Michael Niedermayer
137c998b48
avcodec/h264_slice: Check input SPS in ff_h264_update_thread_context()
...
Fixes: crash
Fixes: check_pkt.mp4
Found-by: Rafael Dutra <rafael.dutra@cispa.de >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ceae92cb29michael@niedermayer.cc >
2021-04-01 11:38:44 +02:00
Michael Niedermayer
d416d7f061
avcodec/mpegpicture: Keep ff_mpeg_framesize_alloc() failure state consistent
...
Fixes: null pointer dereference
Fixes: ff_put_pixels16_sse2.mp4
Found-by: Rafael Dutra <rafael.dutra@cispa.de >
Regression-since: 4b2863ff01michael@niedermayer.cc >
(cherry picked from commit 76cea1d2cemichael@niedermayer.cc >
2021-04-01 11:38:44 +02:00
Michael Niedermayer
807b703a48
avformat/mpc8: check for size overflow in mpc8_get_chunk_header()
...
Fixes: signed integer overflow: -9223372036854775760 - 50 cannot be represented in type 'long'
Fixes: 31673/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-580134751869337
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 6cc65d3d67michael@niedermayer.cc >
2021-04-01 11:38:44 +02:00
Michael Niedermayer
5978b8bd9c
avformat/mov: Do not zero memory that is written too or unused
...
Fixes: OOM
Fixes: 31220/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6033383962574848
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c1fe1114bcmichael@niedermayer.cc >
2021-04-01 11:38:44 +02:00
Michael Niedermayer
ac0e9506d0
avcodec/mpegvideo: Update chroma_?_shift in ff_mpv_common_frame_size_change()
...
Fixes: out of array access
Fixes: 31201/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-4627865612189696.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 87d87e6587michael@niedermayer.cc >
2021-04-01 11:38:44 +02:00
Michael Niedermayer
be3225153e
avformat/mov: Ignore multiple STSC / STCO
...
Fixes: STSC / STCO inconsistency and assertion failure
Fixes: crbug1184666.mp4
Found-by: Chromium ASAN fuzzer
Reviewed-by: Matt Wolenetz <wolenetz@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2611d20d35michael@niedermayer.cc >
2021-04-01 11:38:44 +02:00
Michael Niedermayer
9b25cf8b06
avformat/utils: Extend overflow check in dts wrap in compute_pkt_fields()
...
Fixes: signed integer overflow: -9223372032574480351 - 4294967296 cannot be represented in type 'long long'
Fixes: 30022/clusterfuzz-testcase-minimized-ffmpeg_dem_KUX_fuzzer-5568610275819520
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit b37ff29e0emichael@niedermayer.cc >
2021-04-01 11:38:44 +02:00
Michael Niedermayer
f8fc6416b2
avfilter/vf_scale: Fix adding 0 to NULL (which is UB) in scale_slice()
...
Found-by: Jeremy Leconte <jleconte@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1cf96ce269michael@niedermayer.cc >
2021-04-01 11:38:44 +02:00
Michael Niedermayer
18bcfa81fc
avutil/common: Add FF_PTR_ADD()
...
Suggested-by: Andreas Rheinhardt
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 522a5259e9michael@niedermayer.cc >
2021-04-01 11:38:44 +02:00
Michael Niedermayer
8c99a06c5c
avcodec/setts_bsf: Check timebase
...
Fixes: Division by 0
Fixes: 30952/clusterfuzz-testcase-minimized-ffmpeg_BSF_SETTS_fuzzer-6601016202100736
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7fc8ba9068michael@niedermayer.cc >
2021-04-01 11:38:44 +02:00
Michael Niedermayer
9179ab9227
avformat/wtvdec: Check size in SBE2_STREAM_DESC_EVENT / stream2_guid
...
Fixes: signed integer overflow: 539033600 - -1910497124 cannot be represented in type 'int'
Fixes: 30928/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-5922630966312960
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1f74661543michael@niedermayer.cc >
2021-04-01 11:38:44 +02:00
Michael Niedermayer
6ef700dfb0
avformat/utils: Fix integer overflow with duration_gcd in ff_rfps_calculate()
...
Fixes: signed integer overflow: 136323327 * 281474976710656 cannot be represented in type 'long'
Fixes: 30913/clusterfuzz-testcase-minimized-ffmpeg_dem_IVF_fuzzer-5753392189931520
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 6dc6e1cce0michael@niedermayer.cc >
2021-04-01 11:38:44 +02:00
Michael Niedermayer
72a03b3c06
tools/target_dec_fuzzer: Adjust threshold for H264
...
Fixes: Timeout (too long -> 3sec)
Fixes: 28047/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-4662727980875776
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 46c4f39307michael@niedermayer.cc >
2021-04-01 11:38:44 +02:00
Michael Niedermayer
ee059d8ef8
avformat/cafdec: Do not build an index if all packets are the same
...
Fixes: Timeout
Fixes: 28214/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6495999421579264
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ea12590c8emichael@niedermayer.cc >
2021-04-01 11:38:44 +02:00
Michael Niedermayer
419f62c902
avformat/vividas: Use equals check with n in read_sb_block()
...
