[FFmpeg-cvslog] lavc/qsvenc: fix the incorrent map from bits to bytes
ffmpeg | branch: master | Zhong Li | Fri Jun 28 13:18:43 2019 +0800| [4dc3d93880315f66ce917ae327c67a85262f285e] | committer: Zhong Li lavc/qsvenc: fix the incorrent map from bits to bytes Reported-by:Maggie Sun Signed-off-by: Zhong Li > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4dc3d93880315f66ce917ae327c67a85262f285e --- libavcodec/qsvenc.c | 2 +- libavcodec/version.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/qsvenc.c b/libavcodec/qsvenc.c index 8dbad713d0..9bf8574e30 100644 --- a/libavcodec/qsvenc.c +++ b/libavcodec/qsvenc.c @@ -577,7 +577,7 @@ static int init_video_param(AVCodecContext *avctx, QSVEncContext *q) //libmfx BRC parameters are 16 bits thus maybe overflow, then BRCParamMultiplier is needed buffer_size_in_kilobytes = avctx->rc_buffer_size / 8000; -initial_delay_in_kilobytes = avctx->rc_initial_buffer_occupancy / 1000; +initial_delay_in_kilobytes = avctx->rc_initial_buffer_occupancy / 8000; target_bitrate_kbps= avctx->bit_rate / 1000; max_bitrate_kbps = avctx->rc_max_rate / 1000; brc_param_multiplier = (FFMAX(FFMAX3(target_bitrate_kbps, max_bitrate_kbps, buffer_size_in_kilobytes), diff --git a/libavcodec/version.h b/libavcodec/version.h index 2709163700..3583499f19 100644 --- a/libavcodec/version.h +++ b/libavcodec/version.h @@ -29,7 +29,7 @@ #define LIBAVCODEC_VERSION_MAJOR 58 #define LIBAVCODEC_VERSION_MINOR 53 -#define LIBAVCODEC_VERSION_MICRO 100 +#define LIBAVCODEC_VERSION_MICRO 101 #define LIBAVCODEC_VERSION_INT AV_VERSION_INT(LIBAVCODEC_VERSION_MAJOR, \ LIBAVCODEC_VERSION_MINOR, \ ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] lavc/mjpegdec: make code aligned
ffmpeg | branch: master | Zhong Li | Thu Jun 27 16:58:24 2019 +0800| [e51cc7ed856aa3d5e14c50a46d8156c79d483367] | committer: Zhong Li lavc/mjpegdec: make code aligned Reviewed-by: Michael Niedermayer Signed-off-by: Zhong Li > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e51cc7ed856aa3d5e14c50a46d8156c79d483367 --- libavcodec/mjpegdec.c | 450 +- 1 file changed, 225 insertions(+), 225 deletions(-) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index 1030861e85..a65bc8df15 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -453,268 +453,268 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s) avpriv_request_sample(s->avctx, "progressively coded interlaced picture"); return AVERROR_INVALIDDATA; } -} else{ +} else { if (s->v_max == 1 && s->h_max == 1 && s->lossless==1 && (nb_components==3 || nb_components==4)) s->rgb = 1; else if (!s->lossless) s->rgb = 0; -/* XXX: not complete test ! */ -pix_fmt_id = ((unsigned)s->h_count[0] << 28) | (s->v_count[0] << 24) | - (s->h_count[1] << 20) | (s->v_count[1] << 16) | - (s->h_count[2] << 12) | (s->v_count[2] << 8) | - (s->h_count[3] << 4) | s->v_count[3]; -av_log(s->avctx, AV_LOG_DEBUG, "pix fmt id %x\n", pix_fmt_id); -/* NOTE we do not allocate pictures large enough for the possible - * padding of h/v_count being 4 */ -if (!(pix_fmt_id & 0xD0D0D0D0)) -pix_fmt_id -= (pix_fmt_id & 0xF0F0F0F0) >> 1; -if (!