[FFmpeg-cvslog] Changelog: update for the previous four commits
ffmpeg | branch: release/3.4 | James Almer | Tue Jan 30 22:13:05 2018 -0300| [9b97afe7ad065fc840609c5302e594538026befc] | committer: James Almer Changelog: update for the previous four commits Signed-off-by: James Almer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9b97afe7ad065fc840609c5302e594538026befc --- Changelog | 4 1 file changed, 4 insertions(+) diff --git a/Changelog b/Changelog index 98943a4bf6..45572de937 100644 --- a/Changelog +++ b/Changelog @@ -2,6 +2,10 @@ Entries are sorted chronologically from oldest to youngest within each release, releases are sorted from youngest to oldest. version 3.4.2: +- avcodec/mediacodecdec: use ff_hevc_ps_uninit() +- avcodec/hevc_parser: use ff_hevc_uninit_parameter_sets() +- avcodec/hevcdec: use ff_hevc_uninit_parameter_sets() +- avcodec/hevc_ps: add a function to uninitialize parameter set buffers - avcodec/dirac_dwt: Fix several integer overflows - avcodec/indeo5: Do not leave frame_type set to an invalid value - avcodec/hevc_ps: Check log2_sao_offset_scale_* ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/hevc_ps: add a function to uninitialize parameter set buffers
ffmpeg | branch: release/3.4 | James Almer | Sat Jan 20 16:54:15 2018 -0300| [64f0fd599845fb9e4db9ba51012792abaf38a9ea] | committer: James Almer avcodec/hevc_ps: add a function to uninitialize parameter set buffers Reviewed-by: Michael Niedermayer Signed-off-by: James Almer (cherry picked from commit 9462b2b8205397ea5972b2365c2e8db6872ef3e9) > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=64f0fd599845fb9e4db9ba51012792abaf38a9ea --- libavcodec/hevc_ps.c | 16 libavcodec/hevc_ps.h | 2 ++ 2 files changed, 18 insertions(+) diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c index 2ab4c34013..6f3af2daec 100644 --- a/libavcodec/hevc_ps.c +++ b/libavcodec/hevc_ps.c @@ -1709,6 +1709,22 @@ err: return ret; } +void ff_hevc_ps_uninit(HEVCParamSets *ps) +{ +int i; + +for (i = 0; i < FF_ARRAY_ELEMS(ps->vps_list); i++) +av_buffer_unref(&ps->vps_list[i]); +for (i = 0; i < FF_ARRAY_ELEMS(ps->sps_list); i++) +av_buffer_unref(&ps->sps_list[i]); +for (i = 0; i < FF_ARRAY_ELEMS(ps->pps_list); i++) +av_buffer_unref(&ps->pps_list[i]); + +ps->sps = NULL; +ps->pps = NULL; +ps->vps = NULL; +} + int ff_hevc_compute_poc(const HEVCSPS *sps, int pocTid0, int poc_lsb, int nal_unit_type) { int max_poc_lsb = 1 << sps->log2_max_poc_lsb; diff --git a/libavcodec/hevc_ps.h b/libavcodec/hevc_ps.h index 76f8eb31e6..f19d022469 100644 --- a/libavcodec/hevc_ps.h +++ b/libavcodec/hevc_ps.h @@ -421,6 +421,8 @@ int ff_hevc_decode_nal_sps(GetBitContext *gb, AVCodecContext *avctx, int ff_hevc_decode_nal_pps(GetBitContext *gb, AVCodecContext *avctx, HEVCParamSets *ps); +void ff_hevc_ps_uninit(HEVCParamSets *ps); + int ff_hevc_decode_short_term_rps(GetBitContext *gb, AVCodecContext *avctx, ShortTermRPS *rps, const HEVCSPS *sps, int is_slice_header); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/hevcdec: use ff_hevc_uninit_parameter_sets()
ffmpeg | branch: release/3.4 | James Almer | Sat Jan 20 16:54:51 2018 -0300| [d7d5a3379dfe35422b894d7ce1039c4cff0581f6] | committer: James Almer avcodec/hevcdec: use ff_hevc_uninit_parameter_sets() Reviewed-by: Michael Niedermayer Signed-off-by: James Almer (cherry picked from commit 1f0cf1b2f4ef6304c343d53508193ac4b5d9c1d2) > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d7d5a3379dfe35422b894d7ce1039c4cff0581f6 --- libavcodec/hevcdec.c | 10 +- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/libavcodec/hevcdec.c b/libavcodec/hevcdec.c index 2e4add2ae3..67ac9ab262 100644 --- a/libavcodec/hevcdec.c +++ b/libavcodec/hevcdec.c @@ -3215,15 +3215,7 @@ static av_cold int hevc_decode_free(AVCodecContext *avctx) av_frame_free(&s->DPB[i].frame); } -for (i = 0; i < FF_ARRAY_ELEMS(s->ps.vps_list); i++) -av_buffer_unref(&s->ps.vps_list[i]); -for (i = 0; i < FF_ARRAY_ELEMS(s->ps.sps_list); i++) -av_buffer_unref(&s->ps.sps_list[i]); -for (i = 0; i < FF_ARRAY_ELEMS(s->ps.pps_list); i++) -av_buffer_unref(&s->ps.pps_list[i]); -s->ps.sps = NULL; -s->ps.pps = NULL; -s->ps.vps = NULL; +ff_hevc_ps_uninit(&s->ps); av_freep(&s->sh.entry_point_offset); av_freep(&s->sh.offset); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/mediacodecdec: use ff_hevc_ps_uninit()
ffmpeg | branch: release/3.4 | James Almer | Sat Jan 20 16:55:17 2018 -0300| [af54886de8ab5845bef6f67431f1ef8f68b9f58d] | committer: James Almer avcodec/mediacodecdec: use ff_hevc_ps_uninit() Fixes memleaks. Signed-off-by: James Almer (cherry picked from commit 782e066e3e3d8015d6d64c47cda0925c10aebe08) > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=af54886de8ab5845bef6f67431f1ef8f68b9f58d --- libavcodec/mediacodecdec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/mediacodecdec.c b/libavcodec/mediacodecdec.c index 6962ce2474..366c039de4 100644 --- a/libavcodec/mediacodecdec.c +++ b/libavcodec/mediacodecdec.c @@ -256,6 +256,8 @@ static int hevc_set_extradata(AVCodecContext *avctx, FFAMediaFormat *format) } done: +ff_hevc_ps_uninit(&ps); + av_freep(&vps_data); av_freep(&sps_data); av_freep(&pps_data); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/hevc_parser: use ff_hevc_uninit_parameter_sets()
ffmpeg | branch: release/3.4 | James Almer | Sat Jan 20 16:55:00 2018 -0300| [e5bbb52194411320209f95ac9cac5bd6c34b575a] | committer: James Almer avcodec/hevc_parser: use ff_hevc_uninit_parameter_sets() Reviewed-by: Michael Niedermayer Signed-off-by: James Almer (cherry picked from commit 2159d4bbc3e69d04242e87bac13ebea8b942d94d) > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e5bbb52194411320209f95ac9cac5bd6c34b575a --- libavcodec/hevc_parser.c | 11 +-- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/libavcodec/hevc_parser.c b/libavcodec/hevc_parser.c index dc63c6b954..3bef236983 100644 --- a/libavcodec/hevc_parser.c +++ b/libavcodec/hevc_parser.c @@ -359,17 +359,8 @@ static int hevc_split(AVCodecContext *avctx, const uint8_t *buf, int buf_size) static void hevc_parser_close(AVCodecParserContext *s) { HEVCParserContext *ctx = s->priv_data; -int i; - -for (i = 0; i < FF_ARRAY_ELEMS(ctx->ps.vps_list); i++) -av_buffer_unref(&ctx->ps.vps_list[i]); -for (i = 0; i < FF_ARRAY_ELEMS(ctx->ps.sps_list); i++) -av_buffer_unref(&ctx->ps.sps_list[i]); -for (i = 0; i < FF_ARRAY_ELEMS(ctx->ps.pps_list); i++) -av_buffer_unref(&ctx->ps.pps_list[i]); - -ctx->ps.sps = NULL; +ff_hevc_ps_uninit(&ctx->ps); ff_h2645_packet_uninit(&ctx->pkt); ff_hevc_reset_sei(&ctx->sei); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/hevc_cabac: Move prefix check in coeff_abs_level_remaining_decode() down
ffmpeg | branch: release/3.4 | Michael Niedermayer | Mon Jan 15 23:42:57 2018 +0100| [edf200e2bc9a98de57782fe0b611a4666e2d66d6] | committer: Michael Niedermayer avcodec/hevc_cabac: Move prefix check in coeff_abs_level_remaining_decode() down Signed-off-by: Michael Niedermayer (cherry picked from commit 94d4237a7a294ce80e1e577b38e9c93e8882aff9) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=edf200e2bc9a98de57782fe0b611a4666e2d66d6 --- libavcodec/hevc_cabac.c | 11 +++ 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/libavcodec/hevc_cabac.c b/libavcodec/hevc_cabac.c index 5b5da1165a..743168500c 100644 --- a/libavcodec/hevc_cabac.c +++ b/libavcodec/hevc_cabac.c @@ -990,16 +990,19 @@ static av_always_inline int coeff_abs_level_remaining_decode(HEVCContext *s, int while (prefix < CABAC_MAX_BIN && get_cabac_bypass(&s->HEVClc->cc)) prefix++; -if (prefix == CABAC_MAX_BIN) { -av_log(s->avctx, AV_LOG_ERROR, "CABAC_MAX_BIN : %d\n", prefix); -return 0; -} + if (prefix < 3) { for (i = 0; i < rc_rice_param; i++) suffix = (suffix << 1) | get_cabac_bypass(&s->HEVClc->cc); last_coeff_abs_level_remaining = (prefix << rc_rice_param) + suffix; } else { int prefix_minus3 = prefix - 3; + +if (prefix == CABAC_MAX_BIN) { +av_log(s->avctx, AV_LOG_ERROR, "CABAC_MAX_BIN : %d\n", prefix); +return 0; +} + for (i = 0; i < prefix_minus3 + rc_rice_param; i++) suffix = (suffix << 1) | get_cabac_bypass(&s->HEVClc->cc); last_coeff_abs_level_remaining = (((1 << prefix_minus3) + 3 - 1) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/truemotion2: Fix integer overflow in TM2_RECALC_BLOCK()
ffmpeg | branch: release/3.4 | Michael Niedermayer | Sat Jan 20 04:10:50 2018 +0100| [6ed5e44998ed59d8525661c8d6443e371b13c62d] | committer: Michael Niedermayer avcodec/truemotion2: Fix integer overflow in TM2_RECALC_BLOCK() Fixes: signed integer overflow: 1477974040 - -1877995504 cannot be represented in type 'int' Fixes: 4861/clusterfuzz-testcase-minimized-4570316383715328 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 56a53340ed4cc55898e49c07081311ebb2816630) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6ed5e44998ed59d8525661c8d6443e371b13c62d --- libavcodec/truemotion2.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/truemotion2.c b/libavcodec/truemotion2.c index f077f0e4bd..97c38f7f08 100644 --- a/libavcodec/truemotion2.c +++ b/libavcodec/truemotion2.c @@ -441,8 +441,8 @@ static inline int GET_TOK(TM2Context *ctx,int type) /* recalculate last and delta values for next blocks */ #define TM2_RECALC_BLOCK(CHR, stride, last, CD) {\ -CD[0] = CHR[1] - last[1];\ -CD[1] = (int)CHR[stride + 1] - (int)CHR[1];\ +CD[0] = (unsigned)CHR[ 1] - (unsigned)last[1];\ +CD[1] = (unsigned)CHR[stride + 1] - (unsigned) CHR[1];\ last[0] = (int)CHR[stride + 0];\ last[1] = (int)CHR[stride + 1];} ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/dxtory: Fix bits left checks
ffmpeg | branch: release/3.4 | Michael Niedermayer | Mon Jan 22 14:02:59 2018 +0100| [c1b74d608c6e0c0a9fcd3ae6c4a21e96026ac905] | committer: Michael Niedermayer avcodec/dxtory: Fix bits left checks Fixes: Timeout Fixes: 4863/clusterfuzz-testcase-6347354178322432 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 6e1a167c5564085385488b4f579e9efb987d4bfa) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c1b74d608c6e0c0a9fcd3ae6c4a21e96026ac905 --- libavcodec/dxtory.c | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/libavcodec/dxtory.c b/libavcodec/dxtory.c index 6f8652ad49..e736cec8db 100644 --- a/libavcodec/dxtory.c +++ b/libavcodec/dxtory.c @@ -326,7 +326,7 @@ static int dx2_decode_slice_5x5(GetBitContext *gb, AVFrame *frame, int stride = frame->linesize[0]; uint8_t *dst = frame->data[0] + stride * line; -for (y = 0; y < left && get_bits_left(gb) > 16; y++) { +for (y = 0; y < left && get_bits_left(gb) > 6 * width; y++) { for (x = 0; x < width; x++) { b = decode_sym_565(gb, lru[0], 5); g = decode_sym_565(gb, lru[1], is_565 ? 6 : 5); @@ -392,7 +392,7 @@ static int dx2_decode_slice_rgb(GetBitContext *gb, AVFrame *frame, int stride = frame->linesize[0]; uint8_t *dst = frame->data[0] + stride * line; -for (y = 0; y < left && get_bits_left(gb) > 16; y++) { +for (y = 0; y < left && get_bits_left(gb) > 6 * width; y++) { for (x = 0; x < width; x++) { dst[x * 3 + 0] = decode_sym(gb, lru[0]); dst[x * 3 + 1] = decode_sym(gb, lru[1]); @@ -437,7 +437,7 @@ static int dx2_decode_slice_410(GetBitContext *gb, AVFrame *frame, uint8_t *U = frame->data[1] + (ustride >> 2) * line; uint8_t *V = frame->data[2] + (vstride >> 2) * line; -for (y = 0; y < left - 3 && get_bits_left(gb) > 16; y += 4) { +for (y = 0; y < left - 3 && get_bits_left(gb) > 9 * width; y += 4) { for (x = 0; x < width; x += 4) { for (j = 0; j < 4; j++) for (i = 0; i < 4; i++) @@ -481,7 +481,7 @@ static int dx2_decode_slice_420(GetBitContext *gb, AVFrame *frame, uint8_t *V = frame->data[2] + (vstride >> 1) * line; -for (y = 0; y < left - 1 && get_bits_left(gb) > 16; y += 2) { +for (y = 0; y < left - 1 && get_bits_left(gb) > 6 * width; y += 2) { for (x = 0; x < width; x += 2) { Y[x + 0 + 0 * ystride] = decode_sym(gb, lru[0]); Y[x + 1 + 0 * ystride] = decode_sym(gb, lru[0]); @@ -524,7 +524,7 @@ static int dx2_decode_slice_444(GetBitContext *gb, AVFrame *frame, uint8_t *U = frame->data[1] + ustride * line; uint8_t *V = frame->data[2] + vstride * line; -for (y = 0; y < left && get_bits_left(gb) > 16; y++) { +for (y = 0; y < left && get_bits_left(gb) > 6 * width; y++) { for (x = 0; x < width; x++) { Y[x] = decode_sym(gb, lru[0]); U[x] = decode_sym(gb, lru[1]) ^ 0x80; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] Update for 3.4.2
ffmpeg | branch: release/3.4 | Michael Niedermayer | Wed Jan 31 01:09:12 2018 +0100| [dd93df46a618c442ead15cc90d8b236d5e1894a9] | committer: Michael Niedermayer Update for 3.4.2 Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=dd93df46a618c442ead15cc90d8b236d5e1894a9 --- Changelog| 46 ++ RELEASE | 2 +- doc/Doxyfile | 2 +- 3 files changed, 48 insertions(+), 2 deletions(-) diff --git a/Changelog b/Changelog index d9f6b8a87a..98943a4bf6 100644 --- a/Changelog +++ b/Changelog @@ -1,6 +1,52 @@ Entries are sorted chronologically from oldest to youngest within each release, releases are sorted from youngest to oldest. +version 3.4.2: +- avcodec/dirac_dwt: Fix several integer overflows +- avcodec/indeo5: Do not leave frame_type set to an invalid value +- avcodec/hevc_ps: Check log2_sao_offset_scale_* +- avcodec/mpeg4videodec: Avoid possibly aliasing violating casts +- avcodec/get_bits: Document the return code of get_vlc2() +- avcodec/mpeg4videodec: Check mb_num also against 0 +- avfilter/vf_transpose: Fix used plane count. +- avcodec/hevc_cabac: Check prefix so as to avoid invalid shifts in coeff_abs_level_remaining_decode() +- avcodec/mjpegdec: Fix integer overflow in DC dequantization +- avcodec/dxtory: Fix bits left checks +- avcodec/hevc_cabac: Move prefix check in coeff_abs_level_remaining_decode() down +- avcodec/truemotion2: Fix integer overflow in TM2_RECALC_BLOCK() +- avcodec/snowdec: Fix integer overflow before htaps check +- avcodec/ulti: Check number of blocks at init +- avcodec/wavpack: Fix integer overflows in wv_unpack_stereo / mono +- avcodec/jpeg2000: Check sum of sizes of band->prec before allocating +- avcodec/ac3dec_fixed: Fix integer overflow in scale_coefs() +- avformat/lrcdec: Fix memory leak in lrc_read_header() +- avformat/matroskadec: Fix float-cast-overflow undefined behavior in matroska_parse_tracks() +- lavfi/deinterlace_vaapi: fix can't show full option information. +- configure:version 3.4.1: bump year +- avcodec/utils: Avoid hardcoding duplicated types in sizeof() +- avcodec/arm/sbrdsp_neon: Use a free register instead of putting 2 things in one +- avcodec/h264addpx_template: Fixes integer overflows +- avcodec/dirac_dwt: Fix overflows in COMPOSE_HAARiH0/COMPOSE_HAARiL0 +- avcodec/diracdec: Fix integer overflow with quant +- avcodec/opus_parser: Check payload_len in parse_opus_ts_header() +- avcodec/jpeg2000dsp: Fix integer overflows in ict_int() +- avcodec/h264_slice: Do not attempt to render into frames already output +- avcodec/dnxhddec: Check dc vlc +- avcodec/exr: Check buf_size more completely +- avcodec/flacdec: Fix overflow in multiplication in decode_subframe_fixed() +- avcodec/hevcdsp_template: Fix Invalid shifts in put_hevc_qpel_bi_w_h() and put_hevc_qpel_bi_w_w() +- avcodec/flacdec: avoid undefined shift +- avcodec/hevcdsp_template.c: Fix undefined shift in FUNC(dequant) +- avcodec/dirac_dwt: Fix integer overflow in COMPOSE_DD97iH0() and COMPOSE_DD137iL0() +- avcodec/hevc_cabac: Fix integer overflow in ff_hevc_cu_qp_delta_abs() +- tests/audiomatch: Add missing return code at the end of main() +- avcodec/hevc_sei: Fix integer overflows in decode_nal_sei_message() +- avcodec/hevcdsp_template: Fix undefined shift in put_hevc_qpel_bi_w_hv() +- avcodec/h264_parse: Treat escaped and unescaped decoding error equal in decode_extradata_ps_mp4() +- avcodec/vp9: mark frame as finished on decode_tiles() failure +- libavfilter/af_dcshift.c: Fixed repeated spelling error +- avfilter/formats: fix wrong function name in error message + version 3.4.1: - avcodec/vp9_superframe_split_bsf: Fix integer overflow in frame_size/total_size checks - avcodec/amrwbdec: Fix division by 0 in voice_factor() diff --git a/RELEASE b/RELEASE index 47b322c971..4d9d11cf50 100644 --- a/RELEASE +++ b/RELEASE @@ -1 +1 @@ -3.4.1 +3.4.2 diff --git a/doc/Doxyfile b/doc/Doxyfile index ca68f1aad6..4f0c5ab628 100644 --- a/doc/Doxyfile +++ b/doc/Doxyfile @@ -38,7 +38,7 @@ PROJECT_NAME = FFmpeg # could be handy for archiving the generated documentation or if some version # control system is used. -PROJECT_NUMBER = 3.4.1 +PROJECT_NUMBER = 3.4.2 # Using the PROJECT_BRIEF tag one can provide an optional one line description # for a project that appears at the top of each page and should give viewer a ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/mpeg4videodec: Avoid possibly aliasing violating casts
ffmpeg | branch: release/3.4 | Michael Niedermayer | Sun Jan 28 02:29:02 2018 +0100| [d07f78ae726bbc8cde010f530676e53468acfa53] | committer: Michael Niedermayer avcodec/mpeg4videodec: Avoid possibly aliasing violating casts Found-by: kierank Reviewed-by: Kieran Kunhya Signed-off-by: Michael Niedermayer (cherry picked from commit d4967c04e040b3b2f937cad88599af825147ec94) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d07f78ae726bbc8cde010f530676e53468acfa53 --- libavcodec/mpeg4videodec.c | 7 +-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/libavcodec/mpeg4videodec.c b/libavcodec/mpeg4videodec.c index afa41a8641..d0162d1074 100644 --- a/libavcodec/mpeg4videodec.c +++ b/libavcodec/mpeg4videodec.c @@ -1251,10 +1251,12 @@ not_coded: */ static int mpeg4_decode_partitioned_mb(MpegEncContext *s, int16_t block[6][64]) { -Mpeg4DecContext *ctx = (Mpeg4DecContext *)s; +Mpeg4DecContext *ctx = s->avctx->priv_data; int cbp, mb_type; const int xy = s->mb_x + s->mb_y * s->mb_stride; +av_assert2(s == (void*)ctx); + mb_type = s->current_picture.mb_type[xy]; cbp = s->cbp_table[xy]; @@ -1336,12 +1338,13 @@ static int mpeg4_decode_partitioned_mb(MpegEncContext *s, int16_t block[6][64]) static int mpeg4_decode_mb(MpegEncContext *s, int16_t block[6][64]) { -Mpeg4DecContext *ctx = (Mpeg4DecContext *)s; +Mpeg4DecContext *ctx = s->avctx->priv_data; int cbpc, cbpy, i, cbp, pred_x, pred_y, mx, my, dquant; int16_t *mot_val; static const int8_t quant_tab[4] = { -1, -2, 1, 2 }; const int xy = s->mb_x + s->mb_y * s->mb_stride; +av_assert2(s == (void*)ctx); av_assert2(s->h263_pred); if (s->pict_type == AV_PICTURE_TYPE_P || ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/mpeg4videodec: Check mb_num also against 0
ffmpeg | branch: release/3.4 | Michael Niedermayer | Sun Jan 28 02:29:00 2018 +0100| [6723a436095f76f6d1edec4de21b2a0b47954067] | committer: Michael Niedermayer avcodec/mpeg4videodec: Check mb_num also against 0 The spec implies that 0 is invalid in addition to the existing checks Found-by: Reviewed-by: Kieran Kunhya Signed-off-by: Michael Niedermayer (cherry picked from commit 05f4703a168a336363750e32bcfdd6f303fbdbc3) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6723a436095f76f6d1edec4de21b2a0b47954067 --- libavcodec/mpeg4videodec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/mpeg4videodec.c b/libavcodec/mpeg4videodec.c index 8eafc783b8..afa41a8641 100644 --- a/libavcodec/mpeg4videodec.c +++ b/libavcodec/mpeg4videodec.c @@ -460,7 +460,7 @@ int ff_mpeg4_decode_video_packet_header(Mpeg4DecContext *ctx) } mb_num = get_bits(&s->gb, mb_num_bits); -if (mb_num >= s->mb_num) { +if (mb_num >= s->mb_num || !mb_num) { av_log(s->avctx, AV_LOG_ERROR, "illegal mb_num in video packet (%d %d) \n", mb_num, s->mb_num); return -1; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/get_bits: Document the return code of get_vlc2()
ffmpeg | branch: release/3.4 | Michael Niedermayer | Sun Jan 28 02:29:01 2018 +0100| [cd478122b0a05abaf82d96da2c9eb2d00635f72e] | committer: Michael Niedermayer avcodec/get_bits: Document the return code of get_vlc2() Found-by: kierank Reviewed-by: Kieran Kunhya Signed-off-by: Michael Niedermayer (cherry picked from commit 4a94ff4ccd4f2329c599e37cabe4152dae60359e) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cd478122b0a05abaf82d96da2c9eb2d00635f72e --- libavcodec/get_bits.h | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/get_bits.h b/libavcodec/get_bits.h index c530015169..0c7f5ff0c6 100644 --- a/libavcodec/get_bits.h +++ b/libavcodec/get_bits.h @@ -550,6 +550,7 @@ static inline const uint8_t *align_get_bits(GetBitContext *s) * @param max_depth is the number of times bits bits must be read to completely * read the longest vlc code * = (max_vlc_length + bits - 1) / bits + * @returns the code parsed or -1 if no vlc matches */ static av_always_inline int get_vlc2(GetBitContext *s, VLC_TYPE (*table)[2], int bits, int max_depth) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/indeo5: Do not leave frame_type set to an invalid value
ffmpeg | branch: release/3.4 | Michael Niedermayer | Fri Jan 26 00:24:49 2018 +0100| [d06972535e4890f503e82ffe245cc0f859b762ce] | committer: Michael Niedermayer avcodec/indeo5: Do not leave frame_type set to an invalid value Fixes: null pointer dereference Fixes: 5264/clusterfuzz-testcase-minimized-4621956621008896 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 2ff9f178519b68d4d1d606eb5451ad81da948efc) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d06972535e4890f503e82ffe245cc0f859b762ce --- libavcodec/indeo5.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/indeo5.c b/libavcodec/indeo5.c index 81b4514038..b39cffd9a9 100644 --- a/libavcodec/indeo5.c +++ b/libavcodec/indeo5.c @@ -324,6 +324,7 @@ static int decode_pic_hdr(IVI45DecContext *ctx, AVCodecContext *avctx) ctx->frame_type = get_bits(&ctx->gb, 3); if (ctx->frame_type >= 5) { av_log(avctx, AV_LOG_ERROR, "Invalid frame type: %d \n", ctx->frame_type); +ctx->frame_type = FRAMETYPE_INTRA; return AVERROR_INVALIDDATA; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/hevc_cabac: Check prefix so as to avoid invalid shifts in coeff_abs_level_remaining_decode()
ffmpeg | branch: release/3.4 | Michael Niedermayer | Mon Jan 15 23:46:44 2018 +0100| [11498c22a0db9ed08027405e5d6a4ba7c1e41418] | committer: Michael Niedermayer avcodec/hevc_cabac: Check prefix so as to avoid invalid shifts in coeff_abs_level_remaining_decode() I suspect that this can be limited tighter, but i failed to find anything in the spec that would confirm that. Fixes: 4833/clusterfuzz-testcase-minimized-5302840101699584 Fixes: runtime error: left shift of 134217730 by 4 places cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit a026a3efaeb9c2026668dccbbda339a21ab3206b) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=11498c22a0db9ed08027405e5d6a4ba7c1e41418 --- libavcodec/hevc_cabac.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/hevc_cabac.c b/libavcodec/hevc_cabac.c index 743168500c..faa36d5459 100644 --- a/libavcodec/hevc_cabac.c +++ b/libavcodec/hevc_cabac.c @@ -998,7 +998,7 @@ static av_always_inline int coeff_abs_level_remaining_decode(HEVCContext *s, int } else { int prefix_minus3 = prefix - 3; -if (prefix == CABAC_MAX_BIN) { +if (prefix == CABAC_MAX_BIN || prefix_minus3 + rc_rice_param >= 31) { av_log(s->avctx, AV_LOG_ERROR, "CABAC_MAX_BIN : %d\n", prefix); return 0; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/dirac_dwt: Fix several integer overflows
ffmpeg | branch: release/3.4 | Michael Niedermayer | Thu Jan 25 23:14:37 2018 +0100| [c1c50fc4a75492b97ac616ea3d393627b9648795] | committer: Michael Niedermayer avcodec/dirac_dwt: Fix several integer overflows Fixes: runtime error: signed integer overflow: -2146071175 + -268479557 cannot be represented in type 'int' Fixes: 5237/clusterfuzz-testcase-minimized-4569895275593728 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit fe1e6c06d03432c3e9208f019533c1d701f485d0) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c1c50fc4a75492b97ac616ea3d393627b9648795 --- libavcodec/dirac_dwt.h | 4 ++-- libavcodec/dirac_dwt_template.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/libavcodec/dirac_dwt.h b/libavcodec/dirac_dwt.h index 1af41e0702..68ebd19560 100644 --- a/libavcodec/dirac_dwt.h +++ b/libavcodec/dirac_dwt.h @@ -93,10 +93,10 @@ void ff_spatial_idwt_slice2(DWTContext *d, int y); // shared stuff for simd optimizations #define COMPOSE_53iL0(b0, b1, b2)\ -(b1 - ((int)(b0 + (unsigned)(b2) + 2) >> 2)) +(b1 - (unsigned)((int)(b0 + (unsigned)(b2) + 2) >> 2)) #define COMPOSE_DIRAC53iH0(b0, b1, b2)\ -(b1 + ((int)(b0 + (unsigned)(b2) + 1) >> 1)) +(b1 + (unsigned)((int)(b0 + (unsigned)(b2) + 1) >> 1)) #define COMPOSE_DD97iH0(b0, b1, b2, b3, b4)\ (int)(((unsigned)(b2) + ((int)(-b0 + 9U*b1 + 9U*b3 - b4 + 8) >> 4))) diff --git a/libavcodec/dirac_dwt_template.c b/libavcodec/dirac_dwt_template.c index e436c247a1..e68cc4d530 100644 --- a/libavcodec/dirac_dwt_template.c +++ b/libavcodec/dirac_dwt_template.c @@ -49,7 +49,7 @@ static void RENAME(vertical_compose53iL0)(uint8_t *_b0, uint8_t *_b1, uint8_t *_ TYPE *b1 = (TYPE *)_b1; TYPE *b2 = (TYPE *)_b2; for (i = 0; i < width; i++) -b1[i] -= (int)(b0[i] + (unsigned)b2[i] + 2) >> 2; +b1[i] -= (unsigned)((int)(b0[i] + (unsigned)b2[i] + 2) >> 2); } static av_always_inline void RENAME(interleave)(TYPE *dst, TYPE *src0, TYPE *src1, int w2, ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avfilter/vf_transpose: Fix used plane count.
ffmpeg | branch: release/3.4 | Michael Niedermayer | Wed Jan 24 19:38:05 2018 +0100| [2980b95fafb39148cfade120eab5c75b46bfffc6] | committer: Michael Niedermayer avfilter/vf_transpose: Fix used plane count. Fixes out of array access Fixes: poc.mp4 Found-by: GwanYeong Kim Signed-off-by: Michael Niedermayer (cherry picked from commit c6939f65a116b1ffed345d29d8621ee4ffb32235) (cherry picked from commit 3f621455d62e46745453568d915badd5b1e5bcd5) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2980b95fafb39148cfade120eab5c75b46bfffc6 --- libavfilter/vf_transpose.c | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libavfilter/vf_transpose.c b/libavfilter/vf_transpose.c index 982fb0c8ca..3ff4cb4249 100644 --- a/libavfilter/vf_transpose.c +++ b/libavfilter/vf_transpose.c @@ -27,6 +27,7 @@ #include +#include "libavutil/avassert.h" #include "libavutil/imgutils.h" #include "libavutil/internal.h" #include "libavutil/intreadwrite.h" @@ -54,6 +55,7 @@ enum TransposeDir { typedef struct TransContext { const AVClass *class; int hsub, vsub; +int planes; int pixsteps[4]; int passthrough;///< PassthroughType, landscape passthrough mode enabled @@ -215,6 +217,10 @@ static int config_props_output(AVFilterLink *outlink) s->hsub = desc_in->log2_chroma_w; s->vsub = desc_in->log2_chroma_h; +s->planes = av_pix_fmt_count_planes(outlink->format); + +av_assert0(desc_in->nb_components == desc_out->nb_components); + av_image_fill_max_pixsteps(s->pixsteps, NULL, desc_out); @@ -272,7 +278,7 @@ static int filter_slice(AVFilterContext *ctx, void *arg, int jobnr, AVFrame *in = td->in; int plane; -for (plane = 0; out->data[plane]; plane++) { +for (plane = 0; plane < s->planes; plane++) { int hsub= plane == 1 || plane == 2 ? s->hsub : 0; int vsub= plane == 1 || plane == 2 ? s->vsub : 0; int pixstep = s->pixsteps[plane]; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/hevc_ps: Check log2_sao_offset_scale_*
ffmpeg | branch: release/3.4 | Michael Niedermayer | Wed Jan 24 03:15:23 2018 +0100| [93437a18d878f3924199a3dba5082aa3d09a3094] | committer: Michael Niedermayer avcodec/hevc_ps: Check log2_sao_offset_scale_* Fixes: 4868/clusterfuzz-testcase-minimized-6236542906400768 Fixes: runtime error: shift exponent 126 is too large for 32-bit type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 4a75a75c62efc645ec28444e4675c325b8f2bb1a) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=93437a18d878f3924199a3dba5082aa3d09a3094 --- libavcodec/hevc_ps.c | 5 + 1 file changed, 5 insertions(+) diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c index 902917d4dd..2ab4c34013 100644 --- a/libavcodec/hevc_ps.c +++ b/libavcodec/hevc_ps.c @@ -1324,6 +1324,11 @@ static int pps_range_extensions(GetBitContext *gb, AVCodecContext *avctx, pps->log2_sao_offset_scale_luma = get_ue_golomb_long(gb); pps->log2_sao_offset_scale_chroma = get_ue_golomb_long(gb); +if ( pps->log2_sao_offset_scale_luma > FFMAX(sps->bit_depth- 10, 0) +|| pps->log2_sao_offset_scale_chroma > FFMAX(sps->bit_depth_chroma - 10, 0) +) +return AVERROR_INVALIDDATA; + return(0); } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/mjpegdec: Fix integer overflow in DC dequantization
ffmpeg | branch: release/3.4 | Michael Niedermayer | Wed Jan 24 03:28:49 2018 +0100| [2fdb27b5123d9a74d819ea8b019be878df5942ba] | committer: Michael Niedermayer avcodec/mjpegdec: Fix integer overflow in DC dequantization Fixes: runtime error: signed integer overflow: -65535 * 65312 cannot be represented in type 'int' Fixes: 4900/clusterfuzz-testcase-minimized-5769019744321536 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 1bfc1aa004950c5ad527d823a08b8a19eef34eb0) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2fdb27b5123d9a74d819ea8b019be878df5942ba --- libavcodec/mjpegdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index 5b2409755c..3455126cac 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -715,7 +715,7 @@ static int decode_block(MJpegDecodeContext *s, int16_t *block, int component, av_log(s->avctx, AV_LOG_ERROR, "error dc\n"); return AVERROR_INVALIDDATA; } -val = val * quant_matrix[0] + s->last_dc[component]; +val = val * (unsigned)quant_matrix[0] + s->last_dc[component]; val = av_clip_int16(val); s->last_dc[component] = val; block[0] = val; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/wavpack: Fix integer overflows in wv_unpack_stereo / mono
ffmpeg | branch: release/3.4 | Michael Niedermayer | Sun Jan 14 00:39:41 2018 +0100| [bae4d39437fea9a7bd3bb30d161f0a23dc862c55] | committer: Michael Niedermayer avcodec/wavpack: Fix integer overflows in wv_unpack_stereo / mono Fixes: runtime error: signed integer overflow: 2146276249 + 1487583 cannot be represented in type 'int' Fixes: 4823/clusterfuzz-testcase-minimized-4551896611160064 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 83e34ae3c2b36e7b20169a8866e3f49294db1f5a) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bae4d39437fea9a7bd3bb30d161f0a23dc862c55 --- libavcodec/wavpack.c | 12 ++-- 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c index a117e8aa81..d5e1e07b74 100644 --- a/libavcodec/wavpack.c +++ b/libavcodec/wavpack.c @@ -433,8 +433,8 @@ static inline int wv_unpack_stereo(WavpackFrameContext *s, GetBitContext *gb, L2 = L + ((s->decorr[i].weightA * (int64_t)A + 512) >> 10); R2 = R + ((s->decorr[i].weightB * (int64_t)B + 512) >> 10); } else { -L2 = L + ((int)(s->decorr[i].weightA * (unsigned)A + 512) >> 10); -R2 = R + ((int)(s->decorr[i].weightB * (unsigned)B + 512) >> 10); +L2 = L + (unsigned)((int)(s->decorr[i].weightA * (unsigned)A + 512) >> 10); +R2 = R + (unsigned)((int)(s->decorr[i].weightB * (unsigned)B + 512) >> 10); } if (A && L) s->decorr[i].weightA -= L ^ A) >> 30) & 2) - 1) * s->decorr[i].delta; @@ -446,7 +446,7 @@ static inline int wv_unpack_stereo(WavpackFrameContext *s, GetBitContext *gb, if (type != AV_SAMPLE_FMT_S16P) L2 = L + ((s->decorr[i].weightA * (int64_t)s->decorr[i].samplesA[0] + 512) >> 10); else -L2 = L + ((int)(s->decorr[i].weightA * (unsigned)s->decorr[i].samplesA[0] + 512) >> 10); +L2 = L + (unsigned)((int)(s->decorr[i].weightA * (unsigned)s->decorr[i].samplesA[0] + 512) >> 10); UPDATE_WEIGHT_CLIP(s->decorr[i].weightA, s->decorr[i].delta, s->decorr[i].samplesA[0], L); L = L2; if (type != AV_SAMPLE_FMT_S16P) @@ -460,7 +460,7 @@ static inline int wv_unpack_stereo(WavpackFrameContext *s, GetBitContext *gb, if (type != AV_SAMPLE_FMT_S16P) R2 = R + ((s->decorr[i].weightB * (int64_t)s->decorr[i].samplesB[0] + 512) >> 10); else -R2 = R + ((int)(s->decorr[i].weightB * (unsigned)s->decorr[i].samplesB[0] + 512) >> 10); +R2 = R + (unsigned)((int)(s->decorr[i].weightB * (unsigned)s->decorr[i].samplesB[0] + 512) >> 10); UPDATE_WEIGHT_CLIP(s->decorr[i].weightB, s->decorr[i].delta, s->decorr[i].samplesB[0], R); R = R2; @@ -472,7 +472,7 @@ static inline int wv_unpack_stereo(WavpackFrameContext *s, GetBitContext *gb, if (type != AV_SAMPLE_FMT_S16P) L2 = L + ((s->decorr[i].weightA * (int64_t)R2 + 512) >> 10); else -L2 = L + ((int)(s->decorr[i].weightA * (unsigned)R2 + 512) >> 10); +L2 = L + (unsigned)((int)(s->decorr[i].weightA * (unsigned)R2 + 512) >> 10); UPDATE_WEIGHT_CLIP(s->decorr[i].weightA, s->decorr[i].delta, R2, L); L= L2; s->decorr[i].samplesB[0] = L; @@ -554,7 +554,7 @@ static inline int wv_unpack_mono(WavpackFrameContext *s, GetBitContext *gb, if (type != AV_SAMPLE_FMT_S16P) S = T + ((s->decorr[i].weightA * (int64_t)A + 512) >> 10); else -S = T + ((int)(s->decorr[i].weightA * (unsigned)A + 512) >> 10); +S = T + (unsigned)((int)(s->decorr[i].weightA * (unsigned)A + 512) >> 10); if (A && T) s->decorr[i].weightA -= T ^ A) >> 30) & 2) - 1) * s->decorr[i].delta; s->decorr[i].samplesA[j] = T = S; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/ac3dec_fixed: Fix integer overflow in scale_coefs()
