Anton Khirnov
1e413487bf
fftools/ffmpeg: avoid possible invalid reads with short -tag values
...
Fixes #10319 and #10309 .
Based on 89c9a3ac35
2023-04-17 12:20:12 +02:00
James Almer
c36f69d7e3
avcodec/mp_cmp: reject invalid comparison function values
...
Fixes tickets #10306 and #10318 .
Signed-off-by: James Almer <jamrial@gmail.com >
(cherry picked from commit 7c6e26a184
2023-04-16 11:39:13 -03:00
James Almer
58912f665b
avcodec/aacpsy: clip global_quality within the psy_vbr_map array boundaries
...
Fixes ticket #10317 .
Signed-off-by: James Almer <jamrial@gmail.com >
(cherry picked from commit 5cda6b94f4
2023-04-16 11:39:13 -03:00
James Almer
ded3989a65
avutil/wchar_filename: propagate MultiByteToWideChar() and WideCharToMultiByte() failures
...
Don't return success if the string could not be converted.
Signed-off-by: James Almer <jamrial@gmail.com >
(cherry picked from commit 92885f2681
2023-04-16 11:39:13 -03:00
James Almer
796daf929a
avformat/concatf: check if any nodes were allocated
...
Fixes ticket #10304
Signed-off-by: James Almer <jamrial@gmail.com >
(cherry picked from commit 19c2dc677f
2023-04-16 11:39:13 -03:00
Kyle Manning
0028275216
avcodec/nvenc: fix b-frame DTS behavior with fractional framerates
...
When using fractional framerates (or any fraction with a numerator != 1),
DTS values for packets would be calculated incorrectly.
Signed-off-by: Kyle Manning <tt2468@irltoolkit.com >
Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org >
2023-04-03 12:05:15 +02:00
Michael Niedermayer
963937e408
Changelog: update
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2023-03-26 15:30:31 +02:00
Michael Niedermayer
037c7a2eac
avcodec/tests/snowenc: Fix 2nd test
...
(cherry picked from commit 163013c724michael@niedermayer.cc >
2023-03-26 15:30:31 +02:00
Michael Niedermayer
06dfb4fef2
avcodec/tests/snowenc: return a failure if DWT/IDWT mismatches
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 771c266c0bmichael@niedermayer.cc >
2023-03-26 15:30:31 +02:00
Michael Niedermayer
28b03ac192
avcodec/snowenc: Fix visual weight calculation
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 5b5fcadea0michael@niedermayer.cc >
2023-03-26 15:30:30 +02:00
Michael Niedermayer
29412c75eb
avcodec/tests/snowenc: unbreak DWT tests
...
the IDWT data type mismatched current code
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 8b3351bbeamichael@niedermayer.cc >
2023-03-26 15:30:30 +02:00
James Almer
3553421888
avfilter/vf_untile: swap the chroma shift values used for plane offsets
...
Fixes ticket #10265
Signed-off-by: James Almer <jamrial@gmail.com >
(cherry picked from commit dc61d5cf19
2023-03-16 17:07:03 -03:00
Michael Niedermayer
643318bba2
update for 5.1.3
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2023-03-16 14:53:52 +01:00
Michael Niedermayer
43ea18703c
avcodec/mpeg12dec: Check input size
...
Fixes: Timeout
Fixes: 53599/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IPU_fuzzer-4950102511058944
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7c130d6911michael@niedermayer.cc >
2023-03-16 14:48:41 +01:00
Michael Niedermayer
405bfbd873
avcodec/escape124: Fix some return codes
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 98df605f7amichael@niedermayer.cc >
2023-03-16 14:48:41 +01:00
Michael Niedermayer
0dca540766
avcodec/escape124: fix signdness of end of input check
...
Fixes: Timeout
Fixes: 56561/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ESCAPE124_fuzzer-5560363635834880
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 87ad0a5dd7michael@niedermayer.cc >
2023-03-16 14:48:41 +01:00
Michael Niedermayer
75ece79ff4
Use https for repository links
...
