Commit Graph

98280 Commits

Author SHA1 Message Date
Michael Niedermayer
b7e5c8f67d avcodec/hcadec: Check or bound indexes
This causes indexes into scale_conversion_table to wrap around, alternatively they
could be clipped, the table be enlarged or we can error out. I have not found a document that specifies
what is the correct way to handle this

Fixes: out of array access
Fixes: 21727/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HCA_fuzzer-5752477891952640.fuzz
Fixes: 22438/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HCA_fuzzer-5640717790871552

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-08 20:45:56 +02:00
Michael Niedermayer
8e21379da1 avcodec/pnm: Check scale
Fixes: division by zero
Fixes: 22974/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PFM_fuzzer-6270027077779456

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-08 20:45:56 +02:00
Michael Niedermayer
3e651eeac4 tools/target_dem_fuzzer: Implement AVSEEK_SIZE
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-08 12:27:18 +02:00
Michael Niedermayer
a5313ce654 avformat/4xm: Cleanup on GET_LIST_HEADER() failure
Fixes: memleak
Fixes: 23142/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5932860820422656

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-08 12:27:18 +02:00
Anton Khirnov
b7e1821284 hevc: move SliceHeader and LongTermRPS back to hevcdec.h
They are no longer necessary there and have nothing to do with parameter
sets, so do not belong in hevc_ps.h.

This effectively reverts 4aaace8b25.
2020-06-08 10:51:56 +02:00
Anton Khirnov
fb30c9107a hevc_parser: drop the use of SliceHeader
It is only used to store a few local variables within one function,
which is better accomplished by just declaring them on stack explicitly.
2020-06-08 10:51:56 +02:00
Anton Khirnov
2a9bed8fc1 hevc_refs: reduce code duplication in find_ref_idx() 2020-06-08 10:51:56 +02:00
Andreas Rheinhardt
d29aaf12f4 avcodec/v4l2_m2m_enc: Avoid ;;
Inside a function, the second ; in a double ;; is a null statement, but
outside of functions a double ;; is simply invalid C that compilers
happen to accept. v4l2_m2m_enc.c contained several ;; as a result of
macro-expansion. So change the underlying macro so that it doesn't
happen any longer.

This fixes warnings when compiling with -pedantic: "ISO C does not allow
extra ‘;’ outside of a function".

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-06-08 01:22:34 +02:00
Michael Niedermayer
27c42d33bc avcodec/ac3dec_fixed: Remove some temporary variables from scale_coefs()
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-08 00:21:15 +02:00
Michael Niedermayer
292b9b93a5 avcodec/lzf: Consider the needed size in reallocation
Fixes: NULL pointer dereference
Fixes: 22381/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_NOTCHLC_fuzzer-5659879921680384.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-08 00:21:15 +02:00
Michael Niedermayer
5bd5c31087 avformat/mlvdec: fail reading a packet with 0 streams
Fixes: NULL pointer dereference
Fixes: 22604/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5667739074297856.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-07 22:01:12 +02:00
Michael Niedermayer
1ba8484559 avformat/thp: Check compcount
Fixes: out of array access
Fixes: 22520/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5100297658826752

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-07 22:01:12 +02:00
Michael Niedermayer
6d96bae9c4 avcodec/adpcm: XA: Check shift similar to filter
Fixes: negative shift
Fixes: 22499/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_XA_fuzzer-5765452130418688

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-07 22:01:12 +02:00
Paul B Mahol
bd6336b970 avfilter/vf_vaguedenoiser: add new type of threshold 2020-06-07 15:20:25 +02:00
Paul B Mahol
6c57b0d63a avfilter/vf_vaguedenoiser: remove excessive code from soft thresholding 2020-06-07 15:20:11 +02:00
Gautam Ramakrishnan
d09c35677d libavcodec/jpeg2000_parser: Add jpeg2000 parser
I have attempted to write a JPEG2000 Parser. Have tested
by generating a file containing 14 frames, as mentioned
by Micheal. Have also tried testing with various packet
sizes by setting -frame_size option. Additionally,
fixed a few formatting issues as pointed out by Micheal.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-07 01:23:40 +02:00
Michael Niedermayer
8edfd0598d avformat/oggdec: Do not hardcode arbitrary and sometimes unavailable size
Fixes: regression since e983197cbc
Fixes: out of array read
Fixes: 22185/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5662069073641472

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Lynne <dev@lynne.ee>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-07 01:21:55 +02:00
Michael Niedermayer
108ee4b4a5 avformat/oggdec: Initialize return value from ogg_read_page() and check it everywhere
Fixes regression since 9ad47762c1
Fixes: out of array access
Fixes: 22172/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5658535590625280

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Lynne <dev@lynne.ee>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-07 01:21:55 +02:00
Paul B Mahol
7826fbfeaa avfilter/avf_showspectrum: properly handle EOF case 2020-06-06 19:49:14 +02:00
Paul B Mahol
1c32d7dfcf avfilter/asrc_anoisesrc: switch to activate
Allows to set EOF timestamp.
2020-06-06 15:53:07 +02:00
James Almer
49d37b4b61 avcodec/libaomenc: remove the experimental flag when using libaom 2.0.0 or newer
Reviewed-by: James Zern <jzern@google.com>
Signed-off-by: James Almer <jamrial@gmail.com>
2020-06-06 01:04:39 -03:00
Limin Wang
4bc5eb27a7 avutil/dict: av_realloc -> av_realloc_array()
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-06 10:32:07 +08:00
Michael Niedermayer
a1223ddc56 avcodec/huffyuvdec: Test vertical coordinate more often
Fixes: out of array access
Fixes: 22892/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HYMT_fuzzer-5135996772679680.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-06 00:38:53 +02:00
Dale Curtis
d9aa1ef2c2 avutil/mathematics: Fix overflow with NaN in av_add_stable()
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-06 00:25:00 +02:00
Dale Curtis
63ce7c71bc avformat: Fix overflow in compute_pkt_fields().
Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-06 00:25:00 +02:00
Michael Niedermayer
71a822fa35 avformat/rawdec: fix identifier names
Fixes: out of array access
Fixes: 22686/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5121369624018944

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-06 00:25:00 +02:00
Thierry Foucu
a1a85579e3 libavcodec/bmp_parser.c: fix a use_of_uninitialized_value in target_dec_fuzzer.
the target_dec_fuzzer is checking for the avpkt.data pointer but if the
bmp parser cannot combine the frame, the poutbuf is not set.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-06 00:25:00 +02:00
Thierry Foucu
3dc24b3379 libavcodec/mlp_parser.c: fix a use_of_uninitialized_value in target_dec_fuzzer.
the target_dec_fuzzer is checking for the avpkt.data pointer but if the
mlp parser cannot combine the frame, the poutbuf is not set.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-06 00:25:00 +02:00
Thierry Foucu
d5422a14e2 libavcodec/png_parser.c: fix a use_of_uninitialized_value in target_dec_fuzzer.
the target_dec_fuzzer is checking for the avpkt.data pointer but if the
png parser cannot combine the frame, the poutbuf is not set.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-06 00:25:00 +02:00
Michael Niedermayer
cf28521fee avcodec/hq_hqa: Check info size
Fixes: assertion failure
Fixes: 21079/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HQ_HQA_fuzzer-5737046523248640

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-05 18:14:17 +02:00
James Almer
b6c8444e23 avutil/buffer: separate public and internal flags inside AVBuffers
It's better to not mix user provided flags and internal flags set by
AVBufferRef helper functions.

Signed-off-by: James Almer <jamrial@gmail.com>
2020-06-05 10:07:05 -03:00
James Almer
f2ad89beff avutil/buffer: avutil/buffer: add a mention that some arguments from av_buffer_pool_init2() may be NULL
Signed-off-by: James Almer <jamrial@gmail.com>
2020-06-05 10:07:04 -03:00
James Almer
ec39c2276a avutil/buffer: use the default allocator if none is provided to av_buffer_pool_init2()
Signed-off-by: James Almer <jamrial@gmail.com>
2020-06-05 10:07:04 -03:00
Michael Niedermayer
7f817853cd avcodec/mv30: Fix multiple integer overflows in idct_1d()
Fixes: signed integer overflow: -4869937 * 473 cannot be represented in type 'int'
Fixes: 21934/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MV30_fuzzer-5667289925156864