ffmpeg | branch: release/3.4 | Michael Niedermayer | Sun Jan 14 00:39:39 2018 +0100| [56b0179b6a030f1d3b0bcad101d05d01583aad38] | committer: Michael Niedermayer avcodec/ac3dec_fixed: Fix integer overflow in scale_coefs() Fixes: runtime error: signed integer overflow: 2147483520 + 128 cannot be represented in type 'int' Fixes: 4800/clusterfuzz-testcase-minimized-6110372403609600 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit a1f38c75893c852cf19dcf3e4553549ba1e70950) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=56b0179b6a030f1d3b0bcad101d05d01583aad38 --- libavcodec/ac3dec_fixed.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/ac3dec_fixed.c b/libavcodec/ac3dec_fixed.c index 9a6d7a08b1..bd66175d50 100644 --- a/libavcodec/ac3dec_fixed.c +++ b/libavcodec/ac3dec_fixed.c @@ -64,8 +64,8 @@ static void scale_coefs ( int dynrng, int len) { -int i, shift, round; -unsigned mul; +int i, shift; +unsigned mul, round; int temp, temp1, temp2, temp3, temp4, temp5, temp6, temp7; mul = (dynrng & 0x1f) + 0x20; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/snowdec: Fix integer overflow before htaps check
ffmpeg | branch: release/3.4 | Michael Niedermayer | Mon Jan 15 03:03:36 2018 +0100| [aed915b8a62cd7be2a8eb5261cc29df824f8d874] | committer: Michael Niedermayer avcodec/snowdec: Fix integer overflow before htaps check Fixes: runtime error: signed integer overflow: -1094995529 * 2 cannot be represented in type 'int' Fixes: 4828/clusterfuzz-testcase-minimized-5100849937252352 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 2eecf3cf8eeae67697934df326e98df2149881e5) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=aed915b8a62cd7be2a8eb5261cc29df824f8d874 --- libavcodec/snowdec.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavcodec/snowdec.c b/libavcodec/snowdec.c index a9bdb8da5e..0146a2a4c9 100644 --- a/libavcodec/snowdec.c +++ b/libavcodec/snowdec.c @@ -363,9 +363,10 @@ static int decode_header(SnowContext *s){ int htaps, i, sum=0; Plane *p= &s->plane[plane_index]; p->diag_mc= get_rac(&s->c, s->header_state); -htaps= get_symbol(&s->c, s->header_state, 0)*2 + 2; -if((unsigned)htaps >= HTAPS_MAX || htaps==0) +htaps= get_symbol(&s->c, s->header_state, 0); +if((unsigned)htaps >= HTAPS_MAX/2 - 1) return AVERROR_INVALIDDATA; +htaps = htaps*2 + 2; p->htaps= htaps; for(i= htaps/2; i; i--){ p->hcoeff[i]= get_symbol(&s->c, s->header_state, 0) * (1-2*(i&1)); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/ulti: Check number of blocks at init
ffmpeg | branch: release/3.4 | Michael Niedermayer | Mon Jan 15 19:03:48 2018 +0100| [540f4467c8258b29c52be4dc0506a83ac29888bc] | committer: Michael Niedermayer avcodec/ulti: Check number of blocks at init Fixes: Timeout Fixes: 4832/clusterfuzz-testcase-4699096590843904 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 725353525e73bbe5b6b4d01528252675f2417a02) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=540f4467c8258b29c52be4dc0506a83ac29888bc --- libavcodec/ulti.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/ulti.c b/libavcodec/ulti.c index e6f4374981..9e4c088b10 100644 --- a/libavcodec/ulti.c +++ b/libavcodec/ulti.c @@ -50,6 +50,8 @@ static av_cold int ulti_decode_init(AVCodecContext *avctx) s->width = avctx->width; s->height = avctx->height; s->blocks = (s->width / 8) * (s->height / 8); +if (s->blocks == 0) +return AVERROR_INVALIDDATA; avctx->pix_fmt = AV_PIX_FMT_YUV410P; s->ulti_codebook = ulti_codebook; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/jpeg2000: Check sum of sizes of band->prec before allocating
ffmpeg | branch: release/3.4 | Michael Niedermayer | Sun Jan 14 00:39:40 2018 +0100| [f56215d3ff63c5b8d4de890901df6778fd897757] | committer: Michael Niedermayer avcodec/jpeg2000: Check sum of sizes of band->prec before allocating Fixes: OOM Fixes: 4810/clusterfuzz-testcase-minimized-6034253235093504 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 6887e412434776eb260ad3904f565be491dd5726) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f56215d3ff63c5b8d4de890901df6778fd897757 --- libavcodec/jpeg2000.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/jpeg2000.c b/libavcodec/jpeg2000.c index afeb9df27c..026b2db56f 100644 --- a/libavcodec/jpeg2000.c +++ b/libavcodec/jpeg2000.c @@ -543,6 +543,9 @@ int ff_jpeg2000_init_component(Jpeg2000Component *comp, if (!reslevel->band) return AVERROR(ENOMEM); +if (reslevel->num_precincts_x * (uint64_t)reslevel->num_precincts_y * reslevel->nbands > avctx->max_pixels / sizeof(*reslevel->band->prec)) +return AVERROR(ENOMEM); + for (bandno = 0; bandno < reslevel->nbands; bandno++, gbandno++) { ret = init_band(avctx, reslevel, comp, codsty, qntsty, ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/h264addpx_template: Fixes integer overflows
ffmpeg | branch: release/3.4 | Michael Niedermayer | Sun Jan 7 03:48:43 2018 +0100| [4715ef27a068df8c7c3d3b2e40ba1617dbafd5b8] | committer: Michael Niedermayer avcodec/h264addpx_template: Fixes integer overflows Fixes: signed integer overflow: 512 + 2147483491 cannot be represented in type 'int' Fixes: 4780/clusterfuzz-testcase-minimized-4709066174627840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit d6945aeee419a8417b8019c7c92227e12e45b7ad) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4715ef27a068df8c7c3d3b2e40ba1617dbafd5b8 --- libavcodec/h264addpx_template.c | 24 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/libavcodec/h264addpx_template.c b/libavcodec/h264addpx_template.c index b71aaea439..9a1e6a2f2f 100644 --- a/libavcodec/h264addpx_template.c +++ b/libavcodec/h264addpx_template.c @@ -35,10 +35,10 @@ static void FUNCC(ff_h264_add_pixels4)(uint8_t *_dst, int16_t *_src, int stride) stride /= sizeof(pixel); for (i = 0; i < 4; i++) { -dst[0] += src[0]; -dst[1] += src[1]; -dst[2] += src[2]; -dst[3] += src[3]; +dst[0] += (unsigned)src[0]; +dst[1] += (unsigned)src[1]; +dst[2] += (unsigned)src[2]; +dst[3] += (unsigned)src[3]; dst += stride; src += 4; @@ -55,14 +55,14 @@ static void FUNCC(ff_h264_add_pixels8)(uint8_t *_dst, int16_t *_src, int stride) stride /= sizeof(pixel); for (i = 0; i < 8; i++) { -dst[0] += src[0]; -dst[1] += src[1]; -dst[2] += src[2]; -dst[3] += src[3]; -dst[4] += src[4]; -dst[5] += src[5]; -dst[6] += src[6]; -dst[7] += src[7]; +dst[0] += (unsigned)src[0]; +dst[1] += (unsigned)src[1]; +dst[2] += (unsigned)src[2]; +dst[3] += (unsigned)src[3]; +dst[4] += (unsigned)src[4]; +dst[5] += (unsigned)src[5]; +dst[6] += (unsigned)src[6]; +dst[7] += (unsigned)src[7]; dst += stride; src += 8; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/utils: Avoid hardcoding duplicated types in sizeof()
ffmpeg | branch: release/3.4 | Michael Niedermayer | Sun Jun 4 01:53:58 2017 +0200| [04949cc08ecea6eaf6615285f19c09517ae38d42] | committer: Michael Niedermayer avcodec/utils: Avoid hardcoding duplicated types in sizeof() Signed-off-by: Michael Niedermayer (cherry picked from commit 860d991fcd715233b5b9eb1f6c7bf0aadefb6061) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=04949cc08ecea6eaf6615285f19c09517ae38d42 --- libavcodec/utils.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/utils.c b/libavcodec/utils.c index 9551f312e7..0c47e761f6 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -655,7 +655,7 @@ int attribute_align_arg avcodec_open2(AVCodecContext *avctx, const AVCodec *code if (ret < 0) return ret; -avctx->internal = av_mallocz(sizeof(AVCodecInternal)); +avctx->internal = av_mallocz(sizeof(*avctx->internal)); if (!avctx->internal) { ret = AVERROR(ENOMEM); goto end; @@ -1157,7 +1157,7 @@ void avsubtitle_free(AVSubtitle *sub) av_freep(&sub->rects); -memset(sub, 0, sizeof(AVSubtitle)); +memset(sub, 0, sizeof(*sub)); } av_cold int avcodec_close(AVCodecContext *avctx) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/diracdec: Fix integer overflow with quant
ffmpeg | branch: release/3.4 | Michael Niedermayer | Sun Jan 7 20:43:24 2018 +0100| [097bc4d32d59f8aed42e6d9923f65593f1138f81] | committer: Michael Niedermayer avcodec/diracdec: Fix integer overflow with quant Fixes: signed integer overflow: 2 + 2147483646 cannot be represented in type 'int' Fixes: 4792/clusterfuzz-testcase-minimized-6322450775146496 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit eaa93175895568ef6c2542b13104874907d9c4ef) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=097bc4d32d59f8aed42e6d9923f65593f1138f81 --- libavcodec/diracdec.c | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c index 0abb8b0599..7be7f33145 100644 --- a/libavcodec/diracdec.c +++ b/libavcodec/diracdec.c @@ -508,16 +508,16 @@ static inline void codeblock(DiracContext *s, SubBand *b, } if (s->codeblock_mode && !(s->old_delta_quant && blockcnt_one)) { -int quant = b->quant; +int quant; if (is_arith) -quant += dirac_get_arith_int(c, CTX_DELTA_Q_F, CTX_DELTA_Q_DATA); +quant = dirac_get_arith_int(c, CTX_DELTA_Q_F, CTX_DELTA_Q_DATA); else -quant += dirac_get_se_golomb(gb); -if (quant < 0) { +quant = dirac_get_se_golomb(gb); +if (quant > INT_MAX - b->quant || b->quant + quant < 0) { av_log(s->avctx, AV_LOG_ERROR, "Invalid quant\n"); return; } -b->quant = quant; +b->quant += quant; } if (b->quant > (DIRAC_MAX_QUANT_INDEX - 1)) { ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/dnxhddec: Check dc vlc
