Stowage/ffmpeg
2
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2026-02-16 03:20:25 +00:00
Code Issues Projects Releases Packages Wiki Activity
98205 commits 38 branches 415 tags 291 MiB
Commit graph

43129 commits

Author SHA1 Message Date
James Almer
a15a3318e1 avcodec/cbs_av1: fix setting FrameWidth in frame_size_with_refs() 
Section 5.9.7 of the spec states

    UpscaledWidth = RefUpscaledWidth[ ref_frame_idx[ i ] ]
    FrameWidth    = UpscaledWidth
    FrameHeight   = RefFrameHeight[ ref_frame_idx[ i ] ]
    RenderWidth   = RefRenderWidth[ ref_frame_idx[ i ] ]
    RenderHeight  = RefRenderHeight[ ref_frame_idx[ i ] ]

Meaning FrameWidth must not be set to RefFrameWidth[ ref_frame_idx[ i ] ]
like we're currently doing.

Reviewed-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
 2020-09-05 22:30:38 -03:00
James Almer
f94134b22a avcodec/cbs_av1: use a more appropiate AV1ReferenceFrameState pointer variable name 
frame is more commonly used for AV1RawFrameHeader and AV1RawFrame.

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 97819f15a8)
 2020-09-05 22:30:32 -03:00
James Almer
74c9965096 avcodec/cbs_av1: fix handling reference frames on show_existing_frame frames 
Implement Section 7.21 "Reference frame loading process" and Section 7.20
"Reference frame update process" for show_existing_frame frames, as required by
the definition in Section 7.4 "Decode frame wrapup process".

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit e76b4b2a6b)
 2020-09-05 22:30:23 -03:00
James Almer
af72c16468 avcodec/cbs_av1: infer frame_type in show_existing_frame frames earlier 
This follows the spec and will come in handy in the next commit.

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit afbe9ebac7)
 2020-09-05 22:30:18 -03:00
James Almer
408592c838 avcodec/cbs_av1: add OrderHint to CodedBitstreamAV1Context 
This follows the spec and will come in handy in a following commit.

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit e3ed0ce32a)
 2020-09-05 22:30:12 -03:00
James Almer
f73c4487ef avcodec/cbs_av1: infer frame_type when parsing a show_existing_frame frame 
Reviewed-by: Mark Thompson <sw@jkqxz.net>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 6c20207dce)
 2020-09-05 22:30:07 -03:00
Mark Thompson
f070c53c7a cbs_av1: Fix test for presence of buffer_removal_time element 
The frame must be in both the spatial and temporal layers for the
operating point, not just one of them.

(cherry picked from commit b567cb8d0b)
 2020-09-05 22:30:01 -03:00
James Almer
3a66177fef avcodec/cbs_av1: fix storage size for render_{width,height}_minus_1 
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 751f2a27f7)
 2020-09-05 21:36:03 -03:00
Carl Eugen Hoