Commit Graph

99595 Commits

Author SHA1 Message Date
Michael Niedermayer 3300f5c133 avformat/icodec: Change order of operations to avoid NULL dereference
Fixes: SEGV on unknown address 0x000000000000
Fixes: 26379/clusterfuzz-testcase-minimized-ffmpeg_dem_ICO_fuzzer-5709011753893888

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-17 14:36:11 +02:00
Jan Ekström 86228ebdb2 ffmpeg: deduplicate init_output_stream usage logic
Adds a wrapper function, which handles any errors depending on how
fatal a failure would be.
2020-10-17 11:55:55 +03:00
Zane van Iperen bf4a253f38
avcodec/adpcmenc: remove BLKSIZE #define
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2020-10-17 09:36:07 +10:00
Zane van Iperen e368be5230
avcodec/adpcm_ima_wav: support custom block size for encoding
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2020-10-17 09:36:06 +10:00
Zane van Iperen ed1cfb8e31
avcodec/adpcm_yamaha: support custom block size for encoding
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2020-10-17 09:36:06 +10:00
Zane van Iperen eb75a80dc8
avcodec/adpcm_ima_apm: support custom block size for encoding
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2020-10-17 09:36:06 +10:00
Zane van Iperen b5c2c9a1ce
avcodec/adpcm_ima_ssi: support custom block size for encoding
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2020-10-17 09:36:05 +10:00
Zane van Iperen bd1c94bb68
avcodec/adpcm_ms: support custom block size for encoding
Fixes tickets #6585 and #7109

Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2020-10-17 09:36:05 +10:00
Zane van Iperen c78c60c3e8
avcodec/adpcmenc: add "block_size" option
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2020-10-17 09:36:02 +10:00
Brad Hards fcec7a6848 avformat/mpegts: replace magic descriptor_tag values with defines
This takes the used values from ISO/IEC 13818-1 Table 2-45 and adds
them to the mpegts.h header. No functional changes.

Signed-off-by: Brad Hards <bradh@frogmouth.net>
Signed-off-by: Marton Balint <cus@passwd.hu>
2020-10-16 23:31:45 +02:00
Zhao Zhili 15a74d21f3 avformat/udp: remove redundant setting of h->max_packet_size
h->max_packet_size is being reset in the following code.

Signed-off-by: Marton Balint <cus@passwd.hu>
2020-10-16 23:16:55 +02:00
Marton Balint f076a5fef6 Revert "aviobuf: Discard old buffered, previously read data in ffio_read_partial"
This is unneeded after 2ca48e4666 and it breaks
ffio_ensure_seekback().

This reverts commit 53c25ee073.

Signed-off-by: Marton Balint <cus@passwd.hu>
2020-10-16 23:16:46 +02:00
Marton Balint fb0304fcc9 avformat/libsrt: fix cleanups on failed libsrt_open() and libsrt_setup()
- Call srt_epoll_release() to avoid fd leak on libsrt_setup() error.
- Call srt_cleanup() on libsrt_open() failure.
- Fix return value and method on mode parsing failure.

Based on a patch by Nicolas Sugino <nsugino@3way.com.ar>.

Signed-off-by: Marton Balint <cus@passwd.hu>
2020-10-16 23:15:09 +02:00
Paul B Mahol e704750a9f avfilter/af_aiir: use transposed II form for biquad sections 2020-10-16 23:07:27 +02:00
Paul B Mahol 0df0e12d02 avfilter/af_aiir: implement parallel processing 2020-10-16 23:07:27 +02:00
James Almer 0ed455b84e avcodec/av1dec: add cur_frame.spatial_id and temporal_id to AV1Frame
Will be used by hwaccels, which have access to a frame's AV1RawFrameHeader but not
its AV1RawOBUHeader.

Signed-off-by: James Almer <jamrial@gmail.com>
2020-10-16 13:34:31 -03:00
Michael Niedermayer af701196ec tools/target_dem_fuzzer: Set format independent of c
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-16 14:56:24 +02:00
Andriy Gelman 2b5e18a953 avcodec/movtextenc: cosmetics
Change pointer position.