ffmpeg | branch: release/3.4 | Michael Niedermayer | Wed Jan 3 23:42:00 2018 +0100| [b1af55778b007c798d997735b607798b41149f00] | committer: Michael Niedermayer avcodec/dnxhddec: Check dc vlc Fixes: signed integer overflow: 1024 + 2147483640 cannot be represented in type 'int' Fixes: 4671/clusterfuzz-testcase-minimized-6027464343027712 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol Signed-off-by: Michael Niedermayer (cherry picked from commit b2be76c0a472b729756ed7a91225c209d0dd1d2e) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b1af55778b007c798d997735b607798b41149f00 --- libavcodec/dnxhddec.c | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/libavcodec/dnxhddec.c b/libavcodec/dnxhddec.c index f46e41a456..1f93f9dfc2 100644 --- a/libavcodec/dnxhddec.c +++ b/libavcodec/dnxhddec.c @@ -381,6 +381,10 @@ static av_always_inline int dnxhd_decode_dct_block(const DNXHDContext *ctx, UPDATE_CACHE(bs, &row->gb); GET_VLC(len, bs, &row->gb, ctx->dc_vlc.table, DNXHD_DC_VLC_BITS, 1); +if (len < 0) { +ret = len; +goto error; +} if (len) { level = GET_CACHE(bs, &row->gb); LAST_SKIP_BITS(bs, &row->gb, len); @@ -434,7 +438,7 @@ static av_always_inline int dnxhd_decode_dct_block(const DNXHDContext *ctx, GET_VLC(index1, bs, &row->gb, ctx->ac_vlc.table, DNXHD_VLC_BITS, 2); } - +error: CLOSE_READER(bs, &row->gb); return ret; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/opus_parser: Check payload_len in parse_opus_ts_header()
ffmpeg | branch: release/3.4 | Michael Niedermayer | Fri Jan 5 22:12:07 2018 +0100| [a3add1924095150fa33a22e3ca58f7263253414f] | committer: Michael Niedermayer avcodec/opus_parser: Check payload_len in parse_opus_ts_header() Fixes: clusterfuzz-testcase-minimized-6134545979277312 Fixes: crbug 797469 Reported-by: Matt Wolenetz Signed-off-by: Michael Niedermayer (cherry picked from commit 1bcd7fefcb3c1ec47978fdc64a9e8dfb9512ae62) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a3add1924095150fa33a22e3ca58f7263253414f --- libavcodec/opus_parser.c | 16 +--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/libavcodec/opus_parser.c b/libavcodec/opus_parser.c index 893573eb82..28b0933900 100644 --- a/libavcodec/opus_parser.c +++ b/libavcodec/opus_parser.c @@ -43,6 +43,7 @@ static const uint8_t *parse_opus_ts_header(const uint8_t *start, int *payload_le const uint8_t *buf = start + 1; int start_trim_flag, end_trim_flag, control_extension_flag, control_extension_length; uint8_t flags; +uint64_t payload_len_tmp; GetByteContext gb; bytestream2_init(&gb, buf, buf_len); @@ -52,11 +53,11 @@ static const uint8_t *parse_opus_ts_header(const uint8_t *start, int *payload_le end_trim_flag = (flags >> 3) & 1; control_extension_flag = (flags >> 2) & 1; -*payload_len = 0; +payload_len_tmp = *payload_len = 0; while (bytestream2_peek_byte(&gb) == 0xff) -*payload_len += bytestream2_get_byte(&gb); +payload_len_tmp += bytestream2_get_byte(&gb); -*payload_len += bytestream2_get_byte(&gb); +payload_len_tmp += bytestream2_get_byte(&gb); if (start_trim_flag) bytestream2_skip(&gb, 2); @@ -67,6 +68,11 @@ static const uint8_t *parse_opus_ts_header(const uint8_t *start, int *payload_le bytestream2_skip(&gb, control_extension_length); } +if (bytestream2_tell(&gb) + payload_len_tmp > buf_len) +return NULL; + +*payload_len = payload_len_tmp; + return buf + bytestream2_tell(&gb); } @@ -104,6 +110,10 @@ static int opus_find_frame_end(AVCodecParserContext *ctx, AVCodecContext *avctx, state = (state << 8) | payload[i]; if ((state & OPUS_TS_MASK) == OPUS_TS_HEADER) { payload = parse_opus_ts_header(payload, &payload_len, buf_size - i); +if (!payload) { +av_log(avctx, AV_LOG_ERROR, "Error parsing Ogg TS header.\n"); +return AVERROR_INVALIDDATA; +} *header_len = payload - buf; start_found = 1; break; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/h264_slice: Do not attempt to render into frames already output
ffmpeg | branch: release/3.4 | Michael Niedermayer | Wed Jan 3 23:42:01 2018 +0100| [62024c127798452f49b56c6dbeac81f7d19b6cbe] | committer: Michael Niedermayer avcodec/h264_slice: Do not attempt to render into frames already output Fixes: null pointer dereference Fixes: 4698/clusterfuzz-testcase-minimized-5096956322906112 This testcase does not reproduce the issue before 03b82b3ab9883cef017e513c7d0b3b986b3b3e7b Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 476665d4de989dba48ec1195215ccc8db54538f4) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=62024c127798452f49b56c6dbeac81f7d19b6cbe --- libavcodec/h264_slice.c | 6 ++ 1 file changed, 6 insertions(+) diff --git a/libavcodec/h264_slice.c b/libavcodec/h264_slice.c index 2577edd8a6..cf1b22fc32 100644 --- a/libavcodec/h264_slice.c +++ b/libavcodec/h264_slice.c @@ -1577,6 +1577,12 @@ static int h264_field_start(H264Context *h, const H264SliceContext *sl, * one except for reference purposes. */ h->first_field = 1; h->cur_pic_ptr = NULL; +} else if (h->cur_pic_ptr->reference & DELAYED_PIC_REF) { +/* This frame was already output, we cannot draw into it + * anymore. + */ +h->first_field = 1; +h->cur_pic_ptr = NULL; } else { /* Second field in complementary pair */ h->first_field = 0; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/matroskadec: Fix float-cast-overflow undefined behavior in matroska_parse_tracks()
ffmpeg | branch: release/3.4 | Nikolas Bowe | Thu Jan 18 15:21:56 2018 -0800| [facd0521e44063f8d8b57b11a4803ae82c0c123b] | committer: Michael Niedermayer avformat/matroskadec: Fix float-cast-overflow undefined behavior in matroska_parse_tracks() Signed-off-by: Michael Niedermayer (cherry picked from commit e07649e618caedc07eaf2f4d09253de7f77d14f0) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=facd0521e44063f8d8b57b11a4803ae82c0c123b --- libavformat/matroskadec.c | 12 ++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index 94a56ebfa7..e6631097b8 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -2089,8 +2089,16 @@ static int matroska_parse_tracks(AVFormatContext *s) } if (track->type == MATROSKA_TRACK_TYPE_VIDEO) { -if (!track->default_duration && track->video.frame_rate > 0) -track->default_duration = 10 / track->video.frame_rate; +if (!track->default_duration && track->video.frame_rate > 0) { +double default_duration = 10 / track->video.frame_rate; +if (default_duration > UINT64_MAX || default_duration < 0) { +av_log(matroska->ctx, AV_LOG_WARNING, + "Invalid frame rate %e. Cannot calculate default duration.\n", + track->video.frame_rate); +} else { +track->default_duration = default_duration; +} +} if (track->video.display_width == -1) track->video.display_width = track->video.pixel_width; if (track->video.display_height == -1) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/arm/sbrdsp_neon: Use a free register instead of putting 2 things in one
ffmpeg | branch: release/3.4 | Michael Niedermayer | Thu Jan 11 22:47:10 2018 +0100| [ece78799924977c8298078d9df6c5fcd59503268] | committer: Michael Niedermayer avcodec/arm/sbrdsp_neon: Use a free register instead of putting 2 things in one Fixes high pitched shriek Fixes: 25420848_1478428308873746_4255813235963330560_n.mp4 Reported-by: Dale Curtis Reviewed-by: Dale Curtis Signed-off-by: Michael Niedermayer (cherry picked from commit 7dbbb75ee32f87108ca9e15f5551dbbe69fe2641) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ece78799924977c8298078d9df6c5fcd59503268 --- libavcodec/arm/sbrdsp_neon.S | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/arm/sbrdsp_neon.S b/libavcodec/arm/sbrdsp_neon.S index e66abd682a..003b04ea05 100644 --- a/libavcodec/arm/sbrdsp_neon.S +++ b/libavcodec/arm/sbrdsp_neon.S @@ -336,11 +336,11 @@ function ff_sbr_hf_apply_noise_0_neon, export=1 vld1.32 {d0}, [r0,:64] vld1.32 {d6}, [lr,:64] vld1.32 {d2[]}, [r1,:32]! -vld1.32 {d3[]}, [r2,:32]! +vld1.32 {d18[]}, [r2,:32]! vceq.f32d4, d2, #0 veord2, d2, d3 vmovd1, d0 -vmla.f32d0, d6, d3 +vmla.f32d0, d6, d18 vadd.f32s2, s2, s4 vbifd0, d1, d4 vst1.32 {d0}, [r0,:64]! ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/lrcdec: Fix memory leak in lrc_read_header()
ffmpeg | branch: release/3.4 | Nikolas Bowe | Fri Jan 19 13:17:07 2018 -0800| [e755482d367a256f03758a1bb6358f1c7bd68edc] | committer: Michael Niedermayer avformat/lrcdec: Fix memory leak in lrc_read_header() Signed-off-by: Michael Niedermayer (cherry picked from commit ef5994e09d07ace62a672fcdc84761231288edad) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e755482d367a256f03758a1bb6358f1c7bd68edc --- libavformat/lrcdec.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavformat/lrcdec.c b/libavformat/lrcdec.c index 12f74b22a0..f4e9a4efa9 100644 --- a/libavformat/lrcdec.c +++ b/libavformat/lrcdec.c @@ -212,6 +212,7 @@ static int lrc_read_header(AVFormatContext *s) } ff_subtitles_queue_finalize(s, &lrc->q); ff_metadata_conv_ctx(s, NULL, ff_lrc_metadata_conv); +av_bprint_finalize(&line, NULL); return 0; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/flacdec: Fix overflow in multiplication in decode_subframe_fixed()
ffmpeg | branch: release/3.4 | Michael Niedermayer | Tue Dec 26 23:24:44 2017 +0100| [91f5a2b7b88aaba20800c5363aef49b14811b4c9] | committer: Michael Niedermayer avcodec/flacdec: Fix overflow in multiplication in decode_subframe_fixed() Fixes: signed integer overflow: 2 * 1629495328 cannot be represented in type 'int' Fixes: 4716/clusterfuzz-testcase-minimized-5835915940331520 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 3d23f7a0969bf76ad6dcdc2c4a5cd3ae884745a8) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=91f5a2b7b88aaba20800c5363aef49b14811b4c9 --- libavcodec/flacdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/flacdec.c b/libavcodec/flacdec.c index 5bbb8ee5b9..3d41a1af7f 100644 --- a/libavcodec/flacdec.c +++ b/libavcodec/flacdec.c @@ -298,7 +298,7 @@ static int decode_subframe_fixed(FLACContext *s, int32_t *decoded, if (pred_order > 2) c = b - decoded[pred_order-2] + decoded[pred_order-3]; if (pred_order > 3) -d = c - decoded[pred_order-2] + 2*decoded[pred_order-3] - decoded[pred_order-4]; +d = c - decoded[pred_order-2] + 2U*decoded[pred_order-3] - decoded[pred_order-4]; switch (pred_order) { case 0: ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] lavfi/deinterlace_vaapi: fix can't show full option information.
