[FFmpeg-cvslog] lavc/qsvenc: fix the incorrent map from bits to bytes
ffmpeg | branch: master | Zhong Li | Fri Jun 28 13:18:43 2019 +0800| [4dc3d93880315f66ce917ae327c67a85262f285e] | committer: Zhong Li lavc/qsvenc: fix the incorrent map from bits to bytes Reported-by:Maggie Sun Signed-off-by: Zhong Li > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4dc3d93880315f66ce917ae327c67a85262f285e --- libavcodec/qsvenc.c | 2 +- libavcodec/version.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/qsvenc.c b/libavcodec/qsvenc.c index 8dbad713d0..9bf8574e30 100644 --- a/libavcodec/qsvenc.c +++ b/libavcodec/qsvenc.c @@ -577,7 +577,7 @@ static int init_video_param(AVCodecContext *avctx, QSVEncContext *q) //libmfx BRC parameters are 16 bits thus maybe overflow, then BRCParamMultiplier is needed buffer_size_in_kilobytes = avctx->rc_buffer_size / 8000; -initial_delay_in_kilobytes = avctx->rc_initial_buffer_occupancy / 1000; +initial_delay_in_kilobytes = avctx->rc_initial_buffer_occupancy / 8000; target_bitrate_kbps= avctx->bit_rate / 1000; max_bitrate_kbps = avctx->rc_max_rate / 1000; brc_param_multiplier = (FFMAX(FFMAX3(target_bitrate_kbps, max_bitrate_kbps, buffer_size_in_kilobytes), diff --git a/libavcodec/version.h b/libavcodec/version.h index 2709163700..3583499f19 100644 --- a/libavcodec/version.h +++ b/libavcodec/version.h @@ -29,7 +29,7 @@ #define LIBAVCODEC_VERSION_MAJOR 58 #define LIBAVCODEC_VERSION_MINOR 53 -#define LIBAVCODEC_VERSION_MICRO 100 +#define LIBAVCODEC_VERSION_MICRO 101 #define LIBAVCODEC_VERSION_INT AV_VERSION_INT(LIBAVCODEC_VERSION_MAJOR, \ LIBAVCODEC_VERSION_MINOR, \ ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] lavc/mjpegdec: make code aligned
ffmpeg | branch: master | Zhong Li | Thu Jun 27 16:58:24
2019 +0800| [e51cc7ed856aa3d5e14c50a46d8156c79d483367] | committer: Zhong Li
lavc/mjpegdec: make code aligned
Reviewed-by: Michael Niedermayer
Signed-off-by: Zhong Li
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e51cc7ed856aa3d5e14c50a46d8156c79d483367
---
libavcodec/mjpegdec.c | 450 +-
1 file changed, 225 insertions(+), 225 deletions(-)
diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index 1030861e85..a65bc8df15 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -453,268 +453,268 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s)
avpriv_request_sample(s->avctx, "progressively coded interlaced
picture");
return AVERROR_INVALIDDATA;
}
-} else{
+} else {
if (s->v_max == 1 && s->h_max == 1 && s->lossless==1 &&
(nb_components==3 || nb_components==4))
s->rgb = 1;
else if (!s->lossless)
s->rgb = 0;
-/* XXX: not complete test ! */
-pix_fmt_id = ((unsigned)s->h_count[0] << 28) | (s->v_count[0] << 24) |
- (s->h_count[1] << 20) | (s->v_count[1] << 16) |
- (s->h_count[2] << 12) | (s->v_count[2] << 8) |
- (s->h_count[3] << 4) | s->v_count[3];
-av_log(s->avctx, AV_LOG_DEBUG, "pix fmt id %x\n", pix_fmt_id);
-/* NOTE we do not allocate pictures large enough for the possible
- * padding of h/v_count being 4 */
-if (!(pix_fmt_id & 0xD0D0D0D0))
-pix_fmt_id -= (pix_fmt_id & 0xF0F0F0F0) >> 1;
-if (!(pix_fmt_id & 0x0D0D0D0D))
-pix_fmt_id -= (pix_fmt_id & 0x0F0F0F0F) >> 1;
-
-for (i = 0; i < 8; i++) {
-int j = 6 + (i&1) - (i&6);
-int is = (pix_fmt_id >> (4*i)) & 0xF;
-int js = (pix_fmt_id >> (4*j)) & 0xF;
-
-if (is == 1 && js != 2 && (i < 2 || i > 5))
-js = (pix_fmt_id >> ( 8 + 4*(i&1))) & 0xF;
-if (is == 1 && js != 2 && (i < 2 || i > 5))
-js = (pix_fmt_id >> (16 + 4*(i&1))) & 0xF;
-
-if (is == 1 && js == 2) {
-if (i & 1) s->upscale_h[j/2] = 1;
-else s->upscale_v[j/2] = 1;
-}
-}
-
-switch (pix_fmt_id) {
-case 0x1100:
-if (s->rgb)
-s->avctx->pix_fmt = s->bits <= 9 ? AV_PIX_FMT_BGR24 :
AV_PIX_FMT_BGR48;
-else {
-if ( s->adobe_transform == 0
-|| s->component_id[0] == 'R' - 1 && s->component_id[1] == 'G'
- 1 && s->component_id[2] == 'B' - 1) {
-s->avctx->pix_fmt = s->bits <= 8 ? AV_PIX_FMT_GBRP :
AV_PIX_FMT_GBRP16;
-} else {
-if (s->bits <= 8) s->avctx->pix_fmt = s->cs_itu601 ?