(pix_fmt_id & 0x0D0D0D0D)) -pix_fmt_id -= (pix_fmt_id & 0x0F0F0F0F) >> 1; - -for (i = 0; i < 8; i++) { -int j = 6 + (i&1) - (i&6); -int is = (pix_fmt_id >> (4*i)) & 0xF; -int js = (pix_fmt_id >> (4*j)) & 0xF; - -if (is == 1 && js != 2 && (i < 2 || i > 5)) -js = (pix_fmt_id >> ( 8 + 4*(i&1))) & 0xF; -if (is == 1 && js != 2 && (i < 2 || i > 5)) -js = (pix_fmt_id >> (16 + 4*(i&1))) & 0xF; - -if (is == 1 && js == 2) { -if (i & 1) s->upscale_h[j/2] = 1; -else s->upscale_v[j/2] = 1; -} -} - -switch (pix_fmt_id) { -case 0x1100: -if (s->rgb) -s->avctx->pix_fmt = s->bits <= 9 ? AV_PIX_FMT_BGR24 : AV_PIX_FMT_BGR48; -else { -if ( s->adobe_transform == 0 -|| s->component_id[0] == 'R' - 1 && s->component_id[1] == 'G' - 1 && s->component_id[2] == 'B' - 1) { -s->avctx->pix_fmt = s->bits <= 8 ? AV_PIX_FMT_GBRP : AV_PIX_FMT_GBRP16; -} else { -if (s->bits <= 8) s->avctx->pix_fmt = s->cs_itu601 ? AV_PIX_FMT_YUV444P : AV_PIX_FMT_YUVJ444P; -else s->avctx->pix_fmt = AV_PIX_FMT_YUV444P16; -s->avctx->color_range = s->cs_itu601 ? AVCOL_RANGE_MPEG : AVCOL_RANGE_JPEG; +/* XXX: not complete test ! */ +pix_fmt_id = ((unsigned)s->h_count[0] << 28) | (s->v_count[0] << 24) | + (s->h_count[1] << 20) | (s->v_count[1] << 16) | + (s->h_count[2] << 12) | (s->v_count[2] << 8) | + (s->h_count[3] << 4) | s->v_count[3]; +av_log(s->avctx, AV_LOG_DEBUG, "pix fmt id %x\n", pix_fmt_id); +/* NOTE we do not allocate pictures large enough for the possible + * padding of h/v_count being 4 */ +if (!(pix_fmt_id & 0xD0D0D0D0)) +pix_fmt_id -= (pix_fmt_id & 0xF0F0F0F0) >> 1; +if (!(pix_fmt_id & 0x0D0D0D0D)) +pix_fmt_id -= (pix_fmt_id & 0x0F0F0F0F) >> 1; + +for (i = 0; i < 8; i++) { +int j = 6 + (i&1) - (i&6); +int is = (pix_fmt_id >> (4*i)) & 0xF; +int js = (pix_fmt_id >> (4*j)) & 0xF; + +if (is == 1 && js != 2 && (i < 2 || i > 5)) +js = (pix_fmt_id >> ( 8 + 4*(i&1))) & 0xF; +if (is == 1 && js != 2 && (i < 2 || i > 5)) +js = (pix_fmt_id >> (16 + 4*(i&1))) & 0xF; + +if (is == 1 && js == 2) { +if (i & 1) s->upscale_h[j/2] = 1; +else s->upscale_v[j/2] = 1; } } -av_assert0(s->nb_components == 3); -break; -case 0x: -if (s->rgb) -s->avctx->pix_fmt = s->bits <= 9 ? AV_PIX_FMT_ABGR : AV_PIX_FMT_RGBA64; -else { + +switch (pix_fmt_id) { +case 0x1100: +if (s->rgb) +s->avctx->pix_fmt = s->bits <= 9 ? AV_PIX_FMT_BGR24 : AV_PIX_FMT_BGR48; +else { +if ( s->adobe_transform == 0 +|| s->component_id[0] == 'R' - 1 && s->component_id[1] == 'G' - 1 && s->component_id[2] == 'B' - 1) { +s->avctx->pix_fmt = s->bits <= 8 ? AV_PIX_FMT_GBRP : AV_PIX_FMT_GBRP16; +} else { +if (s->bits
[FFmpeg-cvslog] lavc/mjpegdec: replace number with marker name
ffmpeg | branch: master | Zhong Li | Thu Jun 27 16:58:23 2019 +0800| [a6c648f2b4fdace0eeea66a7b556bc814023b598] | committer: Zhong Li lavc/mjpegdec: replace number with marker name Make it easier to read. Signed-off-by: Zhong Li > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a6c648f2b4fdace0eeea66a7b556bc814023b598 --- libavcodec/mjpegdec.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index 20eeb960bb..1030861e85 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -2115,7 +2115,7 @@ static int find_marker(const uint8_t **pbuf_ptr, const uint8_t *buf_end) while (buf_end - buf_ptr > 1) { v = *buf_ptr++; v2 = *buf_ptr; -if ((v == 0xff) && (v2 >= 0xc0) && (v2 <= 0xfe) && buf_ptr < buf_end) { +if ((v == 0xff) && (v2 >= SOF0) && (v2 <= COM) && buf_ptr < buf_end) { val = *buf_ptr++; goto found; } @@ -2180,7 +2180,7 @@ int ff_mjpeg_find_marker(MJpegDecodeContext *s, src--; } -if (x < 0xd0 || x > 0xd7) { +if (x < RST0 || x > RST7) { copy_data_segment(1); if (x) break; @@ -2319,7 +2319,7 @@ int ff_mjpeg_decode_frame(AVCodecContext *avctx, void *data, int *got_frame, av_log(avctx, AV_LOG_DEBUG, "startcode: %X\n", start_code); /* process markers */ -if (start_code >= 0xd0 && start_code <= 0xd7) { +if (start_code >= RST0 && start_code <= RST7) { av_log(avctx, AV_LOG_DEBUG, "restart marker: %d\n", start_code & 0x0f); /* APP fields */ ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/dashdec: Fix reading values from SegmentTimeline inside Period