ffmpeg | branch: release/3.4 | Jun Zhao | Tue Jan 16 22:44:02 2018 +0800| [7b56d6584c46072b0f959f22a461cff01b302a65] | committer: Michael Niedermayer lavfi/deinterlace_vaapi: fix can't show full option information. use ffmpeg -h filter=deinterlace_vaapi can't get full help information, the root cause is not setting the flags fileld in options. Signed-off-by: Jun Zhao Signed-off-by: Michael Niedermayer (cherry picked from commit 383804edd812410219a097e2bf3efac8a8b4562a) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7b56d6584c46072b0f959f22a461cff01b302a65 --- libavfilter/vf_deinterlace_vaapi.c | 14 +++--- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/libavfilter/vf_deinterlace_vaapi.c b/libavfilter/vf_deinterlace_vaapi.c index 44c5ae7642..a38da5d57b 100644 --- a/libavfilter/vf_deinterlace_vaapi.c +++ b/libavfilter/vf_deinterlace_vaapi.c @@ -615,22 +615,22 @@ static const AVOption deint_vaapi_options[] = { OFFSET(mode), AV_OPT_TYPE_INT, { .i64 = VAProcDeinterlacingNone }, VAProcDeinterlacingNone, VAProcDeinterlacingCount - 1, FLAGS, "mode" }, { "default", "Use the highest-numbered (and therefore possibly most advanced) deinterlacing algorithm", - 0, AV_OPT_TYPE_CONST, { .i64 = VAProcDeinterlacingNone }, .unit = "mode" }, + 0, AV_OPT_TYPE_CONST, { .i64 = VAProcDeinterlacingNone }, 0, 0, FLAGS, "mode" }, { "bob", "Use the bob deinterlacing algorithm", - 0, AV_OPT_TYPE_CONST, { .i64 = VAProcDeinterlacingBob }, .unit = "mode" }, + 0, AV_OPT_TYPE_CONST, { .i64 = VAProcDeinterlacingBob }, 0, 0, FLAGS, "mode" }, { "weave", "Use the weave deinterlacing algorithm", - 0, AV_OPT_TYPE_CONST, { .i64 = VAProcDeinterlacingWeave }, .unit = "mode" }, + 0, AV_OPT_TYPE_CONST, { .i64 = VAProcDeinterlacingWeave }, 0, 0, FLAGS, "mode" }, { "motion_adaptive", "Use the motion adaptive deinterlacing algorithm", - 0, AV_OPT_TYPE_CONST, { .i64 = VAProcDeinterlacingMotionAdaptive }, .unit = "mode" }, + 0, AV_OPT_TYPE_CONST, { .i64 = VAProcDeinterlacingMotionAdaptive }, 0, 0, FLAGS, "mode" }, { "motion_compensated", "Use the motion compensated deinterlacing algorithm", - 0, AV_OPT_TYPE_CONST, { .i64 = VAProcDeinterlacingMotionCompensated }, .unit = "mode" }, + 0, AV_OPT_TYPE_CONST, { .i64 = VAProcDeinterlacingMotionCompensated }, 0, 0, FLAGS, "mode" }, { "rate", "Generate output at frame rate or field rate", OFFSET(field_rate), AV_OPT_TYPE_INT, { .i64 = 1 }, 1, 2, FLAGS, "rate" }, { "frame", "Output at frame rate (one frame of output for each field-pair)", - 0, AV_OPT_TYPE_CONST, { .i64 = 1 }, .unit = "rate" }, + 0, AV_OPT_TYPE_CONST, { .i64 = 1 }, 0, 0, FLAGS, "rate" }, { "field", "Output at field rate (one frame of output for each field)", - 0, AV_OPT_TYPE_CONST, { .i64 = 2 }, .unit = "rate" }, + 0, AV_OPT_TYPE_CONST, { .i64 = 2 }, 0, 0, FLAGS, "rate" }, { "auto", "Only deinterlace fields, passing frames through unchanged", OFFSET(auto_enable), AV_OPT_TYPE_INT, { .i64 = 0 }, 0, 1, FLAGS }, ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/hevcdsp_template.c: Fix undefined shift in FUNC(dequant)
ffmpeg | branch: release/3.4 | Michael Niedermayer | Fri Dec 22 03:12:03 2017 +0100| [0e7d8ce37c2fd543bde32914ddb7ce54fc2f9220] | committer: Michael Niedermayer avcodec/hevcdsp_template.c: Fix undefined shift in FUNC(dequant) Fixes: runtime error: left shift of negative value -180 Fixes: 4626/clusterfuzz-testcase-minimized-5647837887987712 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 0c9ab5ef9c1ee852c80c859c9e07efe8730b57ed) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0e7d8ce37c2fd543bde32914ddb7ce54fc2f9220 --- libavcodec/hevcdsp_template.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/hevcdsp_template.c b/libavcodec/hevcdsp_template.c index 4017af8eb0..903aa3fe95 100644 --- a/libavcodec/hevcdsp_template.c +++ b/libavcodec/hevcdsp_template.c @@ -121,7 +121,7 @@ static void FUNC(dequant)(int16_t *coeffs, int16_t log2_size) } else { for (y = 0; y < size; y++) { for (x = 0; x < size; x++) { -*coeffs = *coeffs << -shift; +*coeffs = *(uint16_t*)coeffs << -shift; coeffs++; } } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/dirac_dwt: Fix integer overflow in COMPOSE_DD97iH0() and COMPOSE_DD137iL0()
ffmpeg | branch: release/3.4 | Michael Niedermayer | Fri Dec 22 03:06:14 2017 +0100| [e55a6c5f055ccae4e64fe3bee96f53be9c15c708] | committer: Michael Niedermayer avcodec/dirac_dwt: Fix integer overflow in COMPOSE_DD97iH0() and COMPOSE_DD137iL0() Fixes: runtime error: signed integer overflow: 2147483646 + 33554433 cannot be represented in type 'int' Fixes: 4563/clusterfuzz-testcase-minimized-5438979567517696 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 4d70fbeec8cbab072b3a9b9f760b8deaaef240f2) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e55a6c5f055ccae4e64fe3bee96f53be9c15c708 --- libavcodec/dirac_dwt.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/dirac_dwt.h b/libavcodec/dirac_dwt.h index 50c8b1e394..f9828d95a4 100644 --- a/libavcodec/dirac_dwt.h +++ b/libavcodec/dirac_dwt.h @@ -99,10 +99,10 @@ void ff_spatial_idwt_slice2(DWTContext *d, int y); (b1 + ((int)(b0 + (unsigned)(b2) + 1) >> 1)) #define COMPOSE_DD97iH0(b0, b1, b2, b3, b4)\ -(b2 + ((int)(-b0 + 9U*b1 + 9U*b3 - b4 + 8) >> 4)) +(int)(((unsigned)(b2) + ((int)(-b0 + 9U*b1 + 9U*b3 - b4 + 8) >> 4))) #define COMPOSE_DD137iL0(b0, b1, b2, b3, b4)\ -(b2 - ((int)(-b0 + 9U*b1 + 9U*b3 - b4 + 16) >> 5)) +(int)(((unsigned)(b2) - ((int)(-b0 + 9U*b1 + 9U*b3 - b4 + 16) >> 5))) #define COMPOSE_HAARiL0(b0, b1)\ (b0 - ((b1 + 1) >> 1)) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] configure: bump year
ffmpeg | branch: release/3.4 | Carl Eugen Hoyos | Mon Jan 1 18:05:55 2018 +0100| [092febb2add69463e84bc2409cb9c5c4081989b6] | committer: Michael Niedermayer configure: bump year Happy new year! (cherry picked from commit bddf31ba7570325dd2c8d033eae3d0dd74127f96) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=092febb2add69463e84bc2409cb9c5c4081989b6 --- configure | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure b/configure index 1797c5dd4f..231c6c371c 100755 --- a/configure +++ b/configure @@ -7000,7 +7000,7 @@ cat > $TMPH
[FFmpeg-cvslog] avcodec/dirac_dwt: Fix overflows in COMPOSE_HAARiH0/COMPOSE_HAARiL0
ffmpeg | branch: release/3.4 | Michael Niedermayer | Sun Jan 7 20:58:49 2018 +0100| [8263246ba8f627d8cfeefb3a83d062989e507e77] | committer: Michael Niedermayer avcodec/dirac_dwt: Fix overflows in COMPOSE_HAARiH0/COMPOSE_HAARiL0 Fixes: 4830/clusterfuzz-testcase-minimized-5255392054476800 Fixes: signed integer overflow: 2147483646 - -7 cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 0e62a2373475f58c72c0faf5568be00b26909585) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8263246ba8f627d8cfeefb3a83d062989e507e77 --- libavcodec/dirac_dwt.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/dirac_dwt.h b/libavcodec/dirac_dwt.h index f9828d95a4..1af41e0702 100644 --- a/libavcodec/dirac_dwt.h +++ b/libavcodec/dirac_dwt.h @@ -105,10 +105,10 @@ void ff_spatial_idwt_slice2(DWTContext *d, int y); (int)(((unsigned)(b2) - ((int)(-b0 + 9U*b1 + 9U*b3 - b4 + 16) >> 5))) #define COMPOSE_HAARiL0(b0, b1)\ -(b0 - ((b1 + 1) >> 1)) +((int)(b0 - (unsigned)((int)(b1 + 1U) >> 1))) #define COMPOSE_HAARiH0(b0, b1)\ -(b0 + b1) +((int)(b0 + (unsigned)(b1))) #define COMPOSE_FIDELITYiL0(b0, b1, b2, b3, b4, b5, b6, b7, b8)\ ((unsigned)b4 - ((int)(-8*(b0+(unsigned)b8) + 21*(b1+(unsigned)b7) - 46*(b2+(unsigned)b6) + 161*(b3+(unsigned)b5) + 128) >> 8)) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/jpeg2000dsp: Fix integer overflows in ict_int()
ffmpeg | branch: release/3.4 | Michael Niedermayer | Sun Jan 7 04:12:57 2018 +0100| [5365904e964209d7d50af085abc16f40b3bf6010] | committer: Michael Niedermayer avcodec/jpeg2000dsp: Fix integer overflows in ict_int() Fixes: signed integer overflow: 46802 * -71230 cannot be represented in type 'int' Fixes: 4756/clusterfuzz-testcase-minimized-4812495563784192 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit b3192c64b5bdcb0474cda437d2d5f9421d68811e) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5365904e964209d7d50af085abc16f40b3bf6010 --- libavcodec/jpeg2000dsp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/jpeg2000dsp.c b/libavcodec/jpeg2000dsp.c index 85a12d0e9b..90e73b1e20 100644 --- a/libavcodec/jpeg2000dsp.c +++ b/libavcodec/jpeg2000dsp.c @@ -64,9 +64,9 @@ static void ict_int(void *_src0, void *_src1, void *_src2, int csize) int i; for (i = 0; i < csize; i++) { -i0 = *src0 + *src2 + (((26345 * *src2) + (1 << 15)) >> 16); +i0 = *src0 + *src2 + ((int)((26345U * *src2) + (1 << 15)) >> 16); i1 = *src0 - ((int)(((unsigned)i_ict_params[1] * *src1) + (1 << 15)) >> 16) - - (((i_ict_params[2] * *src2) + (1 << 15)) >> 16); + - ((int)(((unsigned)i_ict_params[2] * *src2) + (1 << 15)) >> 16); i2 = *src0 + (2 * *src1) + ((int)((-14942U * *src1) + (1 << 15)) >> 16); *src0++ = i0; *src1++ = i1; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/vp9: mark frame as finished on decode_tiles() failure
ffmpeg | branch: release/3.4 | Michael Niedermayer | Thu Dec 14 02:02:55 2017 +0100| [0f0a2ff5a09d0372d9864c070859849654589ad0] | committer: Michael Niedermayer avcodec/vp9: mark frame as finished on decode_tiles() failure Fixes deadlock with framethreads Fixes: Netflix_Aerial_1080p_60fps_8bit_420.y4m.vp9.noaltref.webm.ivf.s69372_r01-05_b6-.ivf Fixes: Netflix_Aerial_1080p_60fps_10bit_420.y4m.vp9.noaltref.webm.ivf.s149104_r01-05_b6-.ivf Fixes: ducks_take_off_444_720p50.y4m.vp9.webm.ivf.s107375_r01-05_b6-.ivf Reported-by: James Zern Reviewed-by: James Zern Signed-off-by: Michael Niedermayer (cherry picked from commit 5e03eea673a9da2253ed15152e46b1422b35d145) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0f0a2ff5a09d0372d9864c070859849654589ad0 --- libavcodec/vp9.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavcodec/vp9.c b/libavcodec/vp9.c index 6b5de19266..f2cf194243 100644 --- a/libavcodec/vp9.c +++ b/libavcodec/vp9.c @@ -1634,8 +1634,10 @@ FF_ENABLE_DEPRECATION_WARNINGS #endif { ret = decode_tiles(avctx, data, size); -if (ret < 0) +if (ret < 0) { +ff_thread_report_progress(&s->s.frames[CUR_FRAME].tf, INT_MAX, 0); return ret; +} } // Sum all counts fields into td[0].counts for tile threading ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avfilter/formats: fix wrong function name in error message
ffmpeg | branch: release/3.4 | Jun Zhao | Mon Dec 4 12:50:34 2017 +0800| [9aa0ed850b77fe46d5b766329f45deb9150cea10] | committer: Michael Niedermayer avfilter/formats: fix wrong function name in error message Use perdefined micro __FUNCTION__ rather than hard coding function name to fix wrong function name in error message. Signed-off-by: Jun Zhao Signed-off-by: Michael Niedermayer (cherry picked from commit 4280948702bc256e21c375790b889c735d233b0d) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9aa0ed850b77fe46d5b766329f45deb9150cea10 --- libavfilter/formats.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavfilter/formats.c b/libavfilter/formats.c index d4de862237..20a2c89719 100644 --- a/libavfilter/formats.c +++ b/libavfilter/formats.c @@ -72,7 +72,7 @@ do { for (j = 0; j < b->nb; j++) \ if (a->fmts[i] == b->fmts[j]) { \ if(k >= FFMIN(a->nb, b->nb)){ \ -av_log(NULL, AV_LOG_ERROR, "Duplicate formats in avfilter_merge_formats() detected\n"); \ +av_log(NULL, AV_LOG_ERROR, "Duplicate formats in %s detected\n", __FUNCTION__); \ av_free(ret->fmts); \ av_free(ret); \ return NULL; \ ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/exr: Check buf_size more completely