AV_PIX_FMT_YUV444P : AV_PIX_FMT_YUVJ444P;
-else s->avctx->pix_fmt = AV_PIX_FMT_YUV444P16;
-s->avctx->color_range = s->cs_itu601 ? AVCOL_RANGE_MPEG :
AVCOL_RANGE_JPEG;
+/* XXX: not complete test ! */
+pix_fmt_id = ((unsigned)s->h_count[0] << 28) | (s->v_count[0] << 24) |
+ (s->h_count[1] << 20) | (s->v_count[1] << 16) |
+ (s->h_count[2] << 12) | (s->v_count[2] << 8) |
+ (s->h_count[3] << 4) | s->v_count[3];
+av_log(s->avctx, AV_LOG_DEBUG, "pix fmt id %x\n", pix_fmt_id);
+/* NOTE we do not allocate pictures large enough for the possible
+ * padding of h/v_count being 4 */
+if (!(pix_fmt_id & 0xD0D0D0D0))
+pix_fmt_id -= (pix_fmt_id & 0xF0F0F0F0) >> 1;
+if (!(pix_fmt_id & 0x0D0D0D0D))
+pix_fmt_id -= (pix_fmt_id & 0x0F0F0F0F) >> 1;
+
+for (i = 0; i < 8; i++) {
+int j = 6 + (i&1) - (i&6);
+int is = (pix_fmt_id >> (4*i)) & 0xF;
+int js = (pix_fmt_id >> (4*j)) & 0xF;
+
+if (is == 1 && js != 2 && (i < 2 || i > 5))
+js = (pix_fmt_id >> ( 8 + 4*(i&1))) & 0xF;
+if (is == 1 && js != 2 && (i < 2 || i > 5))
+js = (pix_fmt_id >> (16 + 4*(i&1))) & 0xF;
+
+if (is == 1 && js == 2) {
+if (i & 1) s->upscale_h[j/2] = 1;
+else s->upscale_v[j/2] = 1;
}
}
-av_assert0(s->nb_components == 3);
-break;
-case 0x:
-if (s->rgb)
-s->avctx->pix_fmt = s->bits <= 9 ? AV_PIX_FMT_ABGR :
AV_PIX_FMT_RGBA64;
-else {
+
+switch (pix_fmt_id) {
+case 0x1100:
+if (s->rgb)
+s->avctx->pix_fmt = s->bits <= 9 ? AV_PIX_FMT_BGR24 :
AV_PIX_FMT_BGR48;
+else {
+if ( s->adobe_transform == 0
+|| s->component_id[0] == 'R' - 1 && s->component_id[1] ==
'G' - 1 && s->component_id[2] == 'B' - 1) {
+s->avctx->pix_fmt = s->bits <= 8 ? AV_PIX_FMT_GBRP :
AV_PIX_FMT_GBRP16;
+} else {
+if (s->bits
[FFmpeg-cvslog] lavc/mjpegdec: replace number with marker name
ffmpeg | branch: master | Zhong Li | Thu Jun 27 16:58:23
2019 +0800| [a6c648f2b4fdace0eeea66a7b556bc814023b598] | committer: Zhong Li
lavc/mjpegdec: replace number with marker name
Make it easier to read.
Signed-off-by: Zhong Li
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a6c648f2b4fdace0eeea66a7b556bc814023b598
---
libavcodec/mjpegdec.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index 20eeb960bb..1030861e85 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -2115,7 +2115,7 @@ static int find_marker(const uint8_t **pbuf_ptr, const
uint8_t *buf_end)
while (buf_end - buf_ptr > 1) {
v = *buf_ptr++;
v2 = *buf_ptr;
-if ((v == 0xff) && (v2 >= 0xc0) && (v2 <= 0xfe) && buf_ptr < buf_end) {
+if ((v == 0xff) && (v2 >= SOF0) && (v2 <= COM) && buf_ptr < buf_end) {
val = *buf_ptr++;
goto found;
}
@@ -2180,7 +2180,7 @@ int ff_mjpeg_find_marker(MJpegDecodeContext *s,
src--;
}
-if (x < 0xd0 || x > 0xd7) {
+if (x < RST0 || x > RST7) {
copy_data_segment(1);
if (x)
break;
@@ -2319,7 +2319,7 @@ int ff_mjpeg_decode_frame(AVCodecContext *avctx, void
*data, int *got_frame,
av_log(avctx, AV_LOG_DEBUG, "startcode: %X\n", start_code);
/* process markers */
-if (start_code >= 0xd0 && start_code <= 0xd7) {
+if (start_code >= RST0 && start_code <= RST7) {
av_log(avctx, AV_LOG_DEBUG,
"restart marker: %d\n", start_code & 0x0f);
/* APP fields */
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/dashdec: Fix reading values from SegmentTimeline inside Period
ffmpeg | branch: master | sfan5 | Mon Jul 1 11:06:06 2019
+0800| [034b72fc0b29fe1e1f1e7c38d996bbb5266c4e5d] | committer: Steven Liu
avformat/dashdec: Fix reading values from SegmentTimeline inside Period
This was missed in commit e752da546463e693865d92a837fc0e8d2b28db2e.
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=034b72fc0b29fe1e1f1e7c38d996bbb5266c4e5d
---
libavformat/dashdec.c | 7 ---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/libavformat/dashdec.c b/libavformat/dashdec.c
index 5727d13a51..f0f9aa1d59 100644
--- a/libavformat/dashdec.c
+++ b/libavformat/dashdec.c
@@ -842,7 +842,7 @@ static int parse_manifest_representation(AVFormatContext
*s, const char *url,
xmlNodePtr representation_segmenttemplate_node = NULL;
xmlNodePtr representation_baseurl_node = NULL;
xmlNodePtr representation_segmentlist_node = NULL;
-xmlNodePtr segmentlists_tab[2];
+xmlNodePtr segmentlists_tab[3];
xmlNodePtr fragment_timeline_node = NULL;
xmlNodePtr fragment_templates_tab[5];
char *duration_val = NULL;
@@ -1003,9 +1003,10 @@ static int parse_manifest_representation(AVFormatContext
*s, const char *url,
xmlNodePtr fragmenturl_node = NULL;
segmentlists_tab[0] = representation_segmentlist_node;
segmentlists_tab[1] = adaptionset_segmentlist_node;
+segmentlists_tab[2] = period_segmentlist_node;
-duration_val = get_val_from_nodes_tab(segmentlists_tab, 2,
"duration");
-timescale_val = get_val_from_nodes_tab(segmentlists_tab, 2,
"timescale");
+duration_val = get_val_from_nodes_tab(segmentlists_tab, 3,
"duration");
+timescale_val = get_val_from_nodes_tab(segmentlists_tab, 3,
"timescale");
if (duration_val) {
rep->fragment_duration = (int64_t) strtoll(duration_val, NULL,
10);
av_log(s, AV_LOG_TRACE, "rep->fragment_duration =
[%"PRId64"]\n", rep->fragment_duration);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/hlsenc: changing all filename length to MAX_URL_SIZE
ffmpeg | branch: master | Bela Bodecs | Mon Jul 1
10:24:21 2019 +0800| [1476d82e7330623e2f105ff0f4a6d315325d7880] | committer:
Steven Liu
avformat/hlsenc: changing all filename length to MAX_URL_SIZE
Throughout hlsenc code, all filename related buffer lengths are set
hardcoded as 1024. This PATCH change it to general value as MAX_URL_SIZE
in internal.h
Reviewed-by: Steven Liu
Signed-off-by: Bela Bodecs
