[FFmpeg-cvslog] [ffmpeg-web] branch master updated. 12b108a web/download: add 3.0.11
The branch, master has been updated via 12b108af14de44abcae20908c0fc04ef132cde73 (commit) via fa818fea531d5eaeb586a5bcf64d0327a9d3e724 (commit) from 4ee8d5d5a42fc942f3e0dbc85557074117ab4ab1 (commit) - Log - commit 12b108af14de44abcae20908c0fc04ef132cde73 Author: Michael NiedermayerAuthorDate: Tue Feb 27 23:41:18 2018 +0100 Commit: Michael Niedermayer CommitDate: Tue Feb 27 23:41:18 2018 +0100 web/download: add 3.0.11 diff --git a/src/download b/src/download index 93e6e1a..6783c35 100644 --- a/src/download +++ b/src/download @@ -386,10 +386,10 @@ libpostproc54. 1.100 - FFmpeg 3.0.10 "Einstein" + FFmpeg 3.0.11 "Einstein" -3.0.10 was released on 2017-12-01. It is the latest stable FFmpeg release +3.0.11 was released on 2018-02-27. It is the latest stable FFmpeg release from the 3.0 release branch, which was cut from master on 2016-02-14. It includes the following library versions: @@ -407,19 +407,19 @@ libpostproc54. 0.100 - Download xz tarball - PGP signature + Download xz tarball + PGP signature - Download bzip2 tarball - PGP signature + Download bzip2 tarball + PGP signature - Download gzip tarball - PGP signature + Download gzip tarball + PGP signature - https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n3.0.10;>Changelog + https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n3.0.11;>Changelog https://git.ffmpeg.org/gitweb/ffmpeg.git/blob/refs/heads/release/3.0:/RELEASE_NOTES;>Release Notes commit fa818fea531d5eaeb586a5bcf64d0327a9d3e724 Author: Michael Niedermayer AuthorDate: Mon Feb 19 02:36:19 2018 +0100 Commit: Michael Niedermayer CommitDate: Mon Feb 19 02:38:07 2018 +0100 web/(old)download: Move 3.1 to olddownloads No currently maintained distro or app uses 3.1 on https://trac.ffmpeg.org/wiki/Downstreams so it would help noone if we continue maintaining 3.1.* diff --git a/src/download b/src/download index 737b880..93e6e1a 100644 --- a/src/download +++ b/src/download @@ -386,45 +386,6 @@ libpostproc54. 1.100 - FFmpeg 3.1.11 "Laplace" - - -3.1.11 was released on 2017-09-25. It is the latest stable FFmpeg release -from the 3.1 release branch, which was cut from master on 2016-06-26. - - It includes the following library versions: - - -libavutil 55. 28.100 -libavcodec 57. 48.101 -libavformat57. 41.100 -libavdevice57. 0.101 -libavfilter 6. 47.100 -libavresample 3. 0. 0 -libswscale 4. 1.100 -libswresample 2. 1.100 -libpostproc54. 0.100 - - - - Download xz tarball - PGP signature - - - Download bzip2 tarball - PGP signature - - - Download gzip tarball - PGP signature - - - https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n3.1.11;>Changelog - https://git.ffmpeg.org/gitweb/ffmpeg.git/blob/refs/heads/release/3.1:/RELEASE_NOTES;>Release Notes - - - - FFmpeg 3.0.10 "Einstein" diff --git a/src/olddownload b/src/olddownload index d380b2f..cc3c9ae 100644 --- a/src/olddownload +++ b/src/olddownload @@ -6,6 +6,45 @@ maintaining an old release. + FFmpeg 3.1.11 "Laplace" + + +3.1.11 was released on 2017-09-25. It is the latest stable FFmpeg release +from the 3.1 release branch, which was cut from master on 2016-06-26. + + It includes the following library versions: + + +libavutil 55. 28.100 +libavcodec 57. 48.101 +libavformat57. 41.100 +libavdevice57. 0.101 +libavfilter 6. 47.100 +libavresample 3. 0. 0 +libswscale 4. 1.100 +libswresample 2. 1.100 +libpostproc54. 0.100 + + + + Download xz tarball + PGP signature + + + Download bzip2 tarball + PGP signature + + + Download gzip tarball + PGP signature + + + https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n3.1.11;>Changelog + https://git.ffmpeg.org/gitweb/ffmpeg.git/blob/refs/heads/release/3.1:/RELEASE_NOTES;>Release Notes + + + + FFmpeg 2.7.7 "Nash" --- Summary of changes: src/download| 57 + src/olddownload | 39 +++ 2 files changed, 48 insertions(+), 48 deletions(-) hooks/post-receive -- ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] Tag n3.0.11 : FFmpeg 3.0.11 release