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-04 23:58:49 +02:00
Michael Niedermayer
e73a251680 avcodec/mv30: Do not allow MVs outside the allocated image
Fixes: out of array read
Fixes: 21804/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MV30_fuzzer-5673678898724864

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-04 23:58:49 +02:00
Michael Niedermayer
c42ed06695 avcodec/wmalosslessdec: Fix integer overflow in mclms_predict()
Fixes: signed integer overflow: 2147483636 + 2048 cannot be represented in type 'int'
Fixes: 22016/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5109395618004992

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-04 23:58:49 +02:00
Michael Niedermayer
071e293723 avcodec/vp9dsp_template: Fix integer overflow(s) in iadst16_1d()
Fixes: signed integer overflow: 1080285923 - -1130879337 cannot be represented in type 'int'
Fixes: 22002/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP9_fuzzer-6260237310099456

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-04 23:58:49 +02:00
Michael Niedermayer
bafaf95116 avcodec/wavpack: Do not allow the sample format to change between channels
Fixes: out of array access
Fixes: 22692/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVPACK_fuzzer-5678686190960640

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: David Bryant <david@wavpack.com>
Tested-by: David Bryant <david@wavpack.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-04 23:09:07 +02:00
Michael Niedermayer
e34686d7ac avcodec/bitpacked: add missing comma to codec tags
Fixes: array end overread
Fixes: 22395/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BITPACKED_fuzzer-5760940300828672

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: James Darnley <james.darnley@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-04 19:22:29 +02:00
Samuel Foss
5bbd93c3ee avformat/utils: Find a fallback probe decoder that will also match a forced decoder's codec.
Prevent codecpar->codec_id from getting out of sync with the codec instantiated for probing.

Signed-off-by: Samuel Foss <sfoss@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-04 19:22:29 +02:00
Roman Arzumanyan
470bbf60d4 avcodec/nvenc: honor max bitrate in CQ mode
Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
2020-06-04 15:33:19 +02:00
Jun Zhao
0c79b73164 hwcontext_vulkan: fix make checkheaders fail
make checkheaders will get error as follow:
CC	libavutil/hwcontext_vulkan.h.o
In file included from libavutil/hwcontext_vulkan.h.c:1:
./libavutil/hwcontext_vulkan.h:130:23: error: ‘AV_NUM_DATA_POINTERS’ undeclared here (not in a function)
  130 |     void *alloc_pnext[AV_NUM_DATA_POINTERS];
      |                       ^~~~~~~~~~~~~~~~~~~~
./libavutil/hwcontext_vulkan.h:199:43: warning: ‘enum AVPixelFormat’ declared inside parameter list will not be visible outside of this definition or declaration

Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
2020-06-04 21:26:21 +08:00
James Almer
8e7b5ba80e avcodec/decode: actually propagate AVHWAccel.alloc_frame() return value
Finishes fixing the regression introduced in a1133db30e
after the partial fix in b6d6597bef.

Signed-off-by: James Almer <jamrial@gmail.com>
2020-06-04 09:58:27 -03:00
James Almer
821fda819a fate/vcodec: use the encoder private option for frame skip compare function
Stop using the deprecated global option

Signed-off-by: James Almer <jamrial@gmail.com>
2020-06-04 09:56:01 -03:00
Nicolas George
a45be55d5b lavf/tee: pass options to protocol.
Fix trac ticket #8705.
2020-06-04 10:52:42 +02:00
Wu Zhiwen
b6d7c4c1d4 dnn/native: fix typo for definition of DOT_INTERMEDIATE
Signed-off-by: Wu Zhiwen <zhiwen.wu@intel.com>
Reviewed-by: Guo Yejun <yejun.guo@intel.com>
2020-06-03 09:57:22 +08:00
Limin Wang
801c8a961a avcodec/ratecontrol: fix the integer overflow after long time run
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-03 06:57:50 +08:00
James Almer
6e1903938b avcodec/internal: move packet related functions to their own header
Signed-off-by: James Almer <jamrial@gmail.com>
2020-06-02 19:02:12 -03:00
Limin Wang
cca8f53a8e avformat/prompeg: av_dict_set() -> av_dict_set_int()
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-02 22:25:11 +08:00
Limin Wang
6e911898fc avformat/rtpproto: av_dict_set() -> av_dict_set_int()
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-02 22:25:11 +08:00