ffmpeg | branch: release/3.4 | Michael Niedermayer | Fri Dec 29 03:00:19 2017 +0100| [6abe1e06f5922a350a4f4f975bdf8809d5553203] | committer: Michael Niedermayer avcodec/exr: Check buf_size more completely Fixes: Out of heap array read Fixes: 4683/clusterfuzz-testcase-minimized-6152313673613312 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 903be5e4f66268273dc6e3c42a7fdeaab32066ef) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6abe1e06f5922a350a4f4f975bdf8809d5553203 --- libavcodec/exr.c | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libavcodec/exr.c b/libavcodec/exr.c index b1ecde4ebd..454dc74cfb 100644 --- a/libavcodec/exr.c +++ b/libavcodec/exr.c @@ -1051,7 +1051,7 @@ static int decode_block(AVCodecContext *avctx, void *tdata, line_offset = AV_RL64(s->gb.buffer + jobnr * 8); if (s->is_tile) { -if (line_offset > buf_size - 20) +if (buf_size < 20 || line_offset > buf_size - 20) return AVERROR_INVALIDDATA; src = buf + line_offset + 20; @@ -1062,7 +1062,7 @@ static int decode_block(AVCodecContext *avctx, void *tdata, tile_level_y = AV_RL32(src - 8); data_size = AV_RL32(src - 4); -if (data_size <= 0 || data_size > buf_size) +if (data_size <= 0 || data_size > buf_size - line_offset - 20) return AVERROR_INVALIDDATA; if (tile_level_x || tile_level_y) { /* tile level, is not the full res level */ @@ -1095,7 +1095,7 @@ static int decode_block(AVCodecContext *avctx, void *tdata, td->channel_line_size = td->xsize * s->current_channel_offset;/* uncompress size of one line */ uncompressed_size = td->channel_line_size * (uint64_t)td->ysize;/* uncompress size of the block */ } else { -if (line_offset > buf_size - 8) +if (buf_size < 8 || line_offset > buf_size - 8) return AVERROR_INVALIDDATA; src = buf + line_offset + 8; @@ -1105,7 +1105,7 @@ static int decode_block(AVCodecContext *avctx, void *tdata, return AVERROR_INVALIDDATA; data_size = AV_RL32(src - 4); -if (data_size <= 0 || data_size > buf_size) +if (data_size <= 0 || data_size > buf_size - line_offset - 8) return AVERROR_INVALIDDATA; td->ysize = FFMIN(s->scan_lines_per_block, s->ymax - line + 1); /* s->ydelta - line ?? */ ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] tests/audiomatch: Add missing return code at the end of main()
ffmpeg | branch: release/3.4 | Michael Niedermayer | Tue Dec 19 21:05:40 2017 +0100| [43c03866b23ab49ccdce014a55b601a25e5094cf] | committer: Michael Niedermayer tests/audiomatch: Add missing return code at the end of main() Signed-off-by: Michael Niedermayer (cherry picked from commit 65da5c56e661a839e017db4c51c73d6f3d8a8fcb) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=43c03866b23ab49ccdce014a55b601a25e5094cf --- tests/audiomatch.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/audiomatch.c b/tests/audiomatch.c index ca56df09b3..9671789a37 100644 --- a/tests/audiomatch.c +++ b/tests/audiomatch.c @@ -107,4 +107,6 @@ int main(int argc, char **argv){ } } printf("presig: %d postsig:%d c:%7.4f lenerr:%d\n", bestpos, datlen - siglen - bestpos, bestc / sigamp, datlen - siglen); + +return 0; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/hevc_sei: Fix integer overflows in decode_nal_sei_message()
ffmpeg | branch: release/3.4 | Michael Niedermayer | Fri Dec 15 17:50:12 2017 +0100| [2e426fae43f3a543649a6b9bf3ed6c0ae6892ce5] | committer: Michael Niedermayer avcodec/hevc_sei: Fix integer overflows in decode_nal_sei_message() Fixes: signed integer overflow: 2147483520 + 255 cannot be represented in type 'int' Fixes: 4554/clusterfuzz-testcase-minimized-4843714515042304 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 991ef6e5b9a6a9d95e274ff6bff52db1c82b3808) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2e426fae43f3a543649a6b9bf3ed6c0ae6892ce5 --- libavcodec/hevc_sei.c | 4 1 file changed, 4 insertions(+) diff --git a/libavcodec/hevc_sei.c b/libavcodec/hevc_sei.c index d0f9966a29..4fae797251 100644 --- a/libavcodec/hevc_sei.c +++ b/libavcodec/hevc_sei.c @@ -324,11 +324,15 @@ static int decode_nal_sei_message(GetBitContext *gb, HEVCSEIContext *s, av_log(logctx, AV_LOG_DEBUG, "Decoding SEI\n"); while (byte == 0xFF) { +if (get_bits_left(gb) < 16 || payload_type > INT_MAX - 255) +return AVERROR_INVALIDDATA; byte = get_bits(gb, 8); payload_type += byte; } byte = 0xFF; while (byte == 0xFF) { +if (get_bits_left(gb) < 8 + 8LL*payload_size) +return AVERROR_INVALIDDATA; byte = get_bits(gb, 8); payload_size += byte; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/flacdec: avoid undefined shift
ffmpeg | branch: release/3.4 | Michael Niedermayer | Tue Dec 26 23:24:43 2017 +0100| [fb9560b366da69bd54011455c0c35303669e7ce6] | committer: Michael Niedermayer avcodec/flacdec: avoid undefined shift Fixes: shift exponent 32 is too large for 32-bit type 'unsigned int' Fixes: 4688/clusterfuzz-testcase-minimized-6572210748653568 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 560daf88913b0de59a4d845bcd19254b406388dd) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fb9560b366da69bd54011455c0c35303669e7ce6 --- libavcodec/flacdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/flacdec.c b/libavcodec/flacdec.c index 581c73efc8..5bbb8ee5b9 100644 --- a/libavcodec/flacdec.c +++ b/libavcodec/flacdec.c @@ -456,7 +456,7 @@ static inline int decode_subframe(FLACContext *s, int channel) return AVERROR_INVALIDDATA; } -if (wasted) { +if (wasted && wasted < 32) { int i; for (i = 0; i < s->blocksize; i++) decoded[i] = (unsigned)decoded[i] << wasted; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/h264_parse: Treat escaped and unescaped decoding error equal in decode_extradata_ps_mp4()
ffmpeg | branch: release/3.4 | Michael Niedermayer | Sat Nov 25 22:21:16 2017 +0100| [d6a13f031ced11ef291768a76c90d76e1b586526] | committer: Michael Niedermayer avcodec/h264_parse: Treat escaped and unescaped decoding error equal in decode_extradata_ps_mp4() Fixes: lorex.mp4 Fixes: ticket6762 Signed-off-by: Michael Niedermayer (cherry picked from commit 4bb7d72bcfb56ae4fe56055927cf53cf484f5df4) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d6a13f031ced11ef291768a76c90d76e1b586526 --- libavcodec/h264_parse.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/libavcodec/h264_parse.c b/libavcodec/h264_parse.c index a7c71d9bbb..fee28d90d9 100644 --- a/libavcodec/h264_parse.c +++ b/libavcodec/h264_parse.c @@ -425,10 +425,9 @@ static int decode_extradata_ps_mp4(const uint8_t *buf, int buf_size, H264ParamSe escaped_buf_size = bytestream2_tell_p(&pbc); AV_WB16(escaped_buf, escaped_buf_size - 2); -ret = decode_extradata_ps(escaped_buf, escaped_buf_size, ps, 1, logctx); +(void)decode_extradata_ps(escaped_buf, escaped_buf_size, ps, 1, logctx); +// lorex.mp4 decodes ok even with extradata decoding failing av_freep(&escaped_buf); -if (ret < 0) -return ret; } return 0; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/hevcdsp_template: Fix Invalid shifts in put_hevc_qpel_bi_w_h() and put_hevc_qpel_bi_w_w()
ffmpeg | branch: release/3.4 | Michael Niedermayer | Tue Dec 26 23:24:45 2017 +0100| [7e402c31efd8fc332175121b2d901eb16ed5614a] | committer: Michael Niedermayer avcodec/hevcdsp_template: Fix Invalid shifts in put_hevc_qpel_bi_w_h() and put_hevc_qpel_bi_w_w() Fixes: left shift of negative value -1 Fixes: 4690/clusterfuzz-testcase-minimized-6117482428366848 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit d135f3c514ac1723256c8e0f5cdd466fe98a2578) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7e402c31efd8fc332175121b2d901eb16ed5614a --- libavcodec/hevcdsp_template.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/hevcdsp_template.c b/libavcodec/hevcdsp_template.c index 903aa3fe95..56cd9e605d 100644 --- a/libavcodec/hevcdsp_template.c +++ b/libavcodec/hevcdsp_template.c @@ -915,7 +915,7 @@ static void FUNC(put_hevc_qpel_bi_w_h)(uint8_t *_dst, ptrdiff_t _dststride, uint for (y = 0; y < height; y++) { for (x = 0; x < width; x++) dst[x] = av_clip_pixel(((QPEL_FILTER(src, 1) >> (BIT_DEPTH - 8)) * wx1 + src2[x] * wx0 + -((ox0 + ox1 + 1) << log2Wd)) >> (log2Wd + 1)); +((ox0 + ox1 + 1) * (1 << log2Wd))) >> (log2Wd + 1)); src += srcstride; dst += dststride; src2 += MAX_PB_SIZE; @@ -970,7 +970,7 @@ static void FUNC(put_hevc_qpel_bi_w_v)(uint8_t *_dst, ptrdiff_t _dststride, uint for (y = 0; y < height; y++) { for (x = 0; x < width; x++) dst[x] = av_clip_pixel(((QPEL_FILTER(src, srcstride) >> (BIT_DEPTH - 8)) * wx1 + src2[x] * wx0 + -((ox0 + ox1 + 1) << log2Wd)) >> (log2Wd + 1)); +((ox0 + ox1 + 1) * (1 << log2Wd))) >> (log2Wd + 1)); src += srcstride; dst += dststride; src2 += MAX_PB_SIZE; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/hevc_cabac: Fix integer overflow in ff_hevc_cu_qp_delta_abs()
ffmpeg | branch: release/3.4 | Michael Niedermayer | Fri Dec 15 18:17:13 2017 +0100| [0288d15cdded73991b72c1407e98654a295a09ae] | committer: Michael Niedermayer avcodec/hevc_cabac: Fix integer overflow in ff_hevc_cu_qp_delta_abs() Fixes: signed integer overflow: 2147483647 + 1073741824 cannot be represented in type 'int' Fixes: 4555/clusterfuzz-testcase-minimized-4505532481142784 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 0ee143558d55b590774dba69cff5a16eda089a4d) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0288d15cdded73991b72c1407e98654a295a09ae --- libavcodec/hevc_cabac.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavcodec/hevc_cabac.c b/libavcodec/hevc_cabac.c index 853fd3f722..5b5da1165a 100644 --- a/libavcodec/hevc_cabac.c +++ b/libavcodec/hevc_cabac.c @@ -646,8 +646,10 @@ int ff_hevc_cu_qp_delta_abs(HEVCContext *s) suffix_val += 1 << k; k++; } -if (k == CABAC_MAX_BIN) +if (k == CABAC_MAX_BIN) { av_log(s->avctx, AV_LOG_ERROR, "CABAC_MAX_BIN : %d\n", k); +return AVERROR_INVALIDDATA; +} while (k--) suffix_val += get_cabac_bypass(&s->HEVClc->cc) << k; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] libavfilter/af_dcshift.c: Fixed repeated spelling error