[ffmpeg] [branch: refs/tags/n3.0.11] Tag:c84fbc3085b6270d485a8d5e76757da2837d05ed > http://git.videolan.org/gitweb.cgi/ffmpeg.git?a=tag;h=c84fbc3085b6270d485a8d5e76757da2837d05ed Tagger: Michael NiedermayerDate: Tue Feb 27 22:37:00 2018 +0100 FFmpeg 3.0.11 release ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/diracdec: Fix integer overflow in mv computation
ffmpeg | branch: release/3.0 | Michael Niedermayer| Sun Feb 18 21:51:38 2018 +0100| [6822bd50c1eaa385b202ba692d954e1fb2a97fc3] | committer: Michael Niedermayer avcodec/diracdec: Fix integer overflow in mv computation Fixes: signed integer overflow: -2072 + -2147483646 cannot be represented in type 'int' Fixes: 6097/clusterfuzz-testcase-minimized-5034145253163008 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 47e65ad63b3d067445c4de41a7718b83fc07767c) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6822bd50c1eaa385b202ba692d954e1fb2a97fc3 --- libavcodec/diracdec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c index 033fbe4261..da5240a135 100644 --- a/libavcodec/diracdec.c +++ b/libavcodec/diracdec.c @@ -1353,8 +1353,8 @@ static void decode_block_params(DiracContext *s, DiracArith arith[8], DiracBlock global_mv(s, block, x, y, i); } else { pred_mv(block, stride, x, y, i); -block->u.mv[i][0] += dirac_get_arith_int(arith + 4 + 2 * i, CTX_MV_F1, CTX_MV_DATA); -block->u.mv[i][1] += dirac_get_arith_int(arith + 5 + 2 * i, CTX_MV_F1, CTX_MV_DATA); +block->u.mv[i][0] += (unsigned)dirac_get_arith_int(arith + 4 + 2 * i, CTX_MV_F1, CTX_MV_DATA); +block->u.mv[i][1] += (unsigned)dirac_get_arith_int(arith + 5 + 2 * i, CTX_MV_F1, CTX_MV_DATA); } } } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/cavsdec: Check alpha/beta offset
ffmpeg | branch: release/3.0 | Michael Niedermayer| Tue Feb 20 23:11:01 2018 +0100| [24a3c45da511c58f550f33db507c3fda50e496af] | committer: Michael Niedermayer avcodec/cavsdec: Check alpha/beta offset Fixes: Integer overflow Fixes: 6183/clusterfuzz-testcase-minimized-6269224436629504 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit ae2eb04648839bfc6c61c32cb0f124e91bb7ff8e) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=24a3c45da511c58f550f33db507c3fda50e496af --- libavcodec/cavsdec.c | 5 + 1 file changed, 5 insertions(+) diff --git a/libavcodec/cavsdec.c b/libavcodec/cavsdec.c index cd4eec9caf..b7aeb45603 100644 --- a/libavcodec/cavsdec.c +++ b/libavcodec/cavsdec.c @@ -1067,6 +1067,11 @@ static int decode_pic(AVSContext *h) if (!h->loop_filter_disable && get_bits1(>gb)) { h->alpha_offset= get_se_golomb(>gb); h->beta_offset = get_se_golomb(>gb); +if ( h->alpha_offset < -64 || h->alpha_offset > 64 +|| h-> beta_offset < -64 || h-> beta_offset > 64) { +h->alpha_offset = h->beta_offset = 0; +return AVERROR_INVALIDDATA; +} } else { h->alpha_offset = h->beta_offset = 0; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/bintext: sanity check dimensions
