summaryrefslogtreecommitdiff
path: root/libavcodec
Commit message (Collapse)AuthorAgeFilesLines
* avcodec/atrac3plusdec: fix compilation failure after last commitJames Almer2022-11-041-1/+1
| | | | Signed-off-by: James Almer <jamrial@gmail.com>
* avcodec/atrac3plus: reorder channels to match the output layoutJames Almer2022-11-041-1/+15
| | | | | | | | | | | | The order in which the channels are coded in the bitstream do not always follow the native, bitmask-based order of channels both signaled by the WAV container and forced by this same decoder. This is the case with layouts containing an LFE channel, as it's always coded last. Fixes ticket #9964. Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit 3819719099df601c470e961b9d49b9100c65641b)
* avcodec/aacdec: fix parsing streams with channel configuration 11James Almer2022-11-042-5/+3
| | | | | | | | | Set the correct amount of tags in tags_per_config[]. Also, there are no channels that correspond to a side element in this configuration, so reflect this in the list of known/supported channel layouts. Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit 8c7d3b43cc1e41de62733eb90dda7e061778f390)
* avcodec/speexdec: Check channels > 2Michael Niedermayer2022-11-031-1/+1
| | | | | | | | | | | | More than 2 channels seems unsupported, the code seems to just output empty extra channels Fixes: Timeout Fixes: 51569/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SPEEX_fuzzer-5511509165342720 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 77164b2344eb67d61f973ebbbc8e0b88aaae027b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dstdec: Check for overflow in build_filter()Michael Niedermayer2022-11-031-3/+8
| | | | | | | | | | Fixes: signed integer overflow: 1917019860 + 265558963 cannot be represented in type 'int' Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DST_fuzzer-4833165046317056 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8008940da5aa43895fd4574114309c3324249eab) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mjpegdec: Check for unsupported bayer caseMichael Niedermayer2022-11-031-0/+2
| | | | | | | | | | Fixes: out of array access Fixes: 51462/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-662559341582745 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit dd81cc22b3dd5bd6badf012b4fe4c19e062650f4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: Fix integer overflow in filter_3800()Michael Niedermayer2022-11-031-1/+1
| | | | | | | | | | | Fixes: signed integer overflow: -2147448926 + -198321 cannot be represented in type 'int' Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5739619273015296 Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-6744428485672960 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f05247f6a4698c14f1cd523daa90188f50dcf6ad) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/tta: Check 24bit scaling for overflowMichael Niedermayer2022-11-031-2/+9
| | | | | | | | | | Fixes: signed integer overflow: -8427924 * 256 cannot be represented in type 'int' Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5409428670644224 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3993345f915bccceee315f44d412445346990e14) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mobiclip: Check quantizer for overflowMichael Niedermayer2022-11-031-2/+2
| | | | | | | | | | Fixes: signed integer overflow: 127 + 2147483536 cannot be represented in type 'int' Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOBICLIP_fuzzer-6014034970804224 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 677e27a9afa7305a918336699b377fd5b42cc299) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/exr: Check preview psizeMichael Niedermayer2022-11-031-2/+5
| | | | | | | | | | Fixes: signed integer overflow: 17121181824 * 538976288 cannot be represented in type 'long long' Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5915330316206080 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ac26712e35f5ebc726d1be14bb4a420949e66604) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/tiff: Fix loop detectionMichael Niedermayer2022-11-031-2/+2
| | | | | | | | | Fixes regression with tickets/4364/L1004220.DNG Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 43a4854510a3d596e114d899177a5b3b323ca9fb) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/fmvc: Move frame allocation to a later stageMichael Niedermayer2022-11-031-6/+15
| | | | | | | | This way more things are checked before allocation Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9783749c66bf6ca2ce7a6db4c74957fe77cbe803) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/speedhq: Check widthMichael Niedermayer2022-11-031-1/+1
| | | | | | | | | | | | Fixes: out of array access Fixes: 50014/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SPEEDHQ_fuzzer-4748914632294400 Alternatively the buffer size can be increased Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f0395f9ef6051315973f1fdded1804f81458566d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/bink: disallow odd positioned scaled blocksMichael Niedermayer2022-11-031-1/+1
| | | | | | | | | | | Fixes: out of array access Fixes: 47911/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-6194020855971840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b14104a6376cd774b08cbe5fda56b34320a41b2e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* lavc/videotoolbox: do not pass AVCodecContext to decoder output callbackAnton Khirnov2022-09-252-4/+8
| | | | | | | | | | | | | | | | | | | | | The opaque parameter for the callback is set in videotoolbox_start(), called when the hwaccel is initialized. When frame threading is used, avctx will be the context corresponding to the frame thread currently doing the decoding. Using this same codec context in all subsequent invocations of the decoder callback (even those triggered by a different frame thread) is unsafe, and broken after cc867f2c09d2b69cee8a0eccd62aff002cbbfe11, since each frame thread now cleans up its hwaccel state after decoding each frame. Fix this by passing hwaccel_priv_data as the opaque parameter, which exists in a single instance forwarded between all frame threads. The only other use of AVCodecContext in the decoder output callback is as a logging context. For this purpose, store a logging context in hwaccel_priv_data. (cherry picked from commit d7f4ad88a0df3c1339e142957bf2c40cd056b8ce) Signed-off-by: Anton Khirnov <anton@khirnov.net>
* lavc/pthread_frame: always transfer stashed hwaccel stateAnton Khirnov2022-09-251-6/+6
| | | | | | | | | Fixes assertion failures after avcodec_flush_buffers(), where stashed hwaccel state is present, but prev_thread is NULL. Found-by: Wang Bin <wbsecg1@gmail.com> (cherry picked from commit c504fb869264fbd8fba6e81c186b2f2848b62e26) Signed-off-by: Anton Khirnov <anton@khirnov.net>
* avcodec/arm/sbcenc: avoid callee preserved vfp registersJames Cowgill2022-09-201-110/+110
| | | | | | | | | | | | | | | | | | | | | | | | When compiling FFmpeg with GCC-9, some very random segfaults were observed in code which had previously called down into the SBC encoder NEON assembly routines. This was caused by these functions clobbering some of the vfp callee saved registers (d8 - d15 aka q4 - q7). GCC was using these registers to save local variables, but after these functions returned, they would contain garbage. Fix by reallocating the registers in the two affected functions in the following way: ff_sbc_analyze_4_neon: q2-q5 => q8-q11, then q1-q4 => q8-q11 ff_sbc_analyze_8_neon: q2-q9 => q8-q15 The reason for using these replacements is to keep closely related sets of registers consecutively numbered which hopefully makes the code more easy to follow. Since this commit only reallocates registers, it should have no performance impact. Signed-off-by: James Cowgill <jcowgill@debian.org> Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 50a4dff69f6477b06f00eae1cac2a53ae22fe9a5) Signed-off-by: Martin Storsjö <martin@martin.st>
* lavc/pthread_frame: avoid leaving stale hwaccel state in worker threadsAnton Khirnov2022-09-061-11/+35
| | | | | | | | | | | | | This state is not refcounted, so make sure it always has a well-defined owner. Remove the block added in 091341f2ab5bd35ca1a2aae90503adc74f8d3523, as this commit also solves that issue in a more general way. (cherry picked from commit cc867f2c09d2b69cee8a0eccd62aff002cbbfe11) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 35aa7e70e7ec350319e7634a30d8d8aa1e6ecdda) Signed-off-by: Anton Khirnov <anton@khirnov.net>
* libavcodec/8bps: Check that line lengths fit within the bufferMichael Niedermayer2022-09-011-0/+3
| | | | | | | | | | | Fixes: Timeout Fixes: undefined pointer arithmetic Fixes: 50330/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EIGHTBPS_fuzzer-5436287485607936 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2316d5ec1a95b13ff9a0ce80409fa367a041966d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/midivid: Perform lzss_uncompress() before ff_reget_buffer()Michael Niedermayer2022-09-011-7/+6
| | | | | | | | This would avoid regeting the frame on lzss errors Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 628fb97efb0b6202e56fab89670406261bf86d85) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/h263dec: Sanity check against minimal I/P frame sizeMichael Niedermayer2022-09-011-0/+2
| | | | | | | | | | Fixes: Timeout Fixes: 49718/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-4874987894341632 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ca4ff9c21cb77e024fa4ff5889826a8bee4d0e0a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevcdec: Check s->ref in the md5 path similar to hwaccelMichael Niedermayer2022-09-011-1/+1
| | | | | | | | | | | | | This is somewhat redundant with the is_decoded check. Maybe there is a nicer solution Fixes: Null pointer dereference Fixes: 49584/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5297367351427072 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3b51e1992289383aa9f083c88e153e34b6412c89) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpegaudiodec_template: use unsigned shift in handle_crc()Michael Niedermayer2022-09-011-1/+1
