Commit Graph

98339 Commits

Author SHA1 Message Date
Michael Niedermayer
61d9bf514d avcodec/sonic: Fix several integer state overflows
Fixes: signed integer overflow: -234 * -14797801 cannot be represented in type 'int'
Fixes: 20492/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5695924975435776
Fixes: 22275/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5695924975435776

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-14 19:17:07 +02:00
Michael Niedermayer
75d520e337 avcodec/sonic: Fix several integer overflows
Fixes: signed integer overflow: 2129689466 + 2129689466 cannot be represented in type 'int'
Fixes: 20715/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5155263109922816

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-14 19:17:07 +02:00
Michael Niedermayer
70277f1232 avformat/oggdec: Disable mid stream codec changes
Fixes: 22082/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5688619118624768
Fixes: crash from V-codecs/Theora/theora_testsuite_broken/multi2.ogg

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Suggested-by: Lynne on IRC
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-14 18:34:59 +02:00
Michael Niedermayer
e53235f06c avcodec/mpeg4videodec: avoid invalid values and reinitialize in format changes for studio profile
Fixes: out of array access
Fixes: 23327/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5134822992510976

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-14 18:20:37 +02:00
Michael Niedermayer
bd0f81526d avcodec/pixlet: Fix log(0) check
Fixes: passing zero to clz(), which is not a valid argument
Fixes: 23337/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PIXLET_fuzzer-5179131989065728

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-14 18:20:37 +02:00
Michael Niedermayer
9b5fc789fb avformat/ape: Cleanup after ape_read_header() failure
Fixes: memleaks
Fixes: 23306/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5635436931448832

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-14 18:20:37 +02:00
Michael Niedermayer
51225dee0a avcodec/iff: Fix off by x error
Fixes: out of array access
Fixes: 23245/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5723121327013888.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-14 18:20:37 +02:00
Nelson Gomez
360be03b8a swscale: cosmetic fixes
Signed-off-by: Nelson Gomez <nelson.gomez@microsoft.com>
2020-06-14 16:34:07 +01:00
Nelson Gomez
bc01337db4 swscale/x86/output: add AVX2 version of yuv2nv12cX
256 bits is just wide enough to fit all the operands needed to vectorize
the software implementation, but AVX2 is needed to for a couple of
instructions like cross-lane permutation.

Output is bit-for-bit identical to C.

Signed-off-by: Nelson Gomez <nelson.gomez@microsoft.com>
2020-06-14 16:34:07 +01:00
Nelson Gomez
7c39c3c1a6 swscale: make yuv2interleavedX more asm-friendly
Extracting information from SwsContext in assembly is difficult, and
rearranging SwsContext just for asm access didn't look good. These
functions only need a couple of fields from it anyway, so just make
them parameters in their own right.

Signed-off-by: Nelson Gomez <nelson.gomez@microsoft.com>
2020-06-14 16:34:07 +01:00
Limin Wang
01be03a4a0 avcodec/smvjpegdec: remove uninitialized ret
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-14 21:54:40 +08:00
Limin Wang
9bb46cf100 avcodec/mpegvideo: remove extra space
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-14 21:54:40 +08:00
Limin Wang
67a07dc778 swscale/utils: return better error code from initFilter()
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-14 21:54:40 +08:00
Limin Wang
8efecc9063 swscale/utils: reindent
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-14 21:54:40 +08:00
David Holroyd
ffc1208266 lavf/prompeg: prompeg_write() must report data all was written
Previously, prompeg_write() would only report to caller that bytes we
written when a FEC packet was actually created.  Not all RTP packets are
expected to generate a FEC packet however, so this behavior was causing
avio to retry writing the RTP packet, eventually forcing the FEC state
machine to send a FEC packet erroneously (and so breaking out of the
retry loop).

This was resulting in incorrect FEC data being generated, and far too
many FEC packets to be sent (~100% FEC overhead).

fix #7863

Signed-off-by: David Holroyd <david.holroyd@m2amedia.tv>
2020-06-14 12:27:49 +08:00
Jun Zhao
0a0158e45d lavu/internal: Fix comment for avpriv_dict_set_timestamp
Fix comment for avpriv_dict_set_timestamp from b72a7b96f8

Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
2020-06-14 12:27:10 +08:00
Jun Zhao
ab9ff762c1 lavc/qsv: fix make checkheaders warning
make checkheaders will get warning as follow:

In file included from libavcodec/qsv_internal.h.c:1:
./libavcodec/qsv_internal.h:24:5: warning: "CONFIG_VAAPI" is not defined, evaluates to 0 [-Wundef]
   24 | #if CONFIG_VAAPI
      |     ^~~~~~~~~~~~

include "config.h" to fix the warning

Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
2020-06-14 12:26:51 +08:00
Paul B Mahol
416dc133b9 avformat/sccdec: move pos variables outside of loop
Ensures that sub->pos is always correct.
2020-06-13 12:26:00 +02:00
Paul B Mahol
0c2623d3aa avcodec/ccaption_dec: switch active screen in end of caption early
Fixes dropping of last caption.
2020-06-13 12:02:44 +02:00
Paul B Mahol
847d0b99de avcodec/ccaption_dec: remove unused arguments from function 2020-06-13 12:02:44 +02:00
Paul B Mahol
6995ea3506 avcodec/ccaption_dec: check for error codes 2020-06-13 12:02:44 +02:00
Limin Wang
2658680df4 avutil/internal: remove FF_ALLOCx{_ARRAY}_OR_GOTO macros
These functions have a terrible design, let us fix them before extending
them.
First design mistake: no error code. A helper function for testing
memory allocation failure where AVERROR(ENOMEM) does not appear is
absurd.

