcodec/rscc.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/libavcodec/rscc.c b/libavcodec/rscc.c
index f270cd5351..dae5e84634 100644
--- a/libavcodec/rscc.c
+++ b/libavcodec/rscc.c
@@ -157,6 +157,12 @@ static int rscc_decode_frame(AVCodecContext *avctx, void 
*data,
 
 /* Read number of tiles, and allocate the array */
 tiles_nb = bytestream2_get_le16(gbc);
+
+if (tiles_nb == 0) {
+av_log(avctx, AV_LOG_DEBUG, "no tiles\n");
+return avpkt->size;
+}
+
 av_fast_malloc(>tiles, >tiles_size,
tiles_nb * sizeof(*ctx->tiles));
 if (!ctx->tiles) {

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/utvideodec: Check subsample factors

2018-02-27 Thread Michael Niedermayer

ffmpeg | branch: master | Michael Niedermayer  | Mon 
Feb 26 03:02:48 2018 +0100| [7414d0bda7763f9bd69c26c068e482ab297c1c96] | 
committer: Michael Niedermayer

avcodec/utvideodec: Check subsample factors

Fixes: Out of array read
Fixes: heap_poc

Found-by: GwanYeong Kim 
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7414d0bda7763f9bd69c26c068e482ab297c1c96
---

 libavcodec/utvideodec.c | 9 +
 1 file changed, 9 insertions(+)

diff --git a/libavcodec/utvideodec.c b/libavcodec/utvideodec.c
index c5f5534964..086129d094 100644
--- a/libavcodec/utvideodec.c
+++ b/libavcodec/utvideodec.c
@@ -30,6 +30,7 @@
 #define UNCHECKED_BITSTREAM_READER 1
 
 #include "libavutil/intreadwrite.h"
+#include "libavutil/pixdesc.h"
 #include "avcodec.h"
 #include "bswapdsp.h"
 #include "bytestream.h"
@@ -912,6 +913,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, 
int *got_frame,
 static av_cold int decode_init(AVCodecContext *avctx)
 {
 UtvideoContext * const c = avctx->priv_data;
+int h_shift, v_shift;
 
 c->avctx = avctx;
 
@@ -1012,6 +1014,13 @@ static av_cold int decode_init(AVCodecContext *avctx)
 return AVERROR_INVALIDDATA;
 }
 
+av_pix_fmt_get_chroma_sub_sample(avctx->pix_fmt, _shift, _shift);
+if ((avctx->width  & ((1<height & ((1<pack && avctx->extradata_size >= 16) {
 av_log(avctx, AV_LOG_DEBUG, "Encoder version %d.%d.%d.%d\n",
avctx->extradata[3], avctx->extradata[2],

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] [ffmpeg-web] branch master updated. 12b108a web/download: add 3.0.11

[FFmpeg-cvslog] Tag n3.0.11 : FFmpeg 3.0.11 release

[FFmpeg-cvslog] avcodec/diracdec: Fix integer overflow in mv computation

[FFmpeg-cvslog] avcodec/cavsdec: Check alpha/beta offset

[FFmpeg-cvslog] avcodec/bintext: sanity check dimensions

[FFmpeg-cvslog] avcodec/smc: Check input packet size

[FFmpeg-cvslog] Changelog: update

[FFmpeg-cvslog] avcodec/diracdec: Use int64 in global mv to prevent overflow

[FFmpeg-cvslog] avcodec/dxtory: Remove code that corrupts dimensions

[FFmpeg-cvslog] avcodec/utvideodec: Check subsample factors

[FFmpeg-cvslog] avcodec/aacdec_templat: Fix integer overflow in apply_ltp()

[FFmpeg-cvslog] avcodec/jpeg2000dwt: Fix integer overflows in sr_1d53()

[FFmpeg-cvslog] avcodec/Makefile: skip nvdec.h header when nvdec is not enabled

[FFmpeg-cvslog] avcodec/exr: fix invalid shift in unpack_14()

[FFmpeg-cvslog] avcodec/bintext: sanity check dimensions

[FFmpeg-cvslog] avcodec/msmpeg4dec: Check for input end in msmpeg4v34_decode_mb()

[FFmpeg-cvslog] avcodec/g2meet: Check tile dimensions with av_image_check_size2()

[FFmpeg-cvslog] avcodec/rscc: Skip empty frames (nb_tiles == 0)

[FFmpeg-cvslog] avcodec/utvideodec: Check subsample factors

19 matches

Site Navigation

Mail list logo

Footer information