| | | | | | | | | | Fixes: left shift of 192 by 24 places cannot be represented in type 'int' Fixes: 49577/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MP1FLOAT_fuzzer-5205996678545408 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7086491fa0eca4ad647b5c9fae6d07344cc44ec0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mjpegdec: bayer and rct are incompatibleMichael Niedermayer2022-09-011-0/+6
| | | | | | | | | | Fixes: out of array read Fixes: 49434/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5208501080686592 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a44f5a521227adc7be2f78b411f56da1a4d98704) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevc_filter: copy_CTB() only within width&heightMichael Niedermayer2022-09-011-1/+12
| | | | | | | | | | Fixes: out of array access Fixes: 49271/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5424984922652672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 009ef35d384c3df22d8a8be7416dc9d532e91c52) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/tiff: Check tile_length and tile_widthMichael Niedermayer2022-09-011-0/+3
| | | | | | | | | | Fixes: Division by 0 Fixes: 49235/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5495613847896064 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 76112c2b4167bb3c40503b3334c8b38fd707a8d5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mss4: Check image size with av_image_check_size2()Michael Niedermayer2022-09-011-0/+4
| | | | | | | | | | Fixes: Timeout Fixes: 48418/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MTS2_fuzzer-4834851466903552 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4e145f1dcdcbe19e8f8e98940dab04e9332a8b5b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/exr: Check x/ysizeMichael Niedermayer2022-09-011-2/+4
| | | | | | | | | | Fixes: OOM Fixes: 48911/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-6352002510094336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 614a4d1476c6e3561ebab3977cb43b2b4b6406fd) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/lagarith: Check dst/src in zero run codeMichael Niedermayer2022-09-011-0/+3
| | | | | | | | | | | Fixes: out of array access Fixes: 48799/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LAGARITH_fuzzer-4764457825337344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9450f759748d02d1d284d2e4afd741cb0fe0c04a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/h264dec: Skip late SEIMichael Niedermayer2022-09-011-0/+4
| | | | | | | | | | | Fixes: Race condition Fixes: clusterfuzz-testcase-minimized-mediasource_MP2T_AVC_pipeline_integration_fuzzer-6282675434094592 Found-by: google ClusterFuzz Tested-by: Dan Sanders <sandersd@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f7dd408d64013ae177c1f8d0e04418e5075db5bc) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/sbrdsp_fixed: Fix integer overflows in sbr_qmf_deint_neg_c()Michael Niedermayer2022-09-011-2/+2
| | | | | | | | | | Fixes: signed integer overflow: 2147483645 + 16 cannot be represented in type 'int' Fixes: 46993/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-4759025234870272 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1537f40516d625fc5fa57db4fdfb737312fbc500) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevcdsp_template: stay within tables in sao_band_filter()Michael Niedermayer2022-09-011-1/+1
| | | | | | | | | | Fixes: out of array read Fixes: 47875/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5719393113341952 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9c5250a5612d4b32d79108de0c03945b2017963e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/tiff: Check pixel format types for dngMichael Niedermayer2022-09-011-0/+3
| | | | | | | | | | Fixes: out of array access Fixes: 48271/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-6149705769287680 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 75f3d1b82261f31c6bbcee8046cec6792194355a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/qpeldsp: copy less for the mc0x casesMichael Niedermayer2022-09-011-6/+6
| | | | | | | | | | Fixes: out of array access Fixes: 47936/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5745039940124672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e690d4edf581c42dbd907c0fafe53fba86a00812) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ffv1dec: Limit golomb rice coded slices to width 8MMichael Niedermayer2022-09-011-0/+3
| | | | | | | | | This limit is possibly not reachable due to other restrictions on buffers but the decoder run table is too small beyond this, so explicitly check for it. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b4431399ec1e10afff458cf1ffae2a75987d725a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wnv1: Check for width =1Michael Niedermayer2022-09-011-0/+3
| | | | | | | | | | | | The decoder only outputs pixels for width >1 images, fail early Fixes: Timeout Fixes: 48298/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WNV1_fuzzer-6198626319204352 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d98d5a436aa70d3cef8f914c0467ef2fb2dd1dfc) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ffv1dec_template: fix indentionMichael Niedermayer2022-09-011-5/+5