Fixes: OOM
Fixes: 27780/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-5097985075314688
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e44214a824michael@niedermayer.cc >
2021-04-01 11:38:44 +02:00
Michael Niedermayer
59c05f51d5
avcodec/sonic: Use unsigned temporary in predictor_calc_error()
...
Fixes: signed integer overflow: -2147471366 - 18638 cannot be represented in type 'int'
Fixes: 30157/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5171199746506752
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 075d793ba8michael@niedermayer.cc >
2021-04-01 11:38:44 +02:00
Michael Niedermayer
79ff380da7
avformat/jacosubdec: Use 64bit intermediate for start/end timestamp shift
...
Fixes: signed integer overflow: -1957694447 + -1620425806 cannot be represented in type 'int'
Fixes: 30207/clusterfuzz-testcase-minimized-ffmpeg_dem_JACOSUB_fuzzer-5050791771635712
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2c477be08amichael@niedermayer.cc >
2021-04-01 11:38:44 +02:00
Michael Niedermayer
81178db83b
avformat/flvdec: Check array entry number
...
Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
Fixes: 30209/clusterfuzz-testcase-minimized-ffmpeg_dem_FLV_fuzzer-5724831658147840
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit b5d8fe1c87michael@niedermayer.cc >
2021-04-01 11:38:44 +02:00
Michael Niedermayer
039ecef275
avcodec/h264_slice: Check sps in h264_slice_header_init()
...
Fixes: null pointer dereference
Fixes: h264_slice_header_init.mp4
Found-by: Rafael Dutra <rafael.dutra@cispa.de >
Tested-by: Rafael Dutra <rafael.dutra@cispa.de >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 8047243899michael@niedermayer.cc >
2021-04-01 11:38:44 +02:00
Michael Niedermayer
c5a61adcca
avformat/movenc: Avoid loosing cluster array on failure
...
Fixes: crash
Fixes: check_pkt.mp4
Found-by: Rafael Dutra <rafael.dutra@cispa.de >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 5c2ff44f91michael@niedermayer.cc >
2021-04-01 11:38:44 +02:00
Michael Niedermayer
095f50e06e
avformat/avidec: Check for dv streams before using priv_data in parse ##dc/##wb
...
Fixes: null pointer dereference
Fixes: 31588/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-6165716135968768
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f733688d30michael@niedermayer.cc >
2021-04-01 11:38:44 +02:00
Michael Niedermayer
2af5b3fa08
avformat/mov: Check sample size for overflow in mov_parse_stsd_audio()
...
Fixes: signed integer overflow: 2 * 1914708000 cannot be represented in type 'int'
Fixes: 31639/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6303428239294464
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit d35677736amichael@niedermayer.cc >
2021-04-01 11:38:44 +02:00
Michael Niedermayer
5d1e309e67
avcodec/sga: Check for array end in lzss_decompress()
...
Fixes: out of array access
Fixes: 31640/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SGA_fuzzer-5630883286614016
Fixes: 31619/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SGA_fuzzer-5176667708456960
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e8bd34fe4fmichael@niedermayer.cc >
2021-04-01 11:38:44 +02:00
Michael Niedermayer
9a3e525b7c
avformat/sbgdec: Check for overflow in last loop in expand_timestamps()
...
Fixes: signed integer overflow: 9223372036854775807 + 86400000000 cannot be represented in type 'long'
Fixes: 31003/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6256298771480576
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f44068db1emichael@niedermayer.cc >
2021-04-01 11:38:44 +02:00
Michael Niedermayer
e42efdce95
avcodec/ffwavesynth: Avoid signed integer overflow in phi_at()
...
Fixes: signed integer overflow: 2314885530818453536 - -9070214327174160352 cannot be represented in type 'long'
Fixes: 31000/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-6558389742206976
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit be08b84f8bmichael@niedermayer.cc >
2021-04-01 11:38:44 +02:00
Gyan Doshi
b26c6df919
rtpenc_mpegts: add AVClass to the muxer context
2021-04-01 09:36:26 +05:30
Gyan Doshi
7a74129fa9
avformat/rtpenc_mpegts: stop leaks
...
Fixes CID 1474460 & 1474461
2021-03-28 15:55:41 +05:30
Gyan Doshi
fd80c0b95f
avformat/rtpenc_mpegts: convey options for rtp muxer
...
Cherry-picked 2c806aa2b4
2021-03-26 14:44:31 +05:30
Gyan Doshi
a6dc1e84d2
avformat/rtpenc_mpegts: relay streamid to mpegts muxer streams.
...
Cherry-picked 325bb04188
2021-03-26 14:44:06 +05:30
Gyan Doshi
390b6f0cba
avformat/rtpenc_mpegts: convey options for mpeg-ts muxer
...
Fixes #5239
Cherry-picked affe911c65
2021-03-26 14:43:40 +05:30
Gyan Doshi
72389f7916
avformat/rtp_mpegts: typedef MuxChain struct
...
Cherry-picked 75fd3e1519
2021-03-26 14:43:08 +05:30
Gyan Doshi
9315b45dd2
configure: select child muxers for rtp_mpegts
...
Cherry-picked 36a5ae619a
2021-03-26 14:42:34 +05:30
Zane van Iperen
df9fbc442d
avformat/pp_bnk: allow seeking to start
...
Allows "ffplay -loop" to work.
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com >
(cherry picked from commit 64fb63411d
2021-03-25 16:34:42 +10:00
Zane van Iperen
2fd48331d5
avformat/alp: allow seeking to start
...
Allows "ffplay -loop" to work.
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com >
(cherry picked from commit ea9732c5d6
2021-03-25 16:34:42 +10:00
Zane van Iperen
a98413afb9
avformat/kvag: allow seeking to start
...
Allows "ffplay -loop" to work.
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com >
(cherry picked from commit 3cc4a140ef
2021-03-25 16:34:41 +10:00
Zane van Iperen
0cfea0581b
avcodec/adpcm_ima_cunning: reset state on flush
...
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com >
(cherry picked from commit e550667f61
2021-03-25 16:34:41 +10:00
Zane van Iperen
0d00e151d1
avcodec/adpcm_ima_alp: reset state on flush
...
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com >
(cherry picked from commit 257d9f91fc
2021-03-25 16:34:41 +10:00
Zane van Iperen
990bccfad6
avcodec/adpcm_ima_ssi: reset state on flush
...
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com >
(cherry picked from commit ff7bbd6d88
2021-03-25 16:34:40 +10:00
Zane van Iperen
f0169e9d58
avcodec/adpcm_argo: reset state on flush
...
Commit 003b5c800fzane@zanevaniperen.com >
(cherry picked from commit 660c14a9b9
2021-03-25 16:34:40 +10:00
Zane van Iperen
2057068495
avcodec/adpcm_aica: reset state in flush callback
...
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com >
(cherry picked from commit efb58ec8f9
2021-03-25 16:34:40 +10:00
Zane van Iperen
0b9d7b6f8d
avcodec/adpcm_zork: reset state in flush callback
...
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com >
(cherry picked from commit 95280cf3e7
2021-03-25 16:34:39 +10:00
Zane van Iperen
ebe065c177
avcodec/adpcm: add comment to has_status field
...
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com >
(cherry picked from commit 55a50885b9
2021-03-25 16:34:39 +10:00
nyanmisaka
5f2018c490
avfilter/overlay_cuda: fix framesync with embedded PGS subtitle
...
Signed-off-by: nyanmisaka <nst799610810@gmail.com >
2021-03-25 04:36:41 +01:00
nyanmisaka
3d79b9357d
avfilter/hwupload_cuda: add YUVA420P format support
...
Signed-off-by: nyanmisaka <nst799610810@gmail.com >
Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org >
2021-03-25 04:36:39 +01:00
James Almer
0be265e9a1
Revert "lavf: move AVStream.*index_entries* to AVStreamInternal"
...
This reverts commit cea7c19cda
2021-03-23 14:09:27 -03:00
Andreas Rheinhardt
5996184bea
avcodec/put_bits: Restore x64 ABI compatibility with releases <= 4.3
...
88d80cb97588d80cb9jamrial@gmail.com >
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com >
2021-03-23 01:21:29 +01:00
Andreas Rheinhardt
16af5236ae
avcodec/avcodec: Sanitize options before using them
...
This is how it is supposed to happen, yet when using frame threading,
the codec's init function has been called before preinit. This can lead
to crashes when e.g. using unsupported lowres values for decoders
together with frame threading.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com >
(cherry picked from commit 746796ceb4
2021-03-22 08:39:02 +01:00
Andreas Rheinhardt
2b114adcf4
avcodec/parser: Don't return pointer to stack buffer
...
When flushing, the parser receives a dummy buffer with padding
that lives on the stack of av_parser_parse2(). Certain parsers
(e.g. Dolby E) only analyze the input, but don't repack it. When
flushing, such parsers return a pointer to the stack buffer and
a size of 0. And this is also what av_parser_parse2() returns.
Fix this by always resetting poutbuf in case poutbuf_size is zero.
Reviewed-by: James Almer <jamrial@gmail.com >
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com >
(cherry picked from commit 9faf3f8bb0
2021-03-22 08:17:33 +01:00
Andreas Rheinhardt
2a5c577ef3
avformat/pp_bnk: Fix memleaks when reading non-stereo tracks
...
Commit 6973df1122zane@zanevaniperen.com >
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com >
(cherry picked from commit 8a73313412
2021-03-22 08:17:10 +01:00
Derek Buitenhuis
8f099e3a67
FATE: Add test for probing MOV/MP4 files with extended box sizes
...
The test sample has to have no file extension, otherwise probing
happens to work, based off file extension alone, and we want to
test the actual probing function.
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com >
(cherry picked from commit e668c55649
2021-03-21 23:22:06 -03:00