ffmpeg | branch: master | sfan5 | Mon Jul 1 11:06:06 2019 +0800| [034b72fc0b29fe1e1f1e7c38d996bbb5266c4e5d] | committer: Steven Liu avformat/dashdec: Fix reading values from SegmentTimeline inside Period This was missed in commit e752da546463e693865d92a837fc0e8d2b28db2e. > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=034b72fc0b29fe1e1f1e7c38d996bbb5266c4e5d --- libavformat/dashdec.c | 7 --- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/libavformat/dashdec.c b/libavformat/dashdec.c index 5727d13a51..f0f9aa1d59 100644 --- a/libavformat/dashdec.c +++ b/libavformat/dashdec.c @@ -842,7 +842,7 @@ static int parse_manifest_representation(AVFormatContext *s, const char *url, xmlNodePtr representation_segmenttemplate_node = NULL; xmlNodePtr representation_baseurl_node = NULL; xmlNodePtr representation_segmentlist_node = NULL; -xmlNodePtr segmentlists_tab[2]; +xmlNodePtr segmentlists_tab[3]; xmlNodePtr fragment_timeline_node = NULL; xmlNodePtr fragment_templates_tab[5]; char *duration_val = NULL; @@ -1003,9 +1003,10 @@ static int parse_manifest_representation(AVFormatContext *s, const char *url, xmlNodePtr fragmenturl_node = NULL; segmentlists_tab[0] = representation_segmentlist_node; segmentlists_tab[1] = adaptionset_segmentlist_node; +segmentlists_tab[2] = period_segmentlist_node; -duration_val = get_val_from_nodes_tab(segmentlists_tab, 2, "duration"); -timescale_val = get_val_from_nodes_tab(segmentlists_tab, 2, "timescale"); +duration_val = get_val_from_nodes_tab(segmentlists_tab, 3, "duration"); +timescale_val = get_val_from_nodes_tab(segmentlists_tab, 3, "timescale"); if (duration_val) { rep->fragment_duration = (int64_t) strtoll(duration_val, NULL, 10); av_log(s, AV_LOG_TRACE, "rep->fragment_duration = [%"PRId64"]\n", rep->fragment_duration); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/hlsenc: changing all filename length to MAX_URL_SIZE
ffmpeg | branch: master | Bela Bodecs | Mon Jul 1 10:24:21 2019 +0800| [1476d82e7330623e2f105ff0f4a6d315325d7880] | committer: Steven Liu avformat/hlsenc: changing all filename length to MAX_URL_SIZE Throughout hlsenc code, all filename related buffer lengths are set hardcoded as 1024. This PATCH change it to general value as MAX_URL_SIZE in internal.h Reviewed-by: Steven Liu Signed-off-by: Bela Bodecs > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1476d82e7330623e2f105ff0f4a6d315325d7880 --- libavformat/hlsenc.c | 18 +- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/libavformat/hlsenc.c b/libavformat/hlsenc.c index 5b0121f016..057134f410 100644 --- a/libavformat/hlsenc.c +++ b/libavformat/hlsenc.c @@ -64,13 +64,13 @@ typedef enum { } CodecAttributeStatus; #define KEYSIZE 16 -#define LINE_BUFFER_SIZE 1024 +#define LINE_BUFFER_SIZE MAX_URL_SIZE #define HLS_MICROSECOND_UNIT 100 #define POSTFIX_PATTERN "_%d" typedef struct HLSSegment { -char filename[1024]; -char