ffmpeg | branch: release/3.0 | Michael Niedermayer| Mon Feb 26 21:17:08 2018 +0100| [add3c2468e960767c7fc7232ab8a492f8c55e65b] | committer: Michael Niedermayer avcodec/bintext: sanity check dimensions Fixes: Timeout Fixes: 6277/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XBIN_fuzzer-6047202288861184 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 090c0abff9c8b27304614f15d9464dbf4ea59833) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=add3c2468e960767c7fc7232ab8a492f8c55e65b --- libavcodec/bintext.c | 7 +-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/libavcodec/bintext.c b/libavcodec/bintext.c index 90bbe67b59..d967317671 100644 --- a/libavcodec/bintext.c +++ b/libavcodec/bintext.c @@ -35,6 +35,8 @@ #include "bintext.h" #include "internal.h" +#define FONT_WIDTH 8 + typedef struct XbinContext { AVFrame *frame; int palette[16]; @@ -91,6 +93,9 @@ static av_cold int decode_init(AVCodecContext *avctx) break; } } +if (avctx->width < FONT_WIDTH || avctx->height < s->font_height) +return AVERROR_INVALIDDATA; + s->frame = av_frame_alloc(); if (!s->frame) @@ -113,8 +118,6 @@ av_unused static void hscroll(AVCodecContext *avctx) } } -#define FONT_WIDTH 8 - /** * Draw character to screen */ ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/smc: Check input packet size
ffmpeg | branch: release/3.0 | Michael Niedermayer| Fri Feb 23 03:40:02 2018 +0100| [789a12b140ba2426a1c9bb9ce31a7a4f50d0216a] | committer: Michael Niedermayer avcodec/smc: Check input packet size Fixes: Timeout Fixes: 6261/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMC_fuzzer-5811309653262336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 0293663483ab5dbfff23602a62800d84e021b33c) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=789a12b140ba2426a1c9bb9ce31a7a4f50d0216a --- libavcodec/smc.c | 4 1 file changed, 4 insertions(+) diff --git a/libavcodec/smc.c b/libavcodec/smc.c index 18174fa57e..66de691e2c 100644 --- a/libavcodec/smc.c +++ b/libavcodec/smc.c @@ -437,6 +437,10 @@ static int smc_decode_frame(AVCodecContext *avctx, SmcContext *s = avctx->priv_data; const uint8_t *pal = av_packet_get_side_data(avpkt, AV_PKT_DATA_PALETTE, NULL); int ret; +int total_blocks = ((s->avctx->width + 3) / 4) * ((s->avctx->height + 3) / 4); + +if (total_blocks / 1024 > avpkt->size) +return AVERROR_INVALIDDATA; bytestream2_init(>gb, buf, buf_size); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] Changelog: update
ffmpeg | branch: release/3.0 | Michael Niedermayer| Tue Feb 27 20:00:58 2018 +0100| [b910b34926657531d84269bd7c61fb8c74e5d905] | committer: Michael Niedermayer Changelog: update Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b910b34926657531d84269bd7c61fb8c74e5d905 --- Changelog | 11 +++ 1 file changed, 11 insertions(+) diff --git a/Changelog b/Changelog index f10fc09633..a3bf744044 100644 --- a/Changelog +++ b/Changelog @@ -2,6 +2,17 @@ Entries are sorted chronologically from oldest to youngest within each release, releases are sorted from youngest to oldest. version 3.0.11 +- avcodec/bintext: sanity check dimensions +- avcodec/utvideodec: Check subsample factors +- avcodec/smc: Check input packet size +- avcodec/cavsdec: Check alpha/beta offset +- avcodec/diracdec: Fix integer overflow in mv computation +- avcodec/aacdec_templat: Fix integer overflow in apply_ltp() +- avcodec/jpeg2000dwt: Fix integer overflows in sr_1d53() +- avcodec/diracdec: Use int64 in global mv to prevent overflow +- avcodec/dxtory: Remove code that corrupts dimensions +- avformat/hvcc: zero initialize the nal buffers past the last written byte +- swresample/rematrix: fix update of channel matrix if input or output layout is undefined - avcodec/dirac_dwt_template: Fix Integer overflow in horizontal_compose_dd137i() - avcodec/vp8: Check for bitstream end before vp7_fade_frame() - avcodec/exr: Check remaining bits in last get code loop ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/diracdec: Use int64 in global mv to prevent overflow