Reviewed-by: Stefano Sabatini <stefasab@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 011f30fc82michael@niedermayer.cc >
2023-03-16 14:48:40 +01:00
Paul B Mahol
7c234248f8
avcodec/rpzaenc: stop accessing out of bounds frame
...
(cherry picked from commit 92f9b28ed8michael@niedermayer.cc >
2023-03-16 14:48:40 +01:00
Paul B Mahol
9886e4c3b0
avcodec/smcenc: stop accessing out of bounds frame
...
(cherry picked from commit 13c1310975michael@niedermayer.cc >
2023-03-16 14:48:40 +01:00
Michael Niedermayer
0b6c4936dd
avcodec/motionpixels: Mask pixels to valid values
...
Fixes: out of array access
Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOTIONPIXELS_fuzzer-6724203352555520
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ac6eec1fc2michael@niedermayer.cc >
2023-03-16 14:48:39 +01:00
Michael Niedermayer
fbe44d7a82
avcodec/xpmdec: Check size before allocation to avoid truncation
...
Fixes:OOM
Fixes:out of array access (no testcase)
Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XPM_fuzzer-6573323838685184
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 95f0f84daemichael@niedermayer.cc >
2023-03-16 14:48:39 +01:00
Michael Niedermayer
e1b1ead9e3
avcodec/bink: Avoid undefined out of array end pointers in binkb_decode_plane()
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ea9deafd3bmichael@niedermayer.cc >
2023-03-16 14:48:39 +01:00
Michael Niedermayer
2d6c2b6dc2
avcodec/bink: Fix off by 1 error in ref end
...
Fixes: out of array access
Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-6657932926517248
Alterantivly to this it is possibly to allocate a bigger array
Note: oss-fuzz assigned this issue to a unrelated theora bug so the bug number matches that
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 49487045ddmichael@niedermayer.cc >
2023-03-16 14:48:38 +01:00
Michael Niedermayer
44c1e6ed2c
avcodec/utils: Ensure linesize for SVQ3
...
Fixes: Assertion block_w * sizeof(uint8_t) <= ((buf_linesize) >= 0 ? (buf_linesize) : (-(buf_linesize))
Fixes: 54861/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SVQ3_fuzzer-5352418248622080
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4eef658ca5michael@niedermayer.cc >
2023-03-16 14:48:38 +01:00
Michael Niedermayer
86a50643ab
avcodec/utils: allocate a line more for VC1 and WMV3
...
Fixes: out of array read on 32bit
Fixes: 54857/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1_fuzzer-5840588224462848
The chroma MC code reads over the currently allocated frame.
Alternative fixes would be allocating a few bytes more at the end instead of a whole
line extra or to adjust the threshold where the edge emu code is activated
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 01636a63d4michael@niedermayer.cc >
2023-03-16 14:48:38 +01:00
Michael Niedermayer
ac3e0e7beb
avcodec/videodsp_template: Adjust pointers to avoid undefined pointer things
...
Fixes: subtraction of unsigned offset from 0xf6602770 overflowed to 0xf6638c80
Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THEORA_fuzzer-495074400600064
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f0150cd41cmichael@niedermayer.cc >
2023-03-16 14:48:37 +01:00
Michael Niedermayer
ce0bb67b1f
avcodec/pngdec: dont skip/read chunk twice
...
Fixes: out of array access
Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PNG_fuzzer-6668158952144896.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit df1a38d520michael@niedermayer.cc >
2023-03-16 14:48:37 +01:00
Michael Niedermayer
365203e99e
avcodec/pngdec: Check deloco index more exactly
...
Fixes: out of array access:
Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PNG_fuzzer-6716193709096960
Alternatively it should be possible to limit this to 3 plane RGB 8 /16bit to ensure the size is what it should be
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit d5bae70406michael@niedermayer.cc >
2023-03-16 14:48:37 +01:00
Michael Niedermayer
14446f1831
avcodec/ffv1dec: Check that num h/v slices is supported
...
Fixes: out of array access
Fixes: 55597/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFV1_fuzzer-4898293416329216
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 8ead0ae68emichael@niedermayer.cc >
2023-03-16 14:48:36 +01:00
Michael Niedermayer
fa22608c46
avformat/mov: Check samplesize and offset to avoid integer overflow
...
