Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 18333/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_COMFORTNOISE_fuzzer-5668481831272448
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6014bcf1b7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The alloc_size attribute is valid only on functions that return a
pointer. GCC 9 (not yet released) warns about invalid usage:
./libavutil/mem.h:342:1: warning: 'alloc_size' attribute ignored on a function returning int' [-Wattributes]
342 | av_alloc_size(2, 3) int av_reallocp_array(void *ptr, size_t nmemb, size_t size);
| ^~~~~~~~~~~~~
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4361293fcf)
The function in case of n=0 would read more bytes than 0.
The end pointer could be beyond the allocated space, which
is undefined.
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6f0e9a8634)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Found-by: fate
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3cc3cb663b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit be0b77e6e8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 8521/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5639024952737792
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit aa41d322be)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 5567/clusterfuzz-testcase-minimized-5769966247739392
Fixes: runtime error: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ab6f571ef7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e34fe61bf4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6019d721d4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This avoids potential undefined behavior in debug mode while still allowing
developers which want to check for potential additional overflows to do so
by manually enabling this.
Reviewed-by: wm4
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a44b3abb4c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Add dxva2_pool_release_dummy() and use it in call to
av_buffer_create() in dxva2_pool_alloc().
Prior to this change, av_buffer_create() was called with NULL for the
third argument, which indicates that av_buffer_default_free() should
be used to free the buffer's data. Eventually, it gets to
buffer_pool_free() and calls buf->free() on a surface object (which is
av_buffer_default_free()).
This can result in a crash when the debug version of the C-runtime is
used on Windows. While it doesn't appear to result in a crash when
the release version of the C-runtime is used on Windows, it likely
results in memory corruption, since av_free() is being called on
memory that was allocated using
IDirectXVideoAccelerationService::CreateSurface().
Signed-off-by: Aaron Levinson <alevinsn@aracnet.com>
Reviewed-by: wm4 <nfxjfg@googlemail.com>
Reviewed-by: Steven Liu <lingjiujianke@gmail.com>
Reviewed-by: Mark Thompson <sw@jkqxz.net>
(cherry picked from commit 0c1c514643)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 277e397eb5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 1352/clusterfuzz-testcase-minimized-5757565017260032
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 35f3df0d76)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4614bf2caf)
(cherry picked from commit e8d4eacc07)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Also remove the redundant casts which were hiding the error here.
Fixes Ubuntu bug 1688735, reported by andysem.
(cherry picked from commit 7081620aca)
This should fix issues on BSD
CLOCKS_PER_SEC is 128 on BSD while SUSv2 requires it to be a million
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c4152fc42e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Tested-by: Thomas Turner <thomastdt@googlemail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit da73d95bad)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f542b152aa)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
floats are not necessarily normalized, so a normalized softfloat needs
MIN_EXP lowered by 23 to cover that range.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 2d6f46d801)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
This is similar to commit 9ac61e73d0.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 0edd569466)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
1.mmiutils.h defined MMI_ load/store macros for loongson2e/2f/3a
2.mmiutils.h defined some mmi assembly macors
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Thanks to Mathieu Malaterre <malat@debian.org> for reporting the
Que/Queue typo. (https://bugs.debian.org/839542)
Reviewed-by: Lou Logan <lou@lrcd.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
* commit 'fe498ef5144d3712b887f44a0c5e654add99ead7':
hwcontext_vaapi: Return all formats for constraints without config
Merged-by: Hendrik Leppkes <h.leppkes@gmail.com>
* commit '32c8359093d1ff4f45ed19518b449b3ac3769d27':
lavc: export the timestamps when decoding in AVFrame.pts
Merged-by: Hendrik Leppkes <h.leppkes@gmail.com>
This way, Doxygen is happier as aliases are now grouped together, and
it never handled #define's in an enum well in the first place.
Y400A already exists as an enum assignment.
Including this header in a C++11 program (inside extern "C") will
throw an error because it looks like a user-defined literal. Add a
space between the two tokens to avoid the problem.
memalign() is not guranteed to be compatible with free() or realloc()
and for platforms in this category we have --enable-memalign-hack
(which should be enabled automatically if such system is detected)
Trying to somehow half support systems that can free() memalign memory
but not reallocate it seems not worth the amount of work needed to
keep 2 then incompatible allocation systems and ensure their
seperation. That is unless this would affect a major platform
on which we want to avoid the memalign hack code
The warnings also cause wasted time and effort as people try
to maintain a separation that does not exist currently.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