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit eee7364c90699f50a36aaada38c52ccc0d6bf501) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/aasc: Fix indentionMichael Niedermayer2022-09-011-17/+17
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit af2ed09220fe82e0aa479d1b93be6aadc4930efc) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/qdrw: adjust max colors to array sizeMichael Niedermayer2022-09-011-1/+1
| | | | | | | | | | | Fixes: out of array access Fixes: 48429/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDRAW_fuzzer-4608329791438848 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cd847f86d31f87f0f7733ca6ab7a2c022a1398bd) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/alacdsp: Make intermediates unsignedMichael Niedermayer2022-09-011-2/+2
| | | | | | | | | | Fixes: signed integer overflow: -14914387 + -2147418648 cannot be represented in type 'int' Fixes: 46464/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-474307197311385 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8709f4c10a216cb3e11564bc392841e832f8e3b1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/jpeglsdec: fix end check for xfrmMichael Niedermayer2022-09-011-4/+4
| | | | | | | | | | Fixes: out of array access Fixes: 47871/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AMV_fuzzer-5646305956855808 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6a82412bf33108111eb3f63076fd5a51349ae114) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/cdgraphics: limit scrolling to the lineMichael Niedermayer2022-09-011-1/+1
| | | | | | | | | | Fixes: out of array access Fixes: 47877/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CDGRAPHICS_fuzzer-5690504626438144 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b7e30a13d4e4557b87f977b76a6bb5e3cbe5ac78) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/texturedspenc: Fix indexing in color distribution determinationMichael Niedermayer2022-09-011-3/+3
| | | | | | | | | | | | Fixes CID1396405 MSE and PSNR is slightly improved, and some noticable corruptions disappear as well. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Marton Balint <cus@passwd.hu> (cherry picked from commit ade36d61de8ea5a5acb30a05a0cbcda069127143) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/libxavs2: Improve r redundancy in occuredMichael Niedermayer2022-09-011-1/+1
| | | | | | | Reviewed-by: "mypopy@gmail.com" <mypopy@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f3b7ba21ba49b32b4476a8c7c5a9bcdad15e3943) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/cuviddec: fix null pointer dereferenceZhao Zhili2022-06-261-9/+11
| | | | | | It can happened on error path of cuvid_decode_init(). Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
* avcodec/cuviddec: fix AV1 decoding errorZhao Zhili2022-06-261-0/+10
| | | | | | | | | | | cuvidParseVideoData only supports pure OBUs, it reports an unknown error with AV1CodecConfigurationRecord. Check whether extradata is AV1CodecConfigurationRecord and skip the first 4 bytes to fix the issue. The bug is revealed in ffmpeg cmd since 45e3b6a68 and ffd1316e. Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
* avcodec/libdav1d: don't depend on the event flags API to init sequence ↵James Almer2022-04-071-1/+2
| | | | | | | | | | | | | | | params the first time A bug was found in dav1d <= 1.0.0 where the event flag New Sequence Header would not be signaled for some samples using delayed random access points. It has since been fixed, but nonetheless it's best to ensure the AVCodecContext is filled with parameters when parsing the first frame, regardless of what events were signaled. Fixes ticket #9694. Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit 3e186148ca9ac0c47cec253fdea62b48c9feadd2)
* avcodec/exr: Avoid signed overflow in displayWindowMichael Niedermayer2022-04-041-2/+2
| | | | | | | | | | | | | | | The inputs are unused except for this computation so wraparound does not give an attacker any extra values as they are already fully controlled Fixes: signed integer overflow: 0 - -2147483648 cannot be represented in type 'int' Fixes: 45820/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5766159019933696 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1291568c9834c02413ab5d87762308f15b4ae9c6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/diracdec: avoid signed integer overflow in global mvMichael Niedermayer2022-04-041-2/+2
| | | | | | | | | | Fixes: signed integer overflow: -128275513086 * -76056576 cannot be represented in type 'long' Fixes: 45818/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5129799149944832 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7f1279684e8e1e33c78577b7f0265c062e4e6232) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/takdsp: Fix integer overflow in decorrelate_sf()Michael Niedermayer2022-04-041-1/+1
| | | | | | | | | | Fixes: signed integer overflow: -101 * 71041254 cannot be represented in type 'int' Fixes: 45938/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TAK_fuzzer-4687974320701440 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 01d8c887f63bcb1f870034ed441504b3daffc645) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
View Lorry Controller Status