Fixes: signed integer overflow: 9223372036854775584 + 536870912 cannot be represented in type 'long'
Fixes: 55844/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-510613920664780
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 53c1f5c2e2michael@niedermayer.cc >
2023-03-16 14:48:36 +01:00
Kacper Michajłow
52d055b34d
lavu/vulkan: fix handle type for 32-bit targets
...
Fixes compilation with clang which errors out on Wint-conversion.
Signed-off-by: Kacper Michajłow <kasper93@gmail.com >
Signed-off-by: Martin Storsjö <martin@martin.st >
(cherry picked from commit cc76e8340dmartin@martin.st >
2023-03-09 13:56:17 +02:00
Martin Storsjö
b7df1d2913
vulkan: Fix win/i386 calling convention
...
This fixes the following error when compiling with a modern
version of Clang for Windows/i386:
src/libavutil/hwcontext_vulkan.c:738:32: error: incompatible function pointer types initializing 'PFN_vkDebugUtilsMessengerCallbackEXT' (aka 'unsigned int (*)(enum VkDebugUtilsMessageSeverityFlagBitsEXT, unsigned int, const struct VkDebugUtilsMessengerCallbackDataEXT *, void *) __attribute__((stdcall))') with an expression of type 'VkBool32 (VkDebugUtilsMessageSeverityFlagBitsEXT, VkDebugUtilsMessageTypeFlagsEXT, const VkDebugUtilsMessengerCallbackDataEXT *, void *)' (aka 'unsigned int (enum VkDebugUtilsMessageSeverityFlagBitsEXT, unsigned int, const struct VkDebugUtilsMessengerCallbackDataEXT *, void *)') [-Wincompatible-function-pointer-types]
.pfnUserCallback = vk_dbg_callback,
^~~~~~~~~~~~~~~
Signed-off-by: Martin Storsjö <martin@martin.st >
(cherry picked from commit f9620d74cdmartin@martin.st >
2023-03-09 13:56:12 +02:00
Michael Niedermayer
2953c6381a
avcodec/pictordec: Remove mid exit branch
...
This causes the RLE decoder to exit before applying the last RLE run
All images i tested with are unchanged, this makes the special case
for handling the last run unused for non truncated images.
Reviewed-by: Peter Ross <pross@xvid.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 88f0e05c72michael@niedermayer.cc >
2023-02-22 19:49:17 +01:00
Michael Niedermayer
9057d34748
avcodec/eac3dec: avoid float noise in fixed mode addition to overflow
...
Fixes: 2.28595e+09 is outside the range of representable values of type 'int'
Fixes: 54644/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AC3_FIXED_fuzzer-4816961584627712
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2f48d227c1michael@niedermayer.cc >
2023-02-22 19:48:31 +01:00
Michael Niedermayer
af6919486b
avcodec/utils: use 32pixel alignment for bink
...
bink supports 16x16 blocks in chroma planes thus we need to allocate enough.
Fixes: out of array access
Fixes: 55026/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-6013915371012096
Reviewed-by: Peter Ross <pross@xvid.org >
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit b95b2c8492michael@niedermayer.cc >
2023-02-22 01:03:30 +01:00
Michael Niedermayer
14da78a8c1
avcodec/scpr3: Check bx
...
Fixes: Out of array access
Fixes: 55102/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-4877396618903552
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit cc7e984a05michael@niedermayer.cc >
2023-02-22 01:02:57 +01:00
Michael Niedermayer
2e9faba7c7
avcodec/012v: Order operations for odd size handling
...
Fixes: out of array access
Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ZERO12V_fuzzer-6714182078955520.fuzz
Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ZERO12V_fuzzer-6698145212137472.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4d42d82563michael@niedermayer.cc >
2023-02-22 01:02:11 +01:00
Michael Niedermayer
a34fe535e4
avcodec/eatgq: : Check index increments in tgq_decode_block()
...
Fixes: out of array access
Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EATGQ_fuzzer-6743211456724992
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e7755b433emichael@niedermayer.cc >
2023-02-22 00:42:22 +01:00
Michael Niedermayer
d78fe4d3fb
avcodec/h274: fix include
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 379e43e6ecmichael@niedermayer.cc >
2023-02-22 00:32:19 +01:00
Michael Niedermayer
7e211d001f
avcodec/scpr: Test bx before use
...