ffmpeg | branch: release/3.0 | Michael Niedermayer| Sat Feb 17 23:54:44 2018 +0100| [b4135fb335f0ab1f06996233f45610c3dcb85bb7] | committer: Michael Niedermayer avcodec/diracdec: Use int64 in global mv to prevent overflow Fixes: runtime error: signed integer overflow: 361 * -6295541 cannot be represented in type 'int' Fixes: 5911/clusterfuzz-testcase-minimized-6450382197751808 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit cbcbefdc3b4cbc917d2f8b2dd216fb12121a838b) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b4135fb335f0ab1f06996233f45610c3dcb85bb7 --- libavcodec/diracdec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c index 2cdebe8700..033fbe4261 100644 --- a/libavcodec/diracdec.c +++ b/libavcodec/diracdec.c @@ -1315,8 +1315,8 @@ static void global_mv(DiracContext *s, DiracBlock *block, int x, int y, int ref) int *c = s->globalmc[ref].perspective; int m = (1< u.mv[ref][0] = (mx + (1<<(ez+ep))) >> (ez+ep); block->u.mv[ref][1] = (my + (1<<(ez+ep))) >> (ez+ep); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/dxtory: Remove code that corrupts dimensions
ffmpeg | branch: release/3.0 | Michael Niedermayer| Sat Feb 17 21:27:16 2018 +0100| [876ecfccfb2796906e1017fbad0388c411052c06] | committer: Michael Niedermayer avcodec/dxtory: Remove code that corrupts dimensions Fixes: Timeout Fixes: 5796/clusterfuzz-testcase-minimized-5206729085157376 Does someone have a valid sample that triggers this path ? Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 3748746a4d6988484d34516f7a3c6febf7bdf488) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=876ecfccfb2796906e1017fbad0388c411052c06 --- libavcodec/dxtory.c | 6 +- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/libavcodec/dxtory.c b/libavcodec/dxtory.c index 19c7dbb012..2ac40dd2d1 100644 --- a/libavcodec/dxtory.c +++ b/libavcodec/dxtory.c @@ -304,11 +304,7 @@ static int dxtory_decode_v2(AVCodecContext *avctx, AVFrame *pic, } if (avctx->height - line) { -av_log(avctx, AV_LOG_VERBOSE, - "Not enough slice data available, " - "cropping the frame by %d pixels\n", -avctx->height - line); -avctx->height = line; +avpriv_request_sample(avctx, "Not enough slice data available"); } return 0; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/utvideodec: Check subsample factors
ffmpeg | branch: release/3.0 | Michael Niedermayer| Mon Feb 26 03:02:48 2018 +0100| [fbf690d79a611a8dd9df1bce4189e5bf9c05508a] | committer: Michael Niedermayer avcodec/utvideodec: Check subsample factors Fixes: Out of array read Fixes: heap_poc Found-by: GwanYeong Kim Signed-off-by: Michael Niedermayer (cherry picked from commit 7414d0bda7763f9bd69c26c068e482ab297c1c96) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fbf690d79a611a8dd9df1bce4189e5bf9c05508a --- libavcodec/utvideodec.c | 9 + 1 file changed, 9 insertions(+) diff --git a/libavcodec/utvideodec.c b/libavcodec/utvideodec.c index 760d9e5a7f..160528e007 100644 --- a/libavcodec/utvideodec.c +++ b/libavcodec/utvideodec.c @@ -28,6 +28,7 @@ #include #include "libavutil/intreadwrite.h" +#include "libavutil/pixdesc.h" #include "avcodec.h" #include "bswapdsp.h" #include "bytestream.h" @@ -474,6 +475,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame, static av_cold int decode_init(AVCodecContext *avctx) { UtvideoContext * const c = avctx->priv_data; +int h_shift, v_shift; c->avctx = avctx; @@ -538,6 +540,13 @@ static av_cold int decode_init(AVCodecContext *avctx) return AVERROR_INVALIDDATA; } +av_pix_fmt_get_chroma_sub_sample(avctx->pix_fmt, _shift, _shift); +if ((avctx->width & ((1< height & ((1<
[FFmpeg-cvslog] avcodec/aacdec_templat: Fix integer overflow in apply_ltp()