sub_filename[1024]; +char filename[MAX_URL_SIZE]; +char sub_filename[MAX_URL_SIZE]; double duration; /* in seconds */ int discont; int64_t pos; @@ -149,7 +149,7 @@ typedef struct VariantStream { char *m3u8_name; double initial_prog_date_time; -char current_segment_final_filename_fmt[1024]; // when renaming segments +char current_segment_final_filename_fmt[MAX_URL_SIZE]; // when renaming segments char *fmp4_init_filename; char *base_output_dirname; @@ -,7 +,7 @@ static int parse_playlist(AVFormatContext *s, const char *url, VariantStream *vs AVIOContext *in; int ret = 0, is_segment = 0; int64_t new_start_pos; -char line[1024]; +char line[MAX_URL_SIZE]; const char *ptr; const char *end; @@ -1268,7 +1268,7 @@ static int create_master_playlist(AVFormatContext *s, const char *proto = avio_find_protocol_name(hls->master_m3u8_url); int is_file_proto = proto && !strcmp(proto, "file"); int use_temp_file = is_file_proto && ((hls->flags & HLS_TEMP_FILE) || hls->master_publish_rate); -char temp_filename[1024]; +char temp_filename[MAX_URL_SIZE]; input_vs->m3u8_created = 1; if (!hls->master_m3u8_created) { @@ -1433,8 +1433,8 @@ static int hls_window(AVFormatContext *s, int last, VariantStream *vs) HLSSegment *en; int target_duration = 0; int ret = 0; -char temp_filename[1024]; -char temp_vtt_filename[1024]; +char temp_filename[MAX_URL_SIZE]; +char temp_vtt_filename[MAX_URL_SIZE]; int64_t sequence = FFMAX(hls->start_sequence, vs->sequence - vs->nb_entries); const char *proto = avio_find_protocol_name(vs->m3u8_name); int is_file_proto = proto && !strcmp(proto, "file"); @@ -1594,7 +1594,7 @@ static int hls_start(AVFormatContext *s, VariantStream *vs) if (c->use_localtime) { time_t now0; struct tm *tm, tmpbuf; -int bufsize = strlen(vs->basename) + 1024; +int bufsize = strlen(vs->basename) + MAX_URL_SIZE; char *buf = av_mallocz(bufsize); if (!buf) return AVERROR(ENOMEM); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/hevc_ps: Fix integer overflow with num_tile_rows and num_tile_columns
ffmpeg | branch: master | Michael Niedermayer | Thu Jun 13 15:05:54 2019 +0200| [c692051252693155c4eecd16f4f8a79caf66cd54] | committer: Michael Niedermayer avcodec/hevc_ps: Fix integer overflow with num_tile_rows and num_tile_columns Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int' Fixes: 14880/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5130977304641536 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: James Almer Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c692051252693155c4eecd16f4f8a79caf66cd54 --- libavcodec/hevc_ps.c | 23 +-- libavcodec/hevc_ps.h | 4 ++-- 2 files changed, 15 insertions(+), 12 deletions(-) diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c index 80df417e4f..07d220a5c8 100644 --- a/libavcodec/hevc_ps.c +++ b/libavcodec/hevc_ps.c @@ -1584,22 +1584,25 @@ int ff_hevc_decode_nal_pps(GetBitContext *gb, AVCodecContext *avctx, pps->entropy_coding_sync_enabled_flag = get_bits1(gb); if (pps->tiles_enabled_flag) { -pps->num_tile_columns = get_ue_golomb_long(gb) + 1; -pps->num_tile_rows= get_ue_golomb_long(gb) + 1; -if (pps->num_tile_columns <= 0 || -pps->num_tile_columns >= sps->width) { +int num_tile_columns_minus1 = get_ue_golomb(gb); +int num_tile_rows_minus1= get_ue_golomb(gb); + +if (num_tile_columns_minus1 < 0 || +num_tile_columns_minus1 >= sps->width - 