Fixes: out of array access on 32bit
Fixes: 54850/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-5302669294305280
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1b59de3770michael@niedermayer.cc >
2023-02-22 00:10:15 +01:00
Michael Niedermayer
87e6221d53
avformat/mxfdec: Use 64bit in remainder
...
Fixes: signed integer overflow: 48000 * 223587 cannot be represented in type 'int'
Fixes: 54513/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5817594836025344
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Tomas Härdin <git@haerdin.se >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 64a04fc165michael@niedermayer.cc >
2023-02-22 00:03:43 +01:00
Michael Niedermayer
8f4e355416
avcodec/sunrast: Fix maplength check
...
Fixes: out of bounds read
Found-by: Ibrahim Mohamed <ielsayed@meta.com >
Reviewed-by; Ibrahim Mohamed <ielsayed@meta.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f8a2a65078michael@niedermayer.cc >
2023-02-21 23:53:32 +01:00
Michael Niedermayer
194a9429b2
avcodec/wavpack: Avoid undefined shift in get_tail()
...
Fixes: left shift of 1208485947 by 1 places cannot be represented in type 'int'
Fixes: 54058/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVPACK_fuzzer-5827521084260352
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 8374a747afmichael@niedermayer.cc >
2023-02-21 23:43:56 +01:00
Michael Niedermayer
7d2360f8d6
avcodec/wavpack: Check for end of input in wv_unpack_dsd_high()
...
Fixes: Timeout
Fixes: 50793/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVPACK_fuzzer-4980185027444736
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 6ad7403bcemichael@niedermayer.cc >
2023-02-21 23:41:55 +01:00
Michael Niedermayer
3aee1b1ec3
avformat/id3v2: Check taglen in read_uslt()
...
Fixes: Timeout (read mostly the same data repeatly)
Fixes: 52457/clusterfuzz-testcase-minimized-ffmpeg_dem_ALP_fuzzer-6610706313379840
Fixes: 53098/clusterfuzz-testcase-minimized-ffmpeg_dem_SOL_fuzzer-6481382981632000
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a798af91d7michael@niedermayer.cc >
2023-02-21 23:37:11 +01:00
Michael Niedermayer
46a1e9e386
avcodec/tiff: Ignore tile_count
...
Fixes: out of array access
Fixes: 52427/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4849108968144896
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 65ce417828michael@niedermayer.cc >
2023-02-21 23:36:26 +01:00
Michael Niedermayer
16b8de719e
avcodec/ffv1dec: restructure slice coordinate reading a bit
...
Fixes: signed integer overflow: -1094995528 * 8224 cannot be represented in type 'int'
Fixes: 53508/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFV1_fuzzer-474551033462784
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 74b6ac7ebbmichael@niedermayer.cc >
2023-02-21 23:30:42 +01:00
Michael Niedermayer
7c5b975f6f
avcodec/mlpdec: Check max matrix instead of max channel in noise check
...
This is a regression since: adaa06581chttps://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit aa79560de5michael@niedermayer.cc >
2023-02-21 00:41:57 +01:00
Michael Niedermayer
c1780eeccf
avutil/tx: Use unsigned in ff_tx_fft_sr_combine() to avoid undefined behavior
...
Fixes: signed integer overflow: -1284837070 - 982101618 cannot be represented in type 'int'
Fixes: 53105/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AC3_FIXED_fuzzer-4848015827664896
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7792825ad6michael@niedermayer.cc >
2023-02-21 00:41:29 +01:00
Michael Niedermayer
f291b241a3
swscale/input: Use more unsigned intermediates
...
Same principle as previous commit, with sufficiently huge rgb2yuv table
values this produces wrong results and undefined behavior.
The unsigned produces the same incorrect results. That is probably
ok as these cases with huge values seem not to occur in any real
use case.
Fixes: signed integer overflow
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ba209e3d51michael@niedermayer.cc >
2023-02-21 00:37:06 +01:00