ffmpeg | branch: release/3.4 | Kelly Ledford | Tue Dec 12 11:31:23 2017 -0800| [a3832486e4f152d9f9660ecf812ee45b03d784f1] | committer: Michael Niedermayer libavfilter/af_dcshift.c: Fixed repeated spelling error 'threshhold' should be 'threshold' Signed-off-by: Kelly Ledford Signed-off-by: Michael Niedermayer (cherry picked from commit bc219082bb04b9a4725bfe7e78ce0950244e6e84) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a3832486e4f152d9f9660ecf812ee45b03d784f1 --- libavfilter/af_dcshift.c | 20 ++-- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/libavfilter/af_dcshift.c b/libavfilter/af_dcshift.c index 6d33daee0b..e007efe05e 100644 --- a/libavfilter/af_dcshift.c +++ b/libavfilter/af_dcshift.c @@ -28,7 +28,7 @@ typedef struct DCShiftContext { const AVClass *class; double dcshift; -double limiterthreshhold; +double limiterthreshold; double limitergain; } DCShiftContext; @@ -47,7 +47,7 @@ static av_cold int init(AVFilterContext *ctx) { DCShiftContext *s = ctx->priv; -s->limiterthreshhold = INT32_MAX * (1.0 - (fabs(s->dcshift) - s->limitergain)); +s->limiterthreshold = INT32_MAX * (1.0 - (fabs(s->dcshift) - s->limitergain)); return 0; } @@ -111,14 +111,14 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in) d = src[j]; -if (d > s->limiterthreshhold && dcshift > 0) { -d = (d - s->limiterthreshhold) * s->limitergain / - (INT32_MAX - s->limiterthreshhold) + - s->limiterthreshhold + dcshift; -} else if (d < -s->limiterthreshhold && dcshift < 0) { -d = (d + s->limiterthreshhold) * s->limitergain / - (INT32_MAX - s->limiterthreshhold) - - s->limiterthreshhold + dcshift; +if (d > s->limiterthreshold && dcshift > 0) { +d = (d - s->limiterthreshold) * s->limitergain / + (INT32_MAX - s->limiterthreshold) + + s->limiterthreshold + dcshift; +} else if (d < -s->limiterthreshold && dcshift < 0) { +d = (d + s->limiterthreshold) * s->limitergain / + (INT32_MAX - s->limiterthreshold) - + s->limiterthreshold + dcshift; } else { d = dcshift * INT32_MAX + d; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/hevcdsp_template: Fix undefined shift in put_hevc_qpel_bi_w_hv()
ffmpeg | branch: release/3.4 | Michael Niedermayer | Fri Dec 15 13:06:30 2017 +0100| [d147e2d55d2947742ec1d42a8b107f7131fdc383] | committer: Michael Niedermayer avcodec/hevcdsp_template: Fix undefined shift in put_hevc_qpel_bi_w_hv() Fixes: runtime error: left shift of negative value -3 Fixes: 4524/clusterfuzz-testcase-minimized-6055590120914944 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 439fbb9c8b2a90e97c44c7c57245e01ca84c865d) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d147e2d55d2947742ec1d42a8b107f7131fdc383 --- libavcodec/hevcdsp_template.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/hevcdsp_template.c b/libavcodec/hevcdsp_template.c index 0623cfad89..4017af8eb0 100644 --- a/libavcodec/hevcdsp_template.c +++ b/libavcodec/hevcdsp_template.c @@ -1051,7 +1051,7 @@ static void FUNC(put_hevc_qpel_bi_w_hv)(uint8_t *_dst, ptrdiff_t _dststride, uin for (y = 0; y < height; y++) { for (x = 0; x < width; x++) dst[x] = av_clip_pixel(((QPEL_FILTER(tmp, MAX_PB_SIZE) >> 6) * wx1 + src2[x] * wx0 + -((ox0 + ox1 + 1) << log2Wd)) >> (log2Wd + 1)); +((ox0 + ox1 + 1) * (1 << log2Wd))) >> (log2Wd + 1)); tmp += MAX_PB_SIZE; dst += dststride; src2 += MAX_PB_SIZE; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/hevc_ps: Check log2_sao_offset_scale_*
ffmpeg | branch: master | Michael Niedermayer | Wed Jan 24 03:15:23 2018 +0100| [4a75a75c62efc645ec28444e4675c325b8f2bb1a] | committer: Michael Niedermayer avcodec/hevc_ps: Check log2_sao_offset_scale_* Fixes: 4868/clusterfuzz-testcase-minimized-6236542906400768 Fixes: runtime error: shift exponent 126 is too large for 32-bit type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4a75a75c62efc645ec28444e4675c325b8f2bb1a --- libavcodec/hevc_ps.c | 5 + 1 file changed, 5 insertions(+) diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c index 4787312cfa..1f18d0335b 100644 --- a/libavcodec/hevc_ps.c +++ b/libavcodec/hevc_ps.c @@ -1324,6 +1324,11 @@ static int pps_range_extensions(GetBitContext *gb, AVCodecContext *avctx, pps->log2_sao_offset_scale_luma = get_ue_golomb_long(gb); pps->log2_sao_offset_scale_chroma = get_ue_golomb_long(gb); +if ( pps->log2_sao_offset_scale_luma > FFMAX(sps->bit_depth- 10, 0) +|| pps->log2_sao_offset_scale_chroma > FFMAX(sps->bit_depth_chroma - 10, 0) +) +return AVERROR_INVALIDDATA; + return(0); } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/indeo5: Do not leave frame_type set to an invalid value
ffmpeg | branch: master | Michael Niedermayer | Fri Jan 26 00:24:49 2018 +0100| [2ff9f178519b68d4d1d606eb5451ad81da948efc] | committer: Michael Niedermayer avcodec/indeo5: Do not leave frame_type set to an invalid value Fixes: null pointer dereference Fixes: 5264/clusterfuzz-testcase-minimized-4621956621008896 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2ff9f178519b68d4d1d606eb5451ad81da948efc --- libavcodec/indeo5.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/indeo5.c b/libavcodec/indeo5.c index 81b4514038..b39cffd9a9 100644 --- a/libavcodec/indeo5.c +++ b/libavcodec/indeo5.c @@ -324,6 +324,7 @@ static int decode_pic_hdr(IVI45DecContext *ctx, AVCodecContext *avctx) ctx->frame_type = get_bits(&ctx->gb, 3); if (ctx->frame_type >= 5) { av_log(avctx, AV_LOG_ERROR, "Invalid frame type: %d \n", ctx->frame_type); +ctx->frame_type = FRAMETYPE_INTRA; return AVERROR_INVALIDDATA; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/dirac_dwt: Fix several integer overflows
ffmpeg | branch: master | Michael Niedermayer | Thu Jan 25 23:14:37 2018 +0100| [fe1e6c06d03432c3e9208f019533c1d701f485d0] | committer: Michael Niedermayer avcodec/dirac_dwt: Fix several integer overflows Fixes: runtime error: signed integer overflow: -2146071175 + -268479557 cannot be represented in type 'int' Fixes: 5237/clusterfuzz-testcase-minimized-4569895275593728 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fe1e6c06d03432c3e9208f019533c1d701f485d0 --- libavcodec/dirac_dwt.h | 4 ++-- libavcodec/dirac_dwt_template.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/libavcodec/dirac_dwt.h b/libavcodec/dirac_dwt.h index 1af41e0702..68ebd19560 100644 --- a/libavcodec/dirac_dwt.h +++ b/libavcodec/dirac_dwt.h @@ -93,10 +93,10 @@ void ff_spatial_idwt_slice2(DWTContext *d, int y); // shared stuff for simd optimizations #define COMPOSE_53iL0(b0, b1, b2)\ -(b1 - ((int)(b0 + (unsigned)(b2) + 2) >> 2)) +(b1 - (unsigned)((int)(b0 + (unsigned)(b2) + 2) >> 2)) #define COMPOSE_DIRAC53iH0(b0, b1, b2)\ -(b1 + ((int)(b0 + (unsigned)(b2) + 1) >> 1)) +(b1 + (unsigned)((int)(b0 + (unsigned)(b2) + 1) >> 1)) #define COMPOSE_DD97iH0(b0, b1, b2, b3, b4)\ (int)(((unsigned)(b2) + ((int)(-b0 + 9U*b1 + 9U*b3 - b4 + 8) >> 4))) diff --git a/libavcodec/dirac_dwt_template.c b/libavcodec/dirac_dwt_template.c index e436c247a1..e68cc4d530 100644 --- a/libavcodec/dirac_dwt_template.c +++ b/libavcodec/dirac_dwt_template.c @@ -49,7 +49,7 @@ static void RENAME(vertical_compose53iL0)(uint8_t *_b0, uint8_t *_b1, uint8_t *_ TYPE *b1 = (TYPE *)_b1; TYPE *b2 = (TYPE *)_b2; for (i = 0; i < width; i++) -b1[i] -= (int)(b0[i] + (unsigned)b2[i] + 2) >> 2; +b1[i] -= (unsigned)((int)(b0[i] + (unsigned)b2[i] + 2) >> 2); } static av_always_inline void RENAME(interleave)(TYPE *dst, TYPE *src0, TYPE *src1, int w2, ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/mediacodecdec: use ff_hevc_ps_uninit()
ffmpeg | branch: master | James Almer | Sat Jan 20 16:55:17 2018 -0300| [782e066e3e3d8015d6d64c47cda0925c10aebe08] | committer: James Almer avcodec/mediacodecdec: use ff_hevc_ps_uninit() Fixes memleaks. Signed-off-by: James Almer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=782e066e3e3d8015d6d64c47cda0925c10aebe08 --- libavcodec/mediacodecdec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/mediacodecdec.c b/libavcodec/mediacodecdec.c index 6c5d3ddd79..cb1151a195 100644 --- a/libavcodec/mediacodecdec.c +++ b/libavcodec/mediacodecdec.c @@ -258,6 +258,8 @@ static int hevc_set_extradata(AVCodecContext *avctx, FFAMediaFormat *format) } done: +ff_hevc_ps_uninit(&ps); + av_freep(&vps_data); av_freep(&sps_data); av_freep(&pps_data); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/hevc_parser: use ff_hevc_decode_extradata() to parse extradata
ffmpeg | branch: master | James Almer | Sat Jan 20 00:57:18 2018 -0300| [222d7055e2dd20eb1381c257d34a50ec4c8dadb0] | committer: James Almer avcodec/hevc_parser: use ff_hevc_decode_extradata() to parse extradata Signed-off-by: James Almer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=222d7055e2dd20eb1381c257d34a50ec4c8dadb0 --- libavcodec/hevc_parser.c | 21 + 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/libavcodec/hevc_parser.c b/libavcodec/hevc_parser.c index 88d3d9a22f..a468682ed3 100644 --- a/libavcodec/hevc_parser.c +++ b/libavcodec/hevc_parser.c @@ -24,6 +24,7 @@ #include "golomb.h" #include "hevc.h" +#include "hevc_parse.h" #include "hevc_ps.h" #include "hevc_sei.h" #include "h2645_parse.h" @@ -43,6 +44,8 @@ typedef struct HEVCParserContext { HEVCSEI sei; SliceHeader sh; +int is_avc; +int nal_length_size; int parsed_extradata; int poc; @@ -181,7 +184,6 @@ static int parse_nal_units(AVCodecParserContext *s, const uint8_t *buf, HEVCParserContext *ctx = s->priv_data; HEVCParamSets *ps = &ctx->ps; HEVCSEI *sei = &ctx->sei; -int is_global = buf == avctx->extradata; int ret, i; /* set some sane default values */ @@ -191,8 +193,8 @@ static int parse_nal_units(AVCodecParserContext *s, const uint8_t *buf, ff_hevc_reset_sei(sei); -ret = ff_h2645_packet_split(&ctx->pkt, buf, buf_size, avctx, 0, 0, -AV_CODEC_ID_HEVC, 1); +ret = ff_h2645_packet_split(&ctx->pkt, buf, buf_size, avctx, ctx->is_avc, +ctx->nal_length_size, AV_CODEC_ID_HEVC, 1); if (ret < 0) return ret; @@ -230,12 +232,6 @@ static int parse_nal_units(AVCodecParserContext *s, const uint8_t *buf, case HEVC_NAL_RADL_R: case HEVC_NAL_RASL_N: case HEVC_NAL_RASL_R: - -if (is_global) { -av_log(avctx, AV_LOG_ERROR, "Invalid NAL unit: %d\n", nal->type); -return AVERROR_INVALIDDATA; -} - ret = hevc_parse_slice_header(s, nal, avctx); if (ret) return ret; @@ -243,8 +239,7 @@ static int parse_nal_units(AVCodecParserContext *s, const uint8_t *buf, } } /* didn't find a picture! */ -if (!is_global) -av_log(avctx, AV_LOG_ERROR, "missing picture in access unit\n"); +av_log(avctx, AV_LOG_ERROR, "missing picture in access unit\n"); return -1; } @@ -301,7 +296,9 @@ static int hevc_parse(AVCodecParserContext *s, AVCodecContext *avctx, ParseContext *pc = &ctx->pc; if (avctx->extradata && !ctx->parsed_extradata) { -parse_nal_units(s, avctx->extradata, avctx->extradata_size, avctx); +ff_hevc_decode_extradata(avctx->extradata, avctx->extradata_size, &ctx->ps, &ctx->sei, + &ctx->is_avc, &ctx->nal_length_size, avctx->err_recognition, + 1, avctx); ctx->parsed_extradata = 1; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] [ffmpeg-web] branch master updated. 9275cd5 Remove battleforthenet widget
The branch, master has been updated via 9275cd54eddb83faf5bd40ffaccb5717de8b798d (commit) from 69585f5407f8c00adcddb1947951253d1f7d55f3 (commit) - Log - commit 9275cd54eddb83faf5bd40ffaccb5717de8b798d Author: Ricardo Constantino AuthorDate: Tue Jan 30 11:05:29 2018 + Commit: Michael Niedermayer CommitDate: Tue Jan 30 13:08:22 2018 +0100 Remove battleforthenet widget diff --git a/src/template_head2 b/src/template_head2 index 71daf07..a0b11ab 100644 --- a/src/template_head2 +++ b/src/template_head2 @@ -3,29 +3,6 @@