| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
|
|
| |
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
|
|
|
|
|
|
| |
Fixes: Timeout
Fixes: 10972/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLAC_fuzzer-5707569640243200
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
| |
|
|
|
|
| |
Signed-off-by: Paul B Mahol <onemda@gmail.com>
|
|
|
|
|
|
|
|
|
| |
add set_ue_golomb_long to support up to 2^32-2.
Reviewed-by: Mark Thompson <sw@jkqxz.net>
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Jun Zhao <jun.zhao@intel.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
|
|
|
|
|
|
|
|
|
| |
set_ue_golomb just support 2^16 - 2 at most, becase this function call
put_bits, and put_bits just support write up to 31 bits, when write 32
bit in put_bits, it's will overwrite the bit buffer, and the default
assert level is 0, the av_assert2(n <= 31 && value < (1U << n)) in
put_bits can not be trigger runtime.
Signed-off-by: Jun Zhao <jun.zhao@intel.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
|
|
| |
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
|
|
|
|
|
|
|
| |
represented in type 'int'
Fixes: 1481/clusterfuzz-testcase-minimized-5264379509473280
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
|
|
| |
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|\
| |
| |
| |
| |
| |
| | |
* commit 'f7407f56cbf820a147bd77d728ac9a72c587cc56':
golomb: Replace __PRETTY_FUNCTION__ with __func__ for tracing
Merged-by: Clément Bœsch <u@pkh.me>
|
| |
| |
| |
| | |
The former is a GNU extension while the latter is C99.
|
|\ \
| |/
| |
| |
| |
| |
| | |
* commit '83b92a855e8e08bdec484e13ee5a7c8996224772':
golomb: Drop disabled cruft
Merged-by: Clément Bœsch <u@pkh.me>
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes slow loops on fuzzed data
Fixes: 245/fuzz-3-ffmpeg_AUDIO_AV_CODEC_ID_FLAC_fuzzer
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|\ \
| |/
| |
| |
| |
| |
| | |
* commit '4024b566d664a4b161d677554be52f32e7ad4236':
golomb: Give svq3_get_se_golomb()/svq3_get_ue_golomb() better names
Merged-by: Hendrik Leppkes <h.leppkes@gmail.com>
|
| | |
|
|\ \
| |/
| |
| |
| |
| |
| | |
* commit '52567e8198669a1e7493c75771613f87a90466c3':
get_bits: Drop some TRACE-level debug code
Merged-by: Hendrik Leppkes <h.leppkes@gmail.com>
|
| |
| |
| |
| | |
It will not be provided by the new bit reader anyway.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
get_ue_golomb() cannot decode values larger than 8190 (the maximum
value that can be golomb encoded in 25 bits) and produces the error
"Invalid UE golomb code" if a larger value is encountered. Use
get_ue_golomb_long() instead (which supports 63 bits, up to 4294967294)
when valid h264/hevc values can exceed 8190.
This updates decoding of the following values: (maximum)
first_mb_in_slice 36863* for level 5.2
abs_diff_pic_num_minus1 131071
difference_of_pic_nums_minus1 131071
idr_pic_id 65535
recovery_frame_cnt 65535
frame_packing_arrangement_id 4294967294
frame_packing_arrangement_repetition_period 16384
display_orientation_repetition_period 16384
An alternative would be to modify get_ue_golomb() to handle encoded
values of up to 49 bits as was done for get_se_golomb() in a92816c.
In that case get_ue_golomb() could continue to be used for all of
these except frame_packing_arrangement_id.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Also correct the check to reject log < 7, because UPDATE_CACHE only
guarantees 25 meaningful bits.
This fixes undefined behavior:
runtime error: shift exponent is negative
Testing with START/STOP timers in get_ue_golomb, one for the first
branch (A) and one for the second (B), shows that there is practically no
slowdown, e.g. for the cavs decoder:
With the check in the B branch:
629 decicycles in get_ue_golomb B, 4194260 runs, 44 skips
433 decicycles in get_ue_golomb A,268434102 runs, 1354 skips
Without the check:
624 decicycles in get_ue_golomb B, 4194273 runs, 31 skips
433 decicycles in get_ue_golomb A,268434203 runs, 1253 skips
Since the B branch is executed far less often than the A branch, this
change is negligible, even more so for the h264 decoder, where the ratio
B/A is a lot smaller.
Fixes: mozilla bug 1230239
Fixes: fbeb8b2c7c996e9b91c6b1af319d7ebc/asan_heap-oob_195450f_2743_e8856ece4579ea486670be2b236099a0.bit
Found-by: Tyson Smith
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
|
| |
| |
| |
| | |
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
| |
| |
| |
| |
| |
| | |
No testcase is known, nor any case where such huge values would occur
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
| |
| |
| |
| | |
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
| |
| |
| |
| |
| | |
Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: James Almer <jamrial@gmail.com>
|
| |
| |
| |
| |
| |
| | |
Found-by: Clang -fsanitize=shift
Reported-by: Thierry Foucu <tfoucu@google.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
| |
| |
| |
| |
| | |
Signed-off-by: Zeng Zhaoxiu <zhaoxiu.zeng@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
| |
| |
| |
| |
| | |
Signed-off-by: Zeng Zhaoxiu <zhaoxiu.zeng@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
| |
| |
| |
| | |
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
|\ \
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
* commit '91d305790ea0f6fe0f54b48236da42181c39c18b':
get_bits: Rename HAVE_BITS_REMAINING --> BITS_AVAILABLE
Conflicts:
libavcodec/golomb.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
| |
| |
| |
| | |
The HAVE_ prefix is reserved for macros set by configure.
|
|\ \
| |/
| |
| |
| |
| |
| | |
* qatar/master:
golomb: Fix the implementation of get_se_golomb_long
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This was only used in hevc muxing code so far.
This makes the return values match what get_se_golomb returns for
the same bitstream reader instances.
The logic for producing a signed golomb code out of an unsigned one
was based on the corresponding code in get_se_golomb, which operated
directly on the bitstream reader buffer - not on the equivalent
return value from get_ue_golomb.
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
|
|\ \
| |/
| |
| |
| |
| |
| | |
* commit '5eacbb53289570834f9a1acb15fd406ea224eef6':
golomb: Add a get_se_golomb_long
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
| |
| |
| |
| | |
Useful in libavformat mostly.
|
|\ \
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
* qatar/master:
golomb: reduce scope of a few variables
Conflicts:
libavcodec/golomb.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
| |
| |
| |
| | |
Signed-off-by: Diego Biurrun <diego@biurrun.de>
|
|\ \
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
* qatar/master:
golomb: K&R formatting cosmetics
Conflicts:
libavcodec/golomb.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
| |
| |
| |
| | |
Signed-off-by: Diego Biurrun <diego@biurrun.de>
|
| |
| |
| |
| | |
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
| |
| |
| |
| |
| |
| | |
Fixes invalid right shift in fate-cavs
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
|\ \
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* qatar/master:
golomb: use unsigned arithmetics in svq3_get_ue_golomb()
x86: float_dsp: fix loading of the len parameter on x86-32
takdec: fix initialisation of LOCAL_ALIGNED array
takdec: fix initialisation of LOCAL_ALIGNED array
Conflicts:
libavcodec/rv30.c
libavcodec/svq3.c
libavcodec/takdec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This prevents undefined behaviour of signed left shift if the coded
value is larger than 2^31. Large values are most likely invalid and
caused errors or by feeding random.
Validate every use of svq3_get_ue_golomb() and changed the place there
the return value was compared with negative numbers. dirac.c was clean,
fixed rv30 and svq3.
|
|\ \
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* qatar/master:
avcodec: Convert some commented-out printf/av_log instances to av_dlog
avcodec: Drop silly and/or broken printf debug output
avcodec: Drop some silly commented-out av_log() invocations
avformat: Convert some commented-out printf/av_log instances to av_dlog
avformat: Remove non-compiling and/or silly commented-out printf/av_log statements
Remove some silly disabled code.
ac3dec: ensure get_buffer() gets a buffer for the correct number of channels
Conflicts:
libavcodec/dnxhddec.c
libavcodec/ffv1.c
libavcodec/h264.c
libavcodec/h264_parser.c
libavcodec/mjpegdec.c
libavcodec/motion_est_template.c
libavcodec/mpegaudiodec.c
libavcodec/mpegvideo_enc.c
libavcodec/put_bits.h
libavcodec/ratecontrol.c
libavcodec/wmaenc.c
libavdevice/timefilter.c
libavformat/asfdec.c
libavformat/avidec.c
libavformat/avienc.c
libavformat/flvenc.c
libavformat/utils.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
| | |
|
|\ \
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* qatar/master:
libopus: Remap channels using libopus' internal remapping.
Opus decoder using libopus
avcodec: document the use of AVCodecContext.delay for audio decoding
vc1dec: add flush function for WMV9 and VC-1 decoders
http: Increase buffer sizes to cope with longer URIs
nutenc: const correctness for ff_put_v_trace/put_s_trace function arguments
h264_refs: Fix debug tprintf argument types
golomb: const correctness for get_ue()/get_se() function arguments
get_bits: const correctness for get_bits_trace()/get_xbits_trace() arguments
Conflicts:
Changelog
libavcodec/Makefile
libavcodec/version.h
libavformat/http.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes infinite loop in FLAC decoding in case of a truncated bitstream due to
the safe bitstream reader returning 0's at the end.
Fixes Bug 310.
CC:libav-stable@libav.org
|
| |
| |
| |
| | |
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
|\ \
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* qatar/master:
docs: use -bsf:[vas] instead of -[vas]bsf.
mpegaudiodec: Prevent premature clipping of mp3 input buffer.
lavf: move the packet keyframe setting code.
oggenc: free comment header for all codecs
lcl: error out if uncompressed input buffer is smaller than framesize.
mjpeg: abort decoding if packet is too large.
golomb: use HAVE_BITS_REMAINING() macro to prevent infloop on EOF.
get_bits: add HAVE_BITS_REMAINING macro.
lavf/output-example: use new audio encoding API correctly.
lavf/output-example: more proper usage of the new API.
tiff: Prevent overreads in the type_sizes array.
tiff: Make the TIFF_LONG and TIFF_SHORT types unsigned.
apetag: do not leak memory if avio_read() fails
apetag: propagate errors.
SBR DSP x86: implement SSE sbr_hf_g_filt
SBR DSP x86: implement SSE sbr_sum_square_sse
SBR DSP: use intptr_t for the ixh parameter.
Conflicts:
doc/bitstream_filters.texi
doc/examples/muxing.c
doc/ffmpeg.texi
libavcodec/golomb.h
libavcodec/x86/Makefile
libavformat/oggenc.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|