1) { av_log(avctx, AV_LOG_ERROR, "num_tile_columns_minus1 out of range: %d\n", - pps->num_tile_columns - 1); -ret = AVERROR_INVALIDDATA; + num_tile_columns_minus1); +ret = num_tile_columns_minus1 < 0 ? num_tile_columns_minus1 : AVERROR_INVALIDDATA; goto err; } -if (pps->num_tile_rows <= 0 || -pps->num_tile_rows >= sps->height) { +if (num_tile_rows_minus1 < 0 || +num_tile_rows_minus1 >= sps->height - 1) { av_log(avctx, AV_LOG_ERROR, "num_tile_rows_minus1 out of range: %d\n", - pps->num_tile_rows - 1); -ret = AVERROR_INVALIDDATA; + num_tile_rows_minus1); +ret = num_tile_rows_minus1 < 0 ? num_tile_rows_minus1 : AVERROR_INVALIDDATA; goto err; } +pps->num_tile_columns = num_tile_columns_minus1 + 1; +pps->num_tile_rows= num_tile_rows_minus1+ 1; pps->column_width = av_malloc_array(pps->num_tile_columns, sizeof(*pps->column_width)); pps->row_height = av_malloc_array(pps->num_tile_rows, sizeof(*pps->row_height)); diff --git a/libavcodec/hevc_ps.h b/libavcodec/hevc_ps.h index bbaa9205ef..2840dc416f 100644 --- a/libavcodec/hevc_ps.h +++ b/libavcodec/hevc_ps.h @@ -347,8 +347,8 @@ typedef struct HEVCPPS { uint8_t tiles_enabled_flag; uint8_t entropy_coding_sync_enabled_flag; -int num_tile_columns; ///< num_tile_columns_minus1 + 1 -int num_tile_rows; ///< num_tile_rows_minus1 + 1 +uint16_t num_tile_columns; ///< num_tile_columns_minus1 + 1 +uint16_t num_tile_rows; ///< num_tile_rows_minus1 + 1 uint8_t uniform_spacing_flag; uint8_t loop_filter_across_tiles_enabled_flag; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/hevc_ps: Change num_tile_rows/columns checks to sps->ctb_height/weight
ffmpeg | branch: master | Michael Niedermayer | Tue Jun 25 10:29:57 2019 +0200| [3b2082c663dac93fd722289a540c1b1e24a12564] | committer: Michael Niedermayer avcodec/hevc_ps: Change num_tile_rows/columns checks to sps->ctb_height/weight Suggested-by: James Almer Reviewed-by: James Almer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3b2082c663dac93fd722289a540c1b1e24a12564 --- libavcodec/hevc_ps.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c index 07d220a5c8..f6e80e1609 100644 --- a/libavcodec/hevc_ps.c +++ b/libavcodec/hevc_ps.c @@ -1588,14 +1588,14 @@ int ff_hevc_decode_nal_pps(GetBitContext *gb, AVCodecContext *avctx, int num_tile_rows_minus1= get_ue_golomb(gb); if (num_tile_columns_minus1 < 0 || -num_tile_columns_minus1 >= sps->width - 1) { +num_tile_columns_minus1 >= sps->ctb_width - 1) { av_log(avctx, AV_LOG_ERROR, "num_tile_columns_minus1 out of range: %d\n", num_tile_columns_minus1); ret = num_tile_columns_minus1 < 0 ? num_tile_columns_minus1 : AVERROR_INVALIDDATA; goto err; } if (num_tile_rows_minus1 < 0 || -num_tile_rows_minus1 >= sps->height - 1) { +num_tile_rows_minus1 >= sps->ctb_height - 1) { av_log(avctx, AV_LOG_ERROR, "num_tile_rows_minus1 out of range: %d\n", num_tile_rows_minus1); ret = num_tile_rows_minus1 < 0 ? num_tile_rows_minus1 : AVERROR_INVALIDDATA; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/aviobuf: Delay buffer downsizing until asserts are met