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1476d82e7330623e2f105ff0f4a6d315325d7880
---
libavformat/hlsenc.c | 18 +-
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/libavformat/hlsenc.c b/libavformat/hlsenc.c
index 5b0121f016..057134f410 100644
--- a/libavformat/hlsenc.c
+++ b/libavformat/hlsenc.c
@@ -64,13 +64,13 @@ typedef enum {
} CodecAttributeStatus;
#define KEYSIZE 16
-#define LINE_BUFFER_SIZE 1024
+#define LINE_BUFFER_SIZE MAX_URL_SIZE
#define HLS_MICROSECOND_UNIT 100
#define POSTFIX_PATTERN "_%d"
typedef struct HLSSegment {
-char filename[1024];
-char sub_filename[1024];
+char filename[MAX_URL_SIZE];
+char sub_filename[MAX_URL_SIZE];
double duration; /* in seconds */
int discont;
int64_t pos;
@@ -149,7 +149,7 @@ typedef struct VariantStream {
char *m3u8_name;
double initial_prog_date_time;
-char current_segment_final_filename_fmt[1024]; // when renaming segments
+char current_segment_final_filename_fmt[MAX_URL_SIZE]; // when renaming
segments
char *fmp4_init_filename;
char *base_output_dirname;
@@ -,7 +,7 @@ static int parse_playlist(AVFormatContext *s, const char
*url, VariantStream *vs
AVIOContext *in;
int ret = 0, is_segment = 0;
int64_t new_start_pos;
-char line[1024];
+char line[MAX_URL_SIZE];
const char *ptr;
const char *end;
@@ -1268,7 +1268,7 @@ static int create_master_playlist(AVFormatContext *s,
const char *proto = avio_find_protocol_name(hls->master_m3u8_url);
int is_file_proto = proto && !strcmp(proto, "file");
int use_temp_file = is_file_proto && ((hls->flags & HLS_TEMP_FILE) ||
hls->master_publish_rate);
-char temp_filename[1024];
+char temp_filename[MAX_URL_SIZE];
input_vs->m3u8_created = 1;
if (!hls->master_m3u8_created) {
@@ -1433,8 +1433,8 @@ static int hls_window(AVFormatContext *s, int last,
VariantStream *vs)
HLSSegment *en;
int target_duration = 0;
int ret = 0;
-char temp_filename[1024];
-char temp_vtt_filename[1024];
+char temp_filename[MAX_URL_SIZE];
+char temp_vtt_filename[MAX_URL_SIZE];
int64_t sequence = FFMAX(hls->start_sequence, vs->sequence -
vs->nb_entries);
const char *proto = avio_find_protocol_name(vs->m3u8_name);
int is_file_proto = proto && !strcmp(proto, "file");
@@ -1594,7 +1594,7 @@ static int hls_start(AVFormatContext *s, VariantStream
*vs)
if (c->use_localtime) {
time_t now0;
struct tm *tm, tmpbuf;
-int bufsize = strlen(vs->basename) + 1024;
+int bufsize = strlen(vs->basename) + MAX_URL_SIZE;
char *buf = av_mallocz(bufsize);
if (!buf)
return AVERROR(ENOMEM);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/hevc_ps: Fix integer overflow with num_tile_rows and num_tile_columns
ffmpeg | branch: master | Michael Niedermayer | Thu
Jun 13 15:05:54 2019 +0200| [c692051252693155c4eecd16f4f8a79caf66cd54] |
committer: Michael Niedermayer
avcodec/hevc_ps: Fix integer overflow with num_tile_rows and num_tile_columns
Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type
'int'
Fixes:
14880/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5130977304641536
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: James Almer
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c692051252693155c4eecd16f4f8a79caf66cd54
---
libavcodec/hevc_ps.c | 23 +--
libavcodec/hevc_ps.h | 4 ++--
2 files changed, 15 insertions(+), 12 deletions(-)
diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c
index 80df417e4f..07d220a5c8 100644
--- a/libavcodec/hevc_ps.c
+++ b/libavcodec/hevc_ps.c
@@ -1584,22 +1584,25 @@ int ff_hevc_decode_nal_pps(GetBitContext *gb,
AVCodecContext *avctx,
pps->entropy_coding_sync_enabled_flag = get_bits1(gb);