ffmpeg | branch: release/3.0 | Michael Niedermayer| Sun Feb 18 16:55:52 2018 +0100| [6648d3fef6b07f3ec0b60ec4b5ec08aa5e1964ca] | committer: Michael Niedermayer avcodec/aacdec_templat: Fix integer overflow in apply_ltp() Fixes: signed integer overflow: -1625276744 + -1041893960 cannot be represented in type 'int' Fixes: 5948/clusterfuzz-testcase-minimized-5791479856365568 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 33fe17bdc88d51a8e0c87aa1e8011aaaf38a7a90) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6648d3fef6b07f3ec0b60ec4b5ec08aa5e1964ca --- libavcodec/aacdec_template.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/aacdec_template.c b/libavcodec/aacdec_template.c index 3cb8f32403..f21d215c9e 100644 --- a/libavcodec/aacdec_template.c +++ b/libavcodec/aacdec_template.c @@ -2496,7 +2496,7 @@ static void apply_ltp(AACContext *ac, SingleChannelElement *sce) for (sfb = 0; sfb < FFMIN(sce->ics.max_sfb, MAX_LTP_LONG_SFB); sfb++) if (ltp->used[sfb]) for (i = offsets[sfb]; i < offsets[sfb + 1]; i++) -sce->coeffs[i] += predFreq[i]; +sce->coeffs[i] += (UINTFLOAT)predFreq[i]; } } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/jpeg2000dwt: Fix integer overflows in sr_1d53()
ffmpeg | branch: release/3.0 | Michael Niedermayer| Sun Feb 18 00:11:33 2018 +0100| [afc85dacba4be4b91e2e1ca5df31f55fb94b44d6] | committer: Michael Niedermayer avcodec/jpeg2000dwt: Fix integer overflows in sr_1d53() Fixes: 5918/clusterfuzz-testcase-minimized-5120505435652096 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 793347a54579ee954b58d336b82eed4a1786de21) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=afc85dacba4be4b91e2e1ca5df31f55fb94b44d6 --- libavcodec/jpeg2000dwt.c | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libavcodec/jpeg2000dwt.c b/libavcodec/jpeg2000dwt.c index 38a578af3d..5a72335d91 100644 --- a/libavcodec/jpeg2000dwt.c +++ b/libavcodec/jpeg2000dwt.c @@ -305,22 +305,22 @@ static void dwt_encode97_int(DWTContext *s, int *t) t[i] = (t[i] + ((1< >1)) >> I_PRESHIFT; } -static void sr_1d53(int *p, int i0, int i1) +static void sr_1d53(unsigned *p, int i0, int i1) { int i; if (i1 <= i0 + 1) { if (i0 == 1) -p[1] >>= 1; +p[1] = (int)p[1] >> 1; return; } extend53(p, i0, i1); for (i = (i0 >> 1); i < (i1 >> 1) + 1; i++) -p[2 * i] -= (p[2 * i - 1] + p[2 * i + 1] + 2) >> 2; +p[2 * i] -= (int)(p[2 * i - 1] + p[2 * i + 1] + 2) >> 2; for (i = (i0 >> 1); i < (i1 >> 1); i++) -p[2 * i + 1] += (p[2 * i] + p[2 * i + 2]) >> 1; +p[2 * i + 1] += (int)(p[2 * i] + p[2 * i + 2]) >> 1; } static void dwt_decode53(DWTContext *s, int *t) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/Makefile: skip nvdec.h header when nvdec is not enabled
ffmpeg | branch: master | James Almer| Tue Feb 27 17:51:02 2018 -0300| [40102a21374096ce0ba05c67c6e7474f176af2d0] | committer: James Almer avcodec/Makefile: skip nvdec.h header when nvdec is not enabled Fixes make checkheaders now that the cuda headers are no longer in-tree Signed-off-by: James Almer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=40102a21374096ce0ba05c67c6e7474f176af2d0 --- libavcodec/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/Makefile b/libavcodec/Makefile index f09518b197..b496f0dfb0 100644 --- a/libavcodec/Makefile +++ b/libavcodec/Makefile @@ -1086,6 +1086,7 @@ SKIPHEADERS-$(CONFIG_JNI) += ffjni.h SKIPHEADERS-$(CONFIG_LIBVPX) += libvpx.h SKIPHEADERS-$(CONFIG_LIBWEBP_ENCODER) += libwebpenc_common.h SKIPHEADERS-$(CONFIG_MEDIACODEC) += mediacodecdec_common.h mediacodec_surface.h mediacodec_wrapper.h mediacodec_sw_buffer.h +SKIPHEADERS-$(CONFIG_NVDEC)+= nvdec.h SKIPHEADERS-$(CONFIG_NVENC)+= nvenc.h SKIPHEADERS-$(CONFIG_QSV) += qsv.h qsv_internal.h SKIPHEADERS-$(CONFIG_QSVDEC) += qsvdec.h ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/exr: fix invalid shift in unpack_14()