ffmpeg | branch: master | Michael Niedermayer | Sun Jun 9 22:04:16 2019 +0200| [0334632d5c02720f1829d59cd20c009584b5b163] | committer: Michael Niedermayer avformat/aviobuf: Delay buffer downsizing until asserts are met Fixes: Assertion failure Fixes: 15151/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5757079496687616 Fixes: 15205/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5767573242642432 May fix: Ticket7094 Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0334632d5c02720f1829d59cd20c009584b5b163 --- libavformat/aviobuf.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libavformat/aviobuf.c b/libavformat/aviobuf.c index 5a33f82950..6a5cd97b0a 100644 --- a/libavformat/aviobuf.c +++ b/libavformat/aviobuf.c @@ -570,7 +570,7 @@ static void fill_buffer(AVIOContext *s) } /* make buffer smaller in case it ended up large after probing */ -if (s->read_packet && s->orig_buffer_size && s->buffer_size > s->orig_buffer_size) { +if (s->read_packet && s->orig_buffer_size && s->buffer_size > s->orig_buffer_size && len >= s->orig_buffer_size) { if (dst == s->buffer && s->buf_ptr != dst) { int ret = ffio_set_buf_size(s, s->orig_buffer_size); if (ret < 0) @@ -578,7 +578,6 @@ static void fill_buffer(AVIOContext *s) s->checksum_ptr = dst = s->buffer; } -av_assert0(len >= s->orig_buffer_size); len = s->orig_buffer_size; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/apedec: Add k < 24 check to the only k++ case which lacks such a check
ffmpeg | branch: master | Michael Niedermayer | Sun Jun 16 11:26:57 2019 +0200| [3d4f4f4a15e79c96c3613e5c252b2f5cc4190e18] | committer: Michael Niedermayer avcodec/apedec: Add k < 24 check to the only k++ case which lacks such a check Fixes: 15255/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5718831688843264 Fixes: left shift of 1 by 31 places cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3d4f4f4a15e79c96c3613e5c252b2f5cc4190e18 --- libavcodec/apedec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/apedec.c b/libavcodec/apedec.c index 15eb416ba4..eb31fd70c1 100644 --- a/libavcodec/apedec.c +++ b/libavcodec/apedec.c @@ -460,7 +460,7 @@ static inline void update_rice(APERice *rice, unsigned int x) if (rice->ksum < lim) rice->k--; -else if (rice->ksum >= (1 << (rice->k + 5))) +else if (rice->ksum >= (1 << (rice->k + 5)) && rice->k < 24) rice->k++; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/fitsdec: Check data_min/max
ffmpeg | branch: master | Michael Niedermayer | Thu Jun 13 00:24:53 2019 +0200| [eb82d19f035f59edf0aee215f02baaea908875de] | committer: Michael Niedermayer avcodec/fitsdec: Check data_min/max Fixes: division by 0 Fixes: 15206/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FITS_fuzzer-5657260212092928 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=eb82d19f035f59edf0aee215f02baaea908875de --- libavcodec/fitsdec.c | 8 1 file changed, 8 insertions(+) diff --git a/libavcodec/fitsdec.c b/libavcodec/fitsdec.c index 67a8bd71f4..4f452422ef 100644 --- a/libavcodec/fitsdec.c +++ b/libavcodec/fitsdec.c @@ -168,6 +168,14 @@ static int fits_read_header(AVCodecContext *avctx, const uint8_t **ptr, FITSHead header->data_min = (header->data_min - header->bzero) / header->bscale; header->data_max = (header->data_max - header->bzero) / header->bscale; } +if (!header->rgb && header->data_min >= header->data_max) { +if (header->data_min > header->data_max) { +av_log(avctx, AV_LOG_ERROR, "data min/max (%g %g) is invalid\n", header->data_min, header->data_max); +return AVERROR_INVALIDDATA; +} +av_log(avctx, AV_LOG_WARNING, "data min/max indicates a blank image\n"); +header->data_max ++; +} return 0; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".