if (pps->tiles_enabled_flag) {
-pps->num_tile_columns = get_ue_golomb_long(gb) + 1;
-pps->num_tile_rows= get_ue_golomb_long(gb) + 1;
-if (pps->num_tile_columns <= 0 ||
-pps->num_tile_columns >= sps->width) {
+int num_tile_columns_minus1 = get_ue_golomb(gb);
+int num_tile_rows_minus1= get_ue_golomb(gb);
+
+if (num_tile_columns_minus1 < 0 ||
+num_tile_columns_minus1 >= sps->width - 1) {
av_log(avctx, AV_LOG_ERROR, "num_tile_columns_minus1 out of range:
%d\n",
- pps->num_tile_columns - 1);
-ret = AVERROR_INVALIDDATA;
+ num_tile_columns_minus1);
+ret = num_tile_columns_minus1 < 0 ? num_tile_columns_minus1 :
AVERROR_INVALIDDATA;
goto err;
}
-if (pps->num_tile_rows <= 0 ||
-pps->num_tile_rows >= sps->height) {
+if (num_tile_rows_minus1 < 0 ||
+num_tile_rows_minus1 >= sps->height - 1) {
av_log(avctx, AV_LOG_ERROR, "num_tile_rows_minus1 out of range:
%d\n",
- pps->num_tile_rows - 1);
-ret = AVERROR_INVALIDDATA;
+ num_tile_rows_minus1);
+ret = num_tile_rows_minus1 < 0 ? num_tile_rows_minus1 :
AVERROR_INVALIDDATA;
goto err;
}
+pps->num_tile_columns = num_tile_columns_minus1 + 1;
+pps->num_tile_rows= num_tile_rows_minus1+ 1;
pps->column_width = av_malloc_array(pps->num_tile_columns,
sizeof(*pps->column_width));
pps->row_height = av_malloc_array(pps->num_tile_rows,
sizeof(*pps->row_height));
diff --git a/libavcodec/hevc_ps.h b/libavcodec/hevc_ps.h
index bbaa9205ef..2840dc416f 100644
--- a/libavcodec/hevc_ps.h
+++ b/libavcodec/hevc_ps.h
@@ -347,8 +347,8 @@ typedef struct HEVCPPS {
uint8_t tiles_enabled_flag;
uint8_t entropy_coding_sync_enabled_flag;
-int num_tile_columns; ///< num_tile_columns_minus1 + 1
-int num_tile_rows; ///< num_tile_rows_minus1 + 1
+uint16_t num_tile_columns; ///< num_tile_columns_minus1 + 1
+uint16_t num_tile_rows; ///< num_tile_rows_minus1 + 1
uint8_t uniform_spacing_flag;
uint8_t loop_filter_across_tiles_enabled_flag;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/hevc_ps: Change num_tile_rows/columns checks to sps->ctb_height/weight
ffmpeg | branch: master | Michael Niedermayer | Tue
Jun 25 10:29:57 2019 +0200| [3b2082c663dac93fd722289a540c1b1e24a12564] |
committer: Michael Niedermayer
avcodec/hevc_ps: Change num_tile_rows/columns checks to sps->ctb_height/weight
Suggested-by: James Almer
Reviewed-by: James Almer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3b2082c663dac93fd722289a540c1b1e24a12564
---
libavcodec/hevc_ps.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c
index 07d220a5c8..f6e80e1609 100644
--- a/libavcodec/hevc_ps.c
+++ b/libavcodec/hevc_ps.c
@@ -1588,14 +1588,14 @@ int ff_hevc_decode_nal_pps(GetBitContext *gb,
AVCodecContext *avctx,
int num_tile_rows_minus1= get_ue_golomb(gb);
if (num_tile_columns_minus1 < 0 ||
-num_tile_columns_minus1 >= sps->width - 1) {
+num_tile_columns_minus1 >= sps->ctb_width - 1) {
av_log(avctx, AV_LOG_ERROR, "num_tile_columns_minus1 out of range:
%d\n",
num_tile_columns_minus1);
ret = num_tile_columns_minus1 < 0 ? num_tile_columns_minus1 :
AVERROR_INVALIDDATA;
goto err;
}
if (num_tile_rows_minus1 < 0 ||
-num_tile_rows_minus1 >= sps->height - 1) {
+num_tile_rows_minus1 >= sps->ctb_height - 1) {
av_log(avctx, AV_LOG_ERROR, "num_tile_rows_minus1 out of range:
%d\n",
num_tile_rows_minus1);
ret = num_tile_rows_minus1 < 0 ? num_tile_rows_minus1 :
AVERROR_INVALIDDATA;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/aviobuf: Delay buffer downsizing until asserts are met
ffmpeg | branch: master | Michael Niedermayer | Sun
Jun 9 22:04:16 2019 +0200| [0334632d5c02720f1829d59cd20c009584b5b163] |
committer: Michael Niedermayer
avformat/aviobuf: Delay buffer downsizing until asserts are met
Fixes: Assertion failure
Fixes:
15151/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5757079496687616
Fixes:
15205/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5767573242642432
May fix: Ticket7094
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0334632d5c02720f1829d59cd20c009584b5b163
---
libavformat/aviobuf.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/libavformat/aviobuf.c b/libavformat/aviobuf.c
index 5a33f82950..6a5cd97b0a 100644
--- a/libavformat/aviobuf.c
+++ b/libavformat/aviobuf.c
@@ -570,7 +570,7 @@ static void fill_buffer(AVIOContext *s)
}
/* make buffer smaller in case it ended up large after probing */
-if (s->read_packet && s->orig_buffer_size && s->buffer_size >
s->orig_buffer_size) {
+if (s->read_packet && s->orig_buffer_size && s->buffer_size >
s->orig_buffer_size && len >= s->orig_buffer_size) {
if (dst == s->buffer && s->buf_ptr != dst) {
int ret = ffio_set_buf_size(s, s->orig_buffer_size);
if (ret < 0)
@@ -578,7 +578,6 @@ static void fill_buffer(AVIOContext *s)
s->checksum_ptr = dst = s->buffer;
}
-av_assert0(len >= s->orig_buffer_size);
len = s->orig_buffer_size;
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/apedec: Add k < 24 check to the only k++ case which lacks such a check
ffmpeg | branch: master | Michael Niedermayer | Sun Jun 16 11:26:57 2019 +0200| [3d4f4f4a15e79c96c3613e5c252b2f5cc4190e18] | committer: Michael Niedermayer avcodec/apedec: Add k < 24 check to the only k++ case which lacks such a check Fixes: 15255/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5718831688843264 Fixes: left shift of 1 by 31 places cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3d4f4f4a15e79c96c3613e5c252b2f5cc4190e18 --- libavcodec/apedec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/apedec.c b/libavcodec/apedec.c index 15eb416ba4..eb31fd70c1 100644 --- a/libavcodec/apedec.c +++ b/libavcodec/apedec.c @@ -460,7 +460,7 @@ static inline void update_rice(APERice *rice, unsigned int x) if (rice->ksum < lim) rice->k--; -else if (rice->ksum >= (1 << (rice->k + 5))) +else if (rice->ksum >= (1 << (rice->k + 5)) && rice->k < 24) rice->k++; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/fitsdec: Check data_min/max
ffmpeg | branch: master | Michael Niedermayer | Thu
Jun 13 00:24:53 2019 +0200| [eb82d19f035f59edf0aee215f02baaea908875de] |
committer: Michael Niedermayer
avcodec/fitsdec: Check data_min/max
Fixes: division by 0
Fixes:
15206/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FITS_fuzzer-5657260212092928
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=eb82d19f035f59edf0aee215f02baaea908875de
---
libavcodec/fitsdec.c | 8
1 file changed, 8 insertions(+)
diff --git a/libavcodec/fitsdec.c b/libavcodec/fitsdec.c
index 67a8bd71f4..4f452422ef 100644
--- a/libavcodec/fitsdec.c
+++ b/libavcodec/fitsdec.c
@@ -168,6 +168,14 @@ static int fits_read_header(AVCodecContext *avctx, const
uint8_t **ptr, FITSHead
header->data_min = (header->data_min - header->bzero) / header->bscale;
header->data_max = (header->data_max - header->bzero) / header->bscale;
}
+if (!header->rgb && header->data_min >= header->data_max) {
+if (header->data_min > header->data_max) {
+av_log(avctx, AV_LOG_ERROR, "data min/max (%g %g) is invalid\n",
header->data_min, header->data_max);
+return AVERROR_INVALIDDATA;
+}
+av_log(avctx, AV_LOG_WARNING, "data min/max indicates a blank
image\n");
+header->data_max ++;
+}
return 0;
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