ffmpeg | branch: master | Michael Niedermayer| Wed Feb 21 04:29:44 2018 +0100| [49062a90174b6e4104876c0257dc673a0da854ca] | committer: Michael Niedermayer avcodec/exr: fix invalid shift in unpack_14() Fixes: 6154/clusterfuzz-testcase-minimized-5762231061970944 Fixes: runtime error: shift exponent 63 is too large for 32-bit type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=49062a90174b6e4104876c0257dc673a0da854ca --- libavcodec/exr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/exr.c b/libavcodec/exr.c index 444af17778..5253cc3f13 100644 --- a/libavcodec/exr.c +++ b/libavcodec/exr.c @@ -899,7 +899,7 @@ static int pxr24_uncompress(EXRContext *s, const uint8_t *src, static void unpack_14(const uint8_t b[14], uint16_t s[16]) { -unsigned short shift = (b[ 2] >> 2); +unsigned short shift = (b[ 2] >> 2) & 15; unsigned short bias = (0x20 << shift); int i; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/bintext: sanity check dimensions
ffmpeg | branch: master | Michael Niedermayer| Mon Feb 26 21:17:08 2018 +0100| [090c0abff9c8b27304614f15d9464dbf4ea59833] | committer: Michael Niedermayer avcodec/bintext: sanity check dimensions Fixes: Timeout Fixes: 6277/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XBIN_fuzzer-6047202288861184 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=090c0abff9c8b27304614f15d9464dbf4ea59833 --- libavcodec/bintext.c | 7 +-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/libavcodec/bintext.c b/libavcodec/bintext.c index 90bbe67b59..d967317671 100644 --- a/libavcodec/bintext.c +++ b/libavcodec/bintext.c @@ -35,6 +35,8 @@ #include "bintext.h" #include "internal.h" +#define FONT_WIDTH 8 + typedef struct XbinContext { AVFrame *frame; int palette[16]; @@ -91,6 +93,9 @@ static av_cold int decode_init(AVCodecContext *avctx) break; } } +if (avctx->width < FONT_WIDTH || avctx->height < s->font_height) +return AVERROR_INVALIDDATA; + s->frame = av_frame_alloc(); if (!s->frame) @@ -113,8 +118,6 @@ av_unused static void hscroll(AVCodecContext *avctx) } } -#define FONT_WIDTH 8 - /** * Draw character to screen */ ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/msmpeg4dec: Check for input end in msmpeg4v34_decode_mb()
ffmpeg | branch: master | Michael Niedermayer| Mon Feb 26 16:44:50 2018 +0100| [f9cb17f988cc72048f2051ce120ccbd6d05ce1c2] | committer: Michael Niedermayer avcodec/msmpeg4dec: Check for input end in msmpeg4v34_decode_mb() Fixes: Timeout Fixes: 6276/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV1_fuzzer-5881196690014208 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f9cb17f988cc72048f2051ce120ccbd6d05ce1c2 --- libavcodec/msmpeg4dec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/msmpeg4dec.c b/libavcodec/msmpeg4dec.c index 4105d4ba7d..457a37e745 100644 --- a/libavcodec/msmpeg4dec.c +++ b/libavcodec/msmpeg4dec.c @@ -208,6 +208,9 @@ static int msmpeg4v34_decode_mb(MpegEncContext *s, int16_t block[6][64]) uint8_t *coded_val; uint32_t * const mb_type_ptr = >current_picture.mb_type[s->mb_x + s->mb_y*s->mb_stride]; +if (get_bits_left(>gb) <= 0) +return AVERROR_INVALIDDATA; + if (s->pict_type == AV_PICTURE_TYPE_P) { if (s->use_skip_mb_code) { if (get_bits1(>gb)) { ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/g2meet: Check tile dimensions with av_image_check_size2()
ffmpeg | branch: master | Michael Niedermayer| Thu Feb 22 02:34:05 2018 +0100| [3981fb8d2a03cdb3399590da8621a7bcc22e2964] | committer: Michael Niedermayer avcodec/g2meet: Check tile dimensions with av_image_check_size2() Fixes: OOM Fixes: 6216/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G2M_fuzzer-4983807968018432 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3981fb8d2a03cdb3399590da8621a7bcc22e2964 --- libavcodec/g2meet.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavcodec/g2meet.c b/libavcodec/g2meet.c index 842095ba3b..a46157218f 100644 --- a/libavcodec/g2meet.c +++ b/libavcodec/g2meet.c @@ -28,6 +28,7 @@ #include #include +#include "libavutil/imgutils.h" #include "libavutil/intreadwrite.h" #include "avcodec.h" @@ -1451,7 +1452,8 @@ static int g2m_decode_frame(AVCodecContext *avctx, void *data, c->tile_height = bytestream2_get_be32(); if (c->tile_width <= 0 || c->tile_height <= 0 || ((c->tile_width | c->tile_height) & 0xF) || -c->tile_width * (uint64_t)c->tile_height >= INT_MAX / 4 +c->tile_width * (uint64_t)c->tile_height >= INT_MAX / 4 || +av_image_check_size2(c->tile_width, c->tile_height, avctx->max_pixels, avctx->pix_fmt, 0, avctx) < 0 ) { av_log(avctx, AV_LOG_ERROR, "Invalid tile dimensions %dx%d\n", ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/rscc: Skip empty frames (nb_tiles == 0)
ffmpeg | branch: master | Michael Niedermayer| Mon Feb 26 02:15:34 2018 +0100| [bbed942dfd64c43d8f943532d8e12f10e7613938] | committer: Michael Niedermayer avcodec/rscc: Skip empty frames (nb_tiles == 0) Fixes: Timeout Fixes: 6266/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RSCC_fuzzer-5692431816196096 Its not known if nb_tiles is allowed so it is not treated as an error Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bbed942dfd64c43d8f943532d8e12f10e7613938 --- libavcodec/rscc.c | 6 ++ 1 file changed, 6 insertions(+) diff --git a/libavcodec/rscc.c b/libavcodec/rscc.c index f270cd5351..dae5e84634 100644 --- a/libavcodec/rscc.c +++ b/libavcodec/rscc.c @@ -157,6 +157,12 @@ static int rscc_decode_frame(AVCodecContext *avctx, void *data, /* Read number of tiles, and allocate the array */ tiles_nb = bytestream2_get_le16(gbc); + +if (tiles_nb == 0) { +av_log(avctx, AV_LOG_DEBUG, "no tiles\n"); +return avpkt->size; +} + av_fast_malloc(>tiles, >tiles_size, tiles_nb * sizeof(*ctx->tiles)); if (!ctx->tiles) { ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/utvideodec: Check subsample factors
ffmpeg | branch: master | Michael Niedermayer| Mon Feb 26 03:02:48 2018 +0100| [7414d0bda7763f9bd69c26c068e482ab297c1c96] | committer: Michael Niedermayer avcodec/utvideodec: Check subsample factors Fixes: Out of array read Fixes: heap_poc Found-by: GwanYeong Kim Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7414d0bda7763f9bd69c26c068e482ab297c1c96 --- libavcodec/utvideodec.c | 9 + 1 file changed, 9 insertions(+) diff --git a/libavcodec/utvideodec.c b/libavcodec/utvideodec.c index c5f5534964..086129d094 100644 --- a/libavcodec/utvideodec.c +++ b/libavcodec/utvideodec.c @@ -30,6 +30,7 @@ #define UNCHECKED_BITSTREAM_READER 1 #include "libavutil/intreadwrite.h" +#include "libavutil/pixdesc.h" #include "avcodec.h" #include "bswapdsp.h" #include "bytestream.h" @@ -912,6 +913,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame, static av_cold int decode_init(AVCodecContext *avctx) { UtvideoContext * const c = avctx->priv_data; +int h_shift, v_shift; c->avctx = avctx; @@ -1012,6 +1014,13 @@ static av_cold int decode_init(AVCodecContext *avctx) return AVERROR_INVALIDDATA; } +av_pix_fmt_get_chroma_sub_sample(avctx->pix_fmt, _shift, _shift); +if ((avctx->width & ((1< height & ((1< pack && avctx->extradata_size >= 16) { av_log(avctx, AV_LOG_DEBUG, "Encoder version %d.%d.%d.%d\n", avctx->extradata[3], avctx->extradata[2], ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog