OSDN Git Service
Tyler Jones [Tue, 30 May 2017 17:28:04 +0000 (11:28 -0600)]
avcodec/vorbisenc: Include bufqueue and afqueue
Tyler Jones [Tue, 30 May 2017 15:14:36 +0000 (09:14 -0600)]
avcodec/vorbisenc: Use fdsp for applying windows
Using fdsp improves readability and allows using architecture-specific
optimizations.
Signed-off-by: Tyler Jones <tdjones879@gmail.com>
Tyler Jones [Tue, 30 May 2017 15:14:17 +0000 (09:14 -0600)]
avcodec/vorbisenc: Include fdsp
Signed-off-by: Tyler Jones <tdjones879@gmail.com>
Michael Niedermayer [Sat, 3 Jun 2017 19:20:04 +0000 (21:20 +0200)]
avformat/hls: Check local file extensions
This reduces the attack surface of local file-system
information leaking.
It prevents the existing exploit leading to an information leak. As
well as similar hypothetical attacks.
Leaks of information from files and symlinks ending in common multimedia extensions
are still possible. But files with sensitive information like private keys and passwords
generally do not use common multimedia filename extensions.
It does not stop leaks via remote addresses in the LAN.
The existing exploit depends on a specific decoder as well.
It does appear though that the exploit should be possible with any decoder.
The problem is that as long as sensitive information gets into the decoder,
the output of the decoder becomes sensitive as well.
The only obvious solution is to prevent access to sensitive information. Or to
disable hls or possibly some of its feature. More complex solutions like
checking the path to limit access to only subdirectories of the hls path may
work as an alternative. But such solutions are fragile and tricky to implement
portably and would not stop every possible attack nor would they work with all
valid hls files.
Developers have expressed their dislike / objected to disabling hls by default as well
as disabling hls with local files. There also where objections against restricting
remote url file extensions. This here is a less robust but also lower
inconvenience solution.
It can be applied stand alone or together with other solutions.
limiting the check to local files was suggested by nevcairiel
This recommits the security fix without the author name joke which was
originally requested by Nicolas.
Found-by: Emil Lerner and Pavel Cheremushkin
Reported-by: Thierry Foucu <tfoucu@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Mon, 5 Jun 2017 11:24:36 +0000 (13:24 +0200)]
Revert "avformat/hls: Check local file extensions"
Requested-by: Paul B Mahol <onemda@gmail.com>
This reverts commit
caf7d6178a4d5f24c915da48410a9790b21703aa.
Rostislav Pehlivanov [Sun, 4 Jun 2017 17:03:05 +0000 (18:03 +0100)]
fate: add test for the Dirac low delay profile
Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>
James Almer [Mon, 5 Jun 2017 02:29:56 +0000 (23:29 -0300)]
x86/aacpsdsp: optimize ff_ps_mul_pair_single_sse
~2% faster.
Sysiphus [Sat, 3 Jun 2017 19:20:04 +0000 (21:20 +0200)]
avformat/hls: Check local file extensions
This reduces the attack surface of local file-system
information leaking.
It prevents the existing exploit leading to an information leak. As
well as similar hypothetical attacks.
Leaks of information from files and symlinks ending in common multimedia extensions
are still possible. But files with sensitive information like private keys and passwords
generally do not use common multimedia filename extensions.
It does not stop leaks via remote addresses in the LAN.
The existing exploit depends on a specific decoder as well.
It does appear though that the exploit should be possible with any decoder.
The problem is that as long as sensitive information gets into the decoder,
the output of the decoder becomes sensitive as well.
The only obvious solution is to prevent access to sensitive information. Or to
disable hls or possibly some of its feature. More complex solutions like
checking the path to limit access to only subdirectories of the hls path may
work as an alternative. But such solutions are fragile and tricky to implement
portably and would not stop every possible attack nor would they work with all
valid hls files.
Developers have expressed their dislike / objected to disabling hls by default as well
as disabling hls with local files. There also where objections against restricting
remote url file extensions. This here is a less robust but also lower
inconvenience solution.
It can be applied stand alone or together with other solutions.
limiting the check to local files was suggested by nevcairiel
Found-by: Emil Lerner and Pavel Cheremushkin
Reported-by: Thierry Foucu <tfoucu@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Kevin Mark [Sun, 4 Jun 2017 07:53:31 +0000 (03:53 -0400)]
FATE: Add test for libavfilter/scale2ref
This new FATE test for the scale2ref filter makes use of the recently
added scale2ref-specific variables to maintain the aspect ratio of a
test input.
Filtergraph explanation:
[main] has an AR of 4:3. [ref] has an AR of 16:9.
640 / 4 = 160. So the new width for [main] is 160.
160 / ((320 / 240) * (1 / 1)) = 160 / (4 / 3) = 120. So the new
height for [main] is 120.
160 / 120 = 4 / 3 so [main]'s aspect ratio has been maintained while
using [ref]'s width as a reference point.
[ref] is nullsink'd since it is left unchanged by scale2ref (and so
shouldn't need to be tested).
If we were to use "iw/4:-1" in place of "iw/4:ow/mdar":
640 / 4 = 160. So the new width for [main] would be 160.
360 / 4 = 90. So the new height for [main] would be 90.
160 / 90 = 16 / 9 so [main] now has the same aspect ratio as [ref]
which is probably what you do not want.
This is currently the only test for scale2ref.
Signed-off-by: Kevin Mark <kmark937@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sun, 4 Jun 2017 19:37:47 +0000 (21:37 +0200)]
avcodec/qdrw: Fix null pointer dereference
The RGB555 PACKBITSRGN case tries to read a palette, if such
palette is actually stored then it accesses a null pointer.
All 16bit samples i could find use DIRECTBITSRGN.
Fixes: 2065/clusterfuzz-testcase-minimized-
6298930457346048
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sun, 4 Jun 2017 18:54:44 +0000 (20:54 +0200)]
avcodec/sbrdsp_fixed: Fix assertion failure in sbr_sum_square_c()
This also increases the range of input values supported as well as
decreasing the operation dependencies in the main loop, improving
speed on modern CPUs.
Fixes part of: 2045/clusterfuzz-testcase-minimized-
6751255865065472
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sun, 4 Jun 2017 18:45:09 +0000 (20:45 +0200)]
avutil/softfloat: Fix sign error in and improve documentation of av_int2sf()
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Paul B Mahol [Sun, 4 Jun 2017 20:51:57 +0000 (22:51 +0200)]
avfilter/af_afftfilt: fix memory leaks
Signed-off-by: Paul B Mahol <onemda@gmail.com>
Michael Niedermayer [Sun, 4 Jun 2017 15:14:13 +0000 (17:14 +0200)]
avcodec/wavpack: Fix runtime error: signed integer overflow:
2081021665 - -
130689706 cannot be represented in type 'int'
Fixes: 2038/clusterfuzz-testcase-minimized-
4521466148159488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sun, 4 Jun 2017 15:06:27 +0000 (17:06 +0200)]
avcodec/hevc_ps: Fix runtime error: index 32 out of bounds for type 'uint8_t [32]'
Fixes: 2010/clusterfuzz-testcase-minimized-
6209288450080768
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sun, 4 Jun 2017 13:41:18 +0000 (15:41 +0200)]
avcodec/dxv: Check remaining bytes in dxv_decompress_raw()
Fixes: Timeout
Fixes: 2006/clusterfuzz-testcase-minimized-
5766515037044736
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
James Almer [Fri, 2 Jun 2017 23:34:24 +0000 (20:34 -0300)]
avformat/aacdec: add a custom read_packet function
Atempt to read and propagate only full ADTS frames and not other data,
like id3v1 or APETags at the end of the file.
Fixes ticket #6437.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
Paul B Mahol [Sat, 3 Jun 2017 20:44:08 +0000 (22:44 +0200)]
avfilter/af_surround: add support for some upmixing of 3.0, 2.1 and 5.1 channel layout
Signed-off-by: Paul B Mahol <onemda@gmail.com>
Marton Balint [Fri, 2 Jun 2017 20:45:02 +0000 (22:45 +0200)]
avformat/utils: change bitrate to int64_t in av_find_best_stream
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Marton Balint <cus@passwd.hu>
Marton Balint [Fri, 2 Jun 2017 19:52:13 +0000 (21:52 +0200)]
avformat/utils: return impaired streams in av_find_best_stream if only those exist
Fixes ticket #6397.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Marton Balint <cus@passwd.hu>
Michael Niedermayer [Sun, 4 Jun 2017 11:38:02 +0000 (13:38 +0200)]
avcodec/pafvideo: Check packet size and frame code before ff_reget_buffer()
Fixes 1745/clusterfuzz-testcase-minimized-
6160693365571584
Fixes: Timeout
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sun, 4 Jun 2017 11:02:51 +0000 (13:02 +0200)]
avcodec/ac3dec_fixed: Fix runtime error: left shift of 419 by 23 places cannot be represented in type 'int'
Fixes: 1352/clusterfuzz-testcase-minimized-
5757565017260032
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sat, 3 Jun 2017 22:25:09 +0000 (00:25 +0200)]
avcodec/tiff: Clear deinvert_buf_size on deallocation
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sat, 3 Jun 2017 21:57:58 +0000 (23:57 +0200)]
avcodec/tiff: Use av_fast_padded_malloc() in tiff_unpack_fax()
Fixes: Timeout
Fixes: 1213/clusterfuzz-testcase-minimized-
6022987469815808
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sat, 20 May 2017 21:01:04 +0000 (23:01 +0200)]
avcodec/mlpdec: Check quant_step_size against huff_lsbs
This reorders the operations so as to avoid computations with the above arguments
before they have been initialized.
Fixes part of 1708/clusterfuzz-testcase-minimized-
5035111957397504
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Fri, 2 Jun 2017 12:47:16 +0000 (14:47 +0200)]
avformat/options: log filename on open
The loglevel is choosen so that the main filename and any images of
multi image sequences are shown only at debug level to avoid
clutter.
This makes exploits in playlists more visible. As they would show
accesses to private/sensitive files
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Kevin Mark [Sat, 3 Jun 2017 09:04:19 +0000 (05:04 -0400)]
libavfilter/scale2ref: Fix out-of-bounds array access
ff_scale_eval_dimensions blindly assumes that two inputs are always
available as of
3385989b98be7940044e4f0a6b431a0a00abf2fa. This is
notably not the case when the function is called for the scale
filter. With the scale filter inputs[1] does not exist.
ff_scale_eval_dimensions now has an updated scale2ref check that
makes certain two inputs are actually available before attempting to
access the second one.
Thanks to James Almer for reporting this bug. This should fix the 820
Valgrind tests I single-handedly managed to break.
Signed-off-by: Kevin Mark <kmark937@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
James Almer [Fri, 2 Jun 2017 22:17:28 +0000 (19:17 -0300)]
x86/aacpsdsp: optimize ff_ps_stereo_interpolate_sse3
Move the unpacking outside of the loop. 5% to 10% faster.
Suggested-by: ubitux
Signed-off-by: James Almer <jamrial@gmail.com>
James Almer [Fri, 2 Jun 2017 02:42:05 +0000 (23:42 -0300)]
avformat/matroskaenc: also write chapters when output is WebM
WebM supports a subset of elements from the Chapters master.
See https://www.webmproject.org/docs/container/#chapters
Addresses ticket #6425
Reviewed-by: James Zern <jzern@google.com>
Signed-off-by: James Almer <jamrial@gmail.com>
Michael Niedermayer [Fri, 2 Jun 2017 20:31:02 +0000 (22:31 +0200)]
avcodec/aacps: Fix runtime error: left shift of
1073741824 by 1 places cannot be represented in type 'INTFLOAT' (aka 'int')
Fixes: 2005/clusterfuzz-testcase-minimized-
5744226438479872
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Fri, 2 Jun 2017 16:13:20 +0000 (18:13 +0200)]
avcodec/snowdec: Fix runtime error: signed integer overflow: 1404 *
8388608 cannot be represented in type 'int'
Fixes: 2004/clusterfuzz-testcase-minimized-
5533262866808832
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Shivraj Patil [Thu, 1 Jun 2017 08:37:19 +0000 (14:07 +0530)]
Disable MSA optimization for big endian arch
The current upstreamed code has been written and tested for Little Endian systems.
We do have plans to add the Big Endian support in near future, but till that time, need to disable all to avoid its usage and failures.
Signed-off-by: Shivraj Patil <shivraj.patil@imgtec.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Ganapathy Kasi [Wed, 31 May 2017 02:03:14 +0000 (19:03 -0700)]
avcodec/nvenc: fix hw accelerated transcode with bframes
hw accelerated transcode (h264_cuvid -> h264_nvenc with -hwaccel cuvid) was
broken after the filtergraph initialization was changed to intialize decoder
first followed by encoder (commit
af1761f7b5b1b72197dc40934953b775c2d951cc).
During initialzing encoder with bframes, local buffers are allocated
internally in encoder which fails since no cuda context is available. Now
pushing the correct cuda context before encoder initialization fixes the issue.
Also adding push/pop cuda ctx during create/destroy/map/unmap resources and
destroy encoder session.
Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
James Almer [Tue, 23 May 2017 18:19:39 +0000 (15:19 -0300)]
x86/aacps: add ff_ps_stereo_interpolate_ipdopd_sse3()
About 2x faster than the c version.
Signed-off-by: James Almer <jamrial@gmail.com>
Kevin Mark [Tue, 30 May 2017 17:34:29 +0000 (13:34 -0400)]
libavfilter/scale2ref: Add constants for the primary input
Variables pertaining to the main video are now available when
using the scale2ref filter. This allows, as an example, scaling a
video with another as a reference point while maintaining the
original aspect ratio of the primary/non-reference video.
Consider the following graph: scale2ref=iw/6:-1 [main][ref]
This will scale [main] to 1/6 the width of [ref] while maintaining
the aspect ratio. This works well when the AR of [ref] is equal to
the AR of [main] only. What the above filter really does is
maintain the AR of [ref] when scaling [main]. So in all non-same-AR
situations [main] will appear stretched or compressed to conform to
the same AR of the reference video. Without doing this calculation
externally there is no way to scale in reference to another input
while maintaining AR in libavfilter.
To make this possible, we introduce eight new constants to be used
in the w and h expressions only in the scale2ref filter:
* main_w/main_h: width/height of the main input video
* main_a: aspect ratio of the main input video
* main_sar: sample aspect ratio of the main input video
* main_dar: display aspect ratio of the main input video
* main_hsub/main_vsub: horiz/vert chroma subsample vals of main
* mdar: a shorthand alias of main_dar
Of course, not all of these constants are needed for maintaining the
AR, but adding additional constants in line of what is available for
in/out allows for other scaling possibilities I have not imagined.
So to now scale a video to 1/6 the size of another video using the
width and maintaining its own aspect ratio you can do this:
scale2ref=iw/6:ow/mdar [main][ref]
This is ideal for picture-in-picture configurations where you could
have a square or 4:3 video overlaid on a corner of a larger 16:9
feed all while keeping the scaled video in the corner at its correct
aspect ratio and always the same size relative to the larger video.
I've tried to re-use as much code as possible. I could not find a way
to avoid duplication of the var_names array. It must now be kept in
sync with the other (the normal one and the scale2ref one) for
everything to work which does not seem ideal. For every new variable
introduced/removed into/from the normal scale filter one must be
added/removed to/from the scale2ref version. Suggestions on how to
avoid var_names duplication are welcome.
var_values has been increased to always be large enough for the
additional scale2ref variables. I do not forsee this being a problem
as the names variable will always be the correct size. From my
understanding of av_expr_parse_and_eval it will stop processing
variables when it runs out of names even though there may be
additional (potentially uninitialized) entries in the values array.
The ideal solution here would be using a variable-length array but
that is unsupported in C90.
This patch does not remove any functionality and is strictly a
feature patch. There are no API changes. Behavior does not change for
any previously valid inputs.
The applicable documentation has also been updated.
Signed-off-by: Kevin Mark <kmark937@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Thu, 1 Jun 2017 18:42:30 +0000 (20:42 +0200)]
avcodec/asvdec: Use rounded up dimenensions in input size check
Fixes: Timeout
Fixes: 2001/clusterfuzz-testcase-minimized-
6187599389523968
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Thu, 1 Jun 2017 16:48:37 +0000 (18:48 +0200)]
avcodec/wavpack: Fix runtime error: shift exponent 32 is too large for 32-bit type 'int'
Fixes: 1967/clusterfuzz-testcase-minimized-
5757031199801344
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Thu, 1 Jun 2017 16:32:52 +0000 (18:32 +0200)]
avcodec/cfhd: Fix runtime error: signed integer overflow: 65280 * 65288 cannot be represented in type 'int'
Fixes: 1925/clusterfuzz-testcase-minimized-
5564569688735744
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Paul B Mahol [Fri, 19 May 2017 18:12:04 +0000 (20:12 +0200)]
avfilter: add audio surround upmixer
Signed-off-by: Paul B Mahol <onemda@gmail.com>
Vittorio Giovara [Wed, 31 May 2017 15:55:11 +0000 (11:55 -0400)]
ffprobe: Print AVContentLightMetadata side data contents
Vittorio Giovara [Tue, 30 May 2017 21:28:11 +0000 (17:28 -0400)]
ffprobe: Print AVMasteringDisplayMetadata side data contents
James Almer [Thu, 1 Jun 2017 16:12:20 +0000 (13:12 -0300)]
checkasm: add _fixed suffix to fixed_dsp tests
Should prevents future conflicts with the similarly named floatdsp tests
Timo Rothenpieler [Thu, 1 Jun 2017 10:29:35 +0000 (12:29 +0200)]
avcodec/cuvid: make capability check optional
Timo Rothenpieler [Thu, 1 Jun 2017 10:33:54 +0000 (12:33 +0200)]
compat/cuda: make cuvidGetDecoderCaps optional
Timo Rothenpieler [Thu, 1 Jun 2017 09:55:25 +0000 (11:55 +0200)]
avcodec/nvenc: print minimum driver version on error
Timo Rothenpieler [Thu, 1 Jun 2017 09:36:13 +0000 (11:36 +0200)]
configure: libnpp does not need to link libcuda
Srinath K R [Thu, 1 Jun 2017 07:58:07 +0000 (13:28 +0530)]
avcodec/nvenc: Add default value for AVCodecContext::refs
AVCodecContext::refs is used to control the DPB size to be used by the
encoder. The default value for AVCodecContext::refs as set in
libavcodec/options_table.h is 1.
This patch sets AVCodecContext::refs to 0 for h264_nvenc and hevc_nvenc in
order to let the driver take the decision of the correct DPB size to use in
all cases.
Signed-off-by: Srinath K R <skr@nvidia.com>
Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
James Almer [Tue, 23 May 2017 22:05:37 +0000 (19:05 -0300)]
avutil/pixfmt: remove superfluous define
It's an AVColorSpace value since
82ad9cbd32c873bced9adf4a2bb67dcda7294c61.
Signed-off-by: James Almer <jamrial@gmail.com>
Michael Niedermayer [Wed, 31 May 2017 20:53:02 +0000 (22:53 +0200)]
avcodec/wavpack: Fix runtime error: signed integer overflow:
2013265955 - -
134217694 cannot be represented in type 'int'
Fixes: 1922/clusterfuzz-testcase-minimized-
5561194112876544
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Wed, 31 May 2017 20:18:23 +0000 (22:18 +0200)]
avcodec/cinepak: Check input packet size before frame reallocation
Reduces time spend decoding 1917/clusterfuzz-testcase-minimized-
5023221273329664
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Wed, 31 May 2017 20:02:07 +0000 (22:02 +0200)]
avcodec/hevc_ps: Fix runtime error: signed integer overflow:
2147483628 + 256 cannot be represented in type 'int'
Fixes: 1909/clusterfuzz-testcase-minimized-
6732072662073344
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Wed, 31 May 2017 13:52:56 +0000 (15:52 +0200)]
avcodec/ra144: Fixes runtime error: signed integer overflow: 7160 * 327138 cannot be represented in type 'int'
Fixes: 1908/clusterfuzz-testcase-minimized-
5392712477966336
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Wed, 31 May 2017 11:39:45 +0000 (13:39 +0200)]
avcodec/pnm: Use ff_set_dimensions()
Fixes: OOM
Fixes: 1906/clusterfuzz-testcase-minimized-
4599315114754048
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Wed, 31 May 2017 11:21:58 +0000 (13:21 +0200)]
avcodec/cavsdec: Fix runtime error: signed integer overflow: 59 +
2147483600 cannot be represented in type 'int'
Fixes: 1903/clusterfuzz-testcase-minimized-
5359318167715840
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Stefano Sabatini [Tue, 23 May 2017 10:22:09 +0000 (12:22 +0200)]
examples/encode_video: slightly improve error reporting
Stefano Sabatini [Tue, 23 May 2017 09:50:40 +0000 (11:50 +0200)]
examples/encode_video: add log
This helps to visualize how the send/receive API works.
Martin Storsjö [Wed, 31 May 2017 09:53:32 +0000 (12:53 +0300)]
configure: Fix the msvcrt version check for mingw32
This was actually broken when committed in
46e3936fb04; the
test never succeeded, and thus, _aligned_malloc wasn't actually
used on legacy mingw.
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit
427f7a1f9ec1977bcb57cb4d6e6f7228dc1e858b)
wm4 [Wed, 31 May 2017 10:07:43 +0000 (12:07 +0200)]
avformat/tls_schannel: log unknown error codes
wm4 [Wed, 24 May 2017 13:46:39 +0000 (15:46 +0200)]
videotoolbox: log errors
With the new decode API, you can't handle errors directly in the API
user - you only know that the hwaccel did not initialize at all.
Add some approximate logging.
Michael Niedermayer [Tue, 30 May 2017 23:29:57 +0000 (01:29 +0200)]
tests/fate/libavcodec: Test with all idct and dct modes supported in the test
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Tue, 30 May 2017 19:29:20 +0000 (21:29 +0200)]
avformat/avidec: Limit formats in gab2 to srt and ass/ssa
This prevents part of one exploit leading to an information leak
Found-by: Emil Lerner and Pavel Cheremushkin
Reported-by: Thierry Foucu <tfoucu@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Tue, 30 May 2017 19:20:54 +0000 (21:20 +0200)]
avformat/avidec: Fix txts fmts parsing
Fixes: subtitle.avi from vlc/ticket/1162
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
James Darnley [Mon, 15 May 2017 11:58:18 +0000 (13:58 +0200)]
avcodec/x86/idctdsp_init: reindent
James Darnley [Thu, 11 May 2017 00:30:26 +0000 (02:30 +0200)]
avcodec/x86: move simple_idct to external assembly
Michael Niedermayer [Tue, 30 May 2017 02:03:09 +0000 (04:03 +0200)]
avcodec/acelp_pitch_delay: Fix runtime error: value 4.83233e+39 is outside the range of representable values of type 'float'
Fixes: 1902/clusterfuzz-testcase-minimized-
4762451407011840
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Tue, 30 May 2017 01:13:21 +0000 (03:13 +0200)]
avcodec/wavpack: Check float_shift
Fixes: runtime error: shift exponent 40 is too large for 32-bit type 'unsigned int'
Fixes: 1898/clusterfuzz-testcase-minimized-
5970744880136192
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Tue, 30 May 2017 01:09:11 +0000 (03:09 +0200)]
avcodec/wavpack: Fix runtime error: signed integer overflow: 24 * -
2147483648 cannot be represented in type 'int'
Fixes: 1894/clusterfuzz-testcase-minimized-
4716739789062144
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Rostislav Pehlivanov [Sun, 28 May 2017 21:01:40 +0000 (22:01 +0100)]
lavc: remove libschroedinger encoding and decoding wrappers
The library has stopped being developed and Debian has removed it
from its repositories citing security issues.
The native Dirac decoder supports everything the library has and basic
encoding support is still provided via the native vc2 (Dirac Pro, intra
only version of Dirac) encoder. Hence, there's no reason to still support
linking to the library and potentially leading users into security issues.
Rostislav Pehlivanov [Sun, 28 May 2017 19:25:56 +0000 (20:25 +0100)]
lavf: remove the libnut library wrapper
libnut is outdated and not developed anymore, all nut developments
happens in this repo, so users are getting mislead
Michael Niedermayer [Mon, 29 May 2017 12:07:33 +0000 (14:07 +0200)]
avcodec/ansi: Fix frame memleak
Fixes: 1892/clusterfuzz-testcase-minimized-
4519341733183488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Mon, 29 May 2017 11:51:08 +0000 (13:51 +0200)]
avcodec/dds: Fix runtime error: left shift of 145 by 24 places cannot be represented in type 'int'
Fixes: 1891/clusterfuzz-testcase-minimized-
6274417925554176
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Mon, 29 May 2017 11:45:29 +0000 (13:45 +0200)]
avcodec/jpeg2000dec: Use ff_set_dimensions()
Fixes: OOM
Fixes: 1890/clusterfuzz-testcase-minimized-
6329019509243904
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Mon, 29 May 2017 01:37:43 +0000 (03:37 +0200)]
tools/target_dec_fuzzer: Move the hwaccel check outside the initialization if
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sun, 28 May 2017 19:19:23 +0000 (21:19 +0200)]
avcodec/aacsbr: Fix libavcodec/aacsbr.c:257:59: runtime error: division by zero
Fixes: 1882/clusterfuzz-testcase-minimized-
5539735650959360
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Rostislav Pehlivanov <atomnuker@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Micah Galizia [Wed, 17 May 2017 01:37:31 +0000 (21:37 -0400)]
libavformat/hls: Observe Set-Cookie headers
Signed-off-by: Micah Galizia <micahgalizia@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sun, 28 May 2017 19:54:02 +0000 (21:54 +0200)]
avcodec/truemotion2: Fix passing null pointer to memset()
Fixes part of: 1888/clusterfuzz-testcase-minimized-
5237704826552320
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sun, 28 May 2017 19:54:02 +0000 (21:54 +0200)]
avcodec/truemotion2: Fix runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
Fixes part of: 1888/clusterfuzz-testcase-minimized-
5237704826552320
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sun, 28 May 2017 19:44:32 +0000 (21:44 +0200)]
avcodec/ra144: Fix runtime error: signed integer overflow: -2449 *
1398101 cannot be represented in type 'int'
Fixes: 1885/clusterfuzz-testcase-minimized-
5336328549957632
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sun, 28 May 2017 19:38:24 +0000 (21:38 +0200)]
avcodec/ra144: Fix runtime error: signed integer overflow:
11184810 * 404 cannot be represented in type 'int'
Fixes: 1884/clusterfuzz-testcase-minimized-
4637425835966464
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sun, 28 May 2017 18:08:49 +0000 (20:08 +0200)]
avcodec/aac_defines: Add missing () to AAC_HALF_SUM() macro
Fixes: runtime error: shift exponent
1073741848 is too large for 32-bit type 'INTFLOAT' (aka 'int')
Fixes: 1880/clusterfuzz-testcase-minimized-
4900645322620928
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Wed, 10 May 2017 16:37:50 +0000 (18:37 +0200)]
avcodec/webp: Fixes null pointer dereference
Fixes: 1470/clusterfuzz-testcase-minimized-
5404421666111488
Fixes: 1472/clusterfuzz-testcase-minimized-
5677426430443520
Fixes: 1875/clusterfuzz-testcase-minimized-
5536474562822144
Approved-by: BBB
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sun, 28 May 2017 16:09:47 +0000 (18:09 +0200)]
avcodec/aacdec_fixed: Fix runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
Fixes: 1878/clusterfuzz-testcase-minimized-
6441918630199296
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sun, 28 May 2017 15:20:42 +0000 (17:20 +0200)]
avcodec/ylc: Check count in build_vlc()
Fixes: runtime error: signed integer overflow:
211633430 +
2147483647 cannot be represented in type 'int'
Fixes: 1874/clusterfuzz-testcase-minimized-
5037763613163520
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sun, 28 May 2017 15:12:35 +0000 (17:12 +0200)]
avcodec/snow: Fix runtime error: signed integer overflow:
1086573993 +
1086573994 cannot be represented in type 'int'
Fixes: 1871/clusterfuzz-testcase-minimized-
5719950331215872
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sun, 28 May 2017 12:00:30 +0000 (14:00 +0200)]
avcodec/jpeg2000: Fix runtime error: signed integer overflow: 4185 +
2147483394 cannot be represented in type 'int'
Fixes: 1870/clusterfuzz-testcase-minimized-
4686788029317120
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sun, 28 May 2017 11:52:13 +0000 (13:52 +0200)]
avcodec/jpeg2000dec: Check tile offsets more completely
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sun, 28 May 2017 11:30:46 +0000 (13:30 +0200)]
avcodec/sheervideo: Check input buffer size before allocating and decoding
Fixes: Timeout
Fixes: 1858/clusterfuzz-testcase-minimized-
6450473802399744
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sun, 28 May 2017 10:56:25 +0000 (12:56 +0200)]
avcodec/wavpack: Fix runtime error: signed integer overflow: -
1386217472 * 4 cannot be represented in type 'int'
Fixes: 1853/clusterfuzz-testcase-minimized-
5471155626442752
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sun, 28 May 2017 01:34:09 +0000 (03:34 +0200)]
avcodec/aacdec_fixed: Fix multiple runtime error: shift exponent 127 is too large for 32-bit type 'int'
Fixes: 1851/clusterfuzz-testcase-minimized-
5692607495667712
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sun, 28 May 2017 01:18:02 +0000 (03:18 +0200)]
avcodec/wnv1: More strict buffer size check
This requires at least 25% of a picture to allocate and decode it
Fixes: Timeout
Fixes: 1845/clusterfuzz-testcase-minimized-
5075974343360512
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Thu, 25 May 2017 01:21:50 +0000 (03:21 +0200)]
avcodec/libfdk-aacdec: Correct buffer_size parameter
the timeDataSize argument to aacDecoder_DecodeFrame() seems undocumented and until
2016 04 (
203e3f28fbebec7011342017fafc2a0bda0ce530) unused.
after that commit libfdk-aacdec interprets it as size in sample units and memsets that on error.
FFmpeg as well as others (like GStreamer) did interpret it as size in bytes
Fixes: 1442/clusterfuzz-testcase-minimized-
4540199973421056 (This requires recent libfdk to reproduce)
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Tue, 23 May 2017 19:08:48 +0000 (21:08 +0200)]
avcodec/sbrdsp_template: Fix: runtime error: signed integer overflow:
849815297 +
1315389781 cannot be represented in type 'int'
Fixes: 1770/clusterfuzz-testcase-minimized-
5285511235108864
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sun, 21 May 2017 18:46:16 +0000 (20:46 +0200)]
avcodec/aacps: Check border_position to be monotone
Fixes: runtime error: left shift of negative value -
67108864
Fixes: 1738/clusterfuzz-testcase-minimized-
6734814327603200
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
erankor [Wed, 17 May 2017 09:32:06 +0000 (12:32 +0300)]
movenc: encryption with time code track fix
instead of deciding whether to encrypt based on the encryption scheme,
decide according to whether cenc was initialized or not.
mov_create_timecode_track calls ff_mov_write_packet with a track that
doesn't have cenc initialized.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sun, 28 May 2017 01:03:46 +0000 (03:03 +0200)]
avcodec/ivi_dsp: Fix runtime error: left shift of negative value -2
Fixes: 1839/clusterfuzz-testcase-minimized-
6238490993885184
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Kevin Mark [Sat, 27 May 2017 14:10:46 +0000 (10:10 -0400)]
doc/filters: Clarify scale2ref example
Signed-off-by: Kevin Mark <kmark937@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
James Almer [Sat, 22 Apr 2017 03:34:37 +0000 (00:34 -0300)]
avformat/mov: add support for reading Content Light Level Box
As defined in "VP Codec ISO Media File Format Binding v1.0"
https://github.com/webmproject/vp9-dash/blob/master/VPCodecISOMediaFileFormatBinding.md
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
James Almer [Sat, 22 Apr 2017 03:03:21 +0000 (00:03 -0300)]
avformat/mov: add support for reading Mastering Display Metadata Box
As defined in "VP Codec ISO Media File Format Binding v1.0"
https://github.com/webmproject/vp9-dash/blob/master/VPCodecISOMediaFileFormatBinding.md
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
Michael Niedermayer [Sat, 27 May 2017 11:17:34 +0000 (13:17 +0200)]
avcodec/mlpdec: Do not leave invalid values in matrix_out_ch[] on error
Fixes: runtime error: index 12 out of bounds for type 'uint8_t [8]'
Fixes: 1832/clusterfuzz-testcase-minimized-
6574546079449088
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sat, 27 May 2017 11:07:00 +0000 (13:07 +0200)]
avcodec/ra144dec: Fix runtime error: left shift of negative value -17
Fixes: 1830/clusterfuzz-testcase-minimized-
5828293733384192
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>