Second design mistake: printing a message. Return the error code, let
the caller print the error message.

Third design mistake: hard-coded use of goto.

http://ffmpeg.org/pipermail/ffmpeg-devel/2020-May/262544.html

Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-13 06:59:19 +08:00
Limin Wang
a408d03ee6 swscale/utils: remove FF_ALLOC_ARRAY_OR_GOTO macros
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-13 06:59:19 +08:00
Limin Wang
bdbe3f06a2 avcodec/alac: remove FF_ALLOC_OR_GOTO and gotos label
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-13 06:59:19 +08:00
Limin Wang
67de2d6a8c avcodec/mpegvideo_enc: remove FF_ALLOCZ_ARRAY_OR_GOTO and gotos lable
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-13 06:59:19 +08:00
Limin Wang
70ad0b27c1 avcodec/mpegpicture: remove FF_ALLOCZ_ARRAY_OR_GOTO and gotos label
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-13 06:59:19 +08:00
Limin Wang
734e6a81b6 avcodec/mpegvideo: remove FF_ALLOCZ_ARRAY_OR_GOTO and gotos label
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-13 06:59:19 +08:00
Limin Wang
d3b2961200 avcodec/mpegvideo: simplify check for av_frame_alloc
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-13 06:59:19 +08:00
Limin Wang
44863b2c2d avcodec/iirfilter: remove FF_ALLOCZ_OR_GOTO and gotos label
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-13 06:59:19 +08:00
Limin Wang
ebf2a8abdf avcodec/aacenc: remove FF_ALLOCZ_ARRAY_OR_GOTO and gotos label
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-13 06:59:19 +08:00
Limin Wang
e6628ac8ff avcodec/ac3enc_template: remove FF_ALLOC_ARRAY_OR_GOTO and gotos label
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-13 06:59:19 +08:00
Limin Wang
861b20aa95 avcodec/ac3enc: remove FF_ALLOCZ_ARRAY_OR_GOTO and gotos label
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-13 06:59:19 +08:00
Limin Wang
d5d00cb516 avcodec/snow: remove FF_ALLOCZ_ARRAY_OR_GOTO and gotos label
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-13 06:59:19 +08:00
Limin Wang
479c89aa2e avcodec/dnxhdenc: remove FF_ALLOCZ_ARRAY_OR_GOTO and gotos label
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-13 06:59:19 +08:00
Limin Wang
afaaf27fc4 avcodec/twinvq: remove FF_ALLOCZ_ARRAY_OR_GOTO and gotos label
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-13 06:59:19 +08:00
Limin Wang
8a8802e9cb avcodec/apedec: remove FF_ALLOC_OR_GOTO and gotos lable
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-13 06:59:18 +08:00
Limin Wang
4b2863ff01 avcodec: add FF_CODEC_CAP_INIT_CLEANUP for all codecs which use ff_mpv_common_init()
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-13 06:59:18 +08:00
Limin Wang
42a3850360 avcodec/alac: Add FF_CODEC_CAP_INIT_CLEANUP
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-13 06:59:18 +08:00
Limin Wang
17e88bf0df avcodec/aacenc: add FF_CODEC_CAP_INIT_CLEANUP
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-13 06:59:18 +08:00
Limin Wang
ee726e777b avcodec/ac3enc: add FF_CODEC_CAP_INIT_CLEANUP
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-13 06:59:18 +08:00
Limin Wang
61454bb6ff avcodec/apedec: add FF_CODEC_CAP_INIT_CLEANUP
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-13 06:59:18 +08:00
Limin Wang
3240121509 avcodec/adpcmenc: remove FF_ALLOC_OR_GOTO macros and gotos lable
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-13 06:59:18 +08:00
Limin Wang
0a1dc81723 avcodec/h264dec: remove FF_ALLOCZ_ARRAY_OR_GOTO and gotos lable
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-13 06:59:18 +08:00
Limin Wang
d6cdedee4c avcodec/h264dec: store count of the tables into const variable for long lines
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-13 06:59:18 +08:00
Limin Wang
96cc392a17 avcodec/h264dec: cosmetics
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-06-13 06:59:18 +08:00
Michael Niedermayer
314d10f7a6 avcodec/wmalosslessdec: Check block_align maximum
Fixes: Assertion failure
Fixes: 22737/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5958388889681920

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-13 00:43:09 +02:00
Michael Niedermayer
aa88cdfd90 avcodec/loco: Fix signed integer overflow in loco_get_rice()
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 22975/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5658160970072064

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-13 00:43:09 +02:00
Michael Niedermayer
0e15b01b4e avformat/thp: Check fps
Fixes: division by zero
Fixes: 23162/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4856420817436672

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-13 00:43:09 +02:00
Michael Niedermayer
9a42a67c5c avformat/mpl2dec: Fix integer overflow with duration
Fixes: signed integer overflow: 9223372036854775807 - -1 cannot be represented in type 'long'
Fixes: 23167/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6425051741290496

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-13 00:43:09 +02:00
Michael Niedermayer
49ba60fed0 avcodec/cbs: Allocate more CodedBitstreamUnit at once in cbs_insert_unit()
Fixes: Timeout (85sec -> 0.5sec)
Fixes: 20791/clusterfuzz-testcase-minimized-ffmpeg_BSF_AV1_FRAME_SPLIT_fuzzer-5659537719951360
Fixes: 21214/clusterfuzz-testcase-minimized-ffmpeg_BSF_MPEG2_METADATA_fuzzer-5165560875974656
Fixes: 21247/clusterfuzz-testcase-minimized-ffmpeg_BSF_H264_METADATA_fuzzer-5715175257931776

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-13 00:43:09 +02:00