Signed-off-by: Andriy Gelman <andriy.gelman@gmail.com>
2020-10-15 22:30:13 -04:00
Andriy Gelman d4c46dc328 avcodec/movtextenc: fix writing to bytestream on BE arches
Fixes fate-binsub-movtextenc on PPC64

Currently tags are written in reverse order on BE arches. This is fixed
by using MKBETAG() and AV_RB32() to be arch agnostics.

Also s->font_count is of type int. On BE arches with 32bit int,
count = AV_RB16(&s->font_count) will read two most significant bytes
instead of the least significant bytes. This is fixed by assigning
s->font_count to count first.

The final change is modifying the type of len. On BE arches
the most significant byte of the int was written instead of the least
significant byte.

Signed-off-by: Andriy Gelman <andriy.gelman@gmail.com>
2020-10-15 22:27:37 -04:00
Andreas Rheinhardt 8e58db7348 avcodec/asvenc: Inline constants
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-16 00:39:07 +02:00
Andreas Rheinhardt 4f3edcdcbc avcodec/asvdec: Use init_get_bits8()
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-16 00:39:01 +02:00
Andreas Rheinhardt 2a8edb1ad3 avcodec/asvdec: Reduce the size of some VLCs
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-16 00:38:58 +02:00
Andreas Rheinhardt 6608ecb1b5 avcodec/ylc: Inline constants
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-16 00:38:50 +02:00
Andreas Rheinhardt 753e450a71 avcodec/v3/408enc: Remove empty close functions
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-16 00:29:06 +02:00
Michael Niedermayer 7265b7d904 avcodec/exr: Fix overflow with many blocks
Fixes: signed integer overflow: 1073741827 * 8 cannot be represented in type 'int'
Fixes: 25621/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-6304841641754624

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-15 23:38:58 +02:00
James Almer 191f68aec1 avcodec/Makefile: add missing av1_cuvid entry
Signed-off-by: James Almer <jamrial@gmail.com>
2020-10-15 18:30:04 -03:00
Timo Rothenpieler 0a31d57a56 configure: check for nvdec/cuvid AV1 support 2020-10-15 23:25:05 +02:00
Michael Niedermayer 394e8bb385 avcodec/vp9dsp_template: Fix integer overflows in idct16_1d()
Fixes: signed integer overflow: -190760 * 11585 cannot be represented in type 'int'
Fixes: 25471/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP9_fuzzer-5743354917421056

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-15 22:53:56 +02:00
Michael Niedermayer 949f0a6be9 avcodec/ansi: Check initial dimensions
Fixes: Timeout (minutes to less than 1sec)
Fixes: 25682/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ANSI_fuzzer-6320712032452608

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-15 22:53:56 +02:00
Michael Niedermayer 106f11f68a avcodec/hevcdec: Check slice_cb_qp_offset / slice_cr_qp_offset
Fixes: signed integer overflow: 29 + 2147483640 cannot be represented in type 'int'
Fixes: 25413/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5697909331591168

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-15 22:53:56 +02:00
Michael Niedermayer eeabdef1bf avcodec/sonic: Check for overread
Fixes: Timeout (too long -> 1.3 sec)
Fixes: 24358/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5107284099989504

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-15 22:53:56 +02:00
Michael Niedermayer 92233a6344 avcodec/mobiclip: Check that Motion vectors are within the input frame
The MV checks did not consider the width and height of the block, also they
had some off by 1 errors. This resulted in undefined behavior and crashes.
This commit instead errors out on these

Fixes: out of array read
Fixes: 26080/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOBICLIP_fuzzer-5758146355920896

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-15 22:53:56 +02:00
Michael Niedermayer b6b640c544 avcodec/mobiclip: set the bitstream size to the input
Fixes: out of array read
Fixes: 25453/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOBICLIP_fuzzer-5163575973511168

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-15 22:53:56 +02:00
James Almer 0467991de7 avcodec/allcodecs: move av1_cuvid below libaom_av1
Software decoders should always be first.

Signed-off-by: James Almer <jamrial@gmail.com>
2020-10-15 17:29:27 -03:00
Roman Arzumanyan b23e6ae886 avcodec/cuviddec: add av1 support
Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
2020-10-15 21:20:40 +02:00
Michael Niedermayer b7f51428b1 avformat/subviewerdec: fail on AV_NOPTS_VALUE
Such values are not supported by ff_subtitles_queue*

Fixes: signed integer overflow: 10 - -9223372036854775808 cannot be represented in type 'long'
Fixes: 24193/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5714901855895552

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-15 18:44:31 +02:00
Chris Miceli 0c90377a40 libavformat/avidec: check memory allocation
Memory allocation for AVIOContext should be checked. In this code,
all error conditions are sent to the "goto error".

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-14 21:11:49 +02:00
Chris Miceli 6bdfea8d4b libavfilter/dnn/dnn_backend{openvino, tf}: check memory alloc non-NULL
These previously would not check that the return value was non-null
meaning it was susceptible to a sigsegv. This checks those values.
2020-10-14 11:08:09 +08:00
Chris Miceli ad95e5e45d libavfilter/dnn_backend_native: check mem allocation
check that frame allocations return non-null.
2020-10-14 10:19:05 +08:00
Andreas Rheinhardt 00772ef4f7 avcodec/webp: Use LE VLC table for LE bitstream reader
The WebP format uses Huffman tables and the decoder therefore uses
VLC tables. Given that WebP is a LE format, a LE bitreader is used;
yet the VLC table is not created for a LE reader (the process used to
create the tables puts the last bit to be read in the lowest bit) and
therefore custom code for reading the VLCs that reverses the bits
read is used instead of get_vlc2(). This commit changes this to use
a table designed for LE bitreader which allows to use get_vlc2() directly.
The necessary reversing of the codes is delegated to
ff_init_vlc_sparse() (and is therefore only done during init and not
when actually reading the VLCs).

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-12 22:40:00 +02:00
Andreas Rheinhardt d7a503ecf9 avcodec/ivi: Avoid reversing BE VLC codes for LE bitstream reader
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-12 22:38:40 +02:00
Andreas Rheinhardt 3977aeb78c avcodec/speedhq: Avoid reversing BE codes for LE bitstream reader
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-12 22:35:40 +02:00
Andreas Rheinhardt 9eb7d8b45d avcodec/vlc, bitstream: Allow to use BE codes to initialize LE VLC
This is easily possible because ff_init_vlc_sparse() already transforms
both LE as well as BE codes to a normal form internally before
processing them further. This will be used in subsequent commits.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-12 22:20:37 +02:00
Andreas Rheinhardt e78bbbc2b1 avcodec/speedhq: Don't use ff_ prefix for static symbols
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-12 22:18:44 +02:00
Andreas Rheinhardt 7b6acfa68f avcodec/speedhq: Don't pretend reading DC can fail
It can't, because the tables used don't have any loose ends. This also
fixes a bug in the only caller of decode_dc_le(): It didn't check the
return value.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-12 22:17:22 +02:00
Andreas Rheinhardt 57eee75c3f avcodec/indeo2: Remove #ifdef BITSTREAM_READER_LE cruft
Before the LE bitstream reader was used in the Indeo 2 decoder,
a standard BE bitstream reader with swapped bits was used; when the LE
bitstream reader was added, the old code was only #ifdef'ed away and not
removed. Said code has several problems: It modifies the input packet
without ensuring that the packet is indeed writable; and it doesn't work
since 09c4e5c598 because said commit
removed the BE table used to initialize the VLC table. So just remove
this cruft from the actual decoder, too.

Also use INIT_LE_VLC_STATIC while at it.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-12 22:06:28 +02:00
leozhang b9727870ae avfilter/vf_scale_cuda: unload cuModule on uninit
Signed-off-by: leozhang <nowerzt@gmail.com>
Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
2020-10-12 21:09:21 +02:00
Michael Niedermayer d40679d89c Add support for building fuzzer tools for an individual demuxer
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-12 21:01:48 +02:00
Tomas Härdin 86b485b5d6 fate-mxf-probe-applehdr10: Ignore endianness 2020-10-12 20:21:36 +02:00
Michael Niedermayer d40f249861 avcodec/cbs_av1: Free content in cbs_av1_free_metadata()
Fixes: memleak
Fixes: 25838/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5736255957237760

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-12 17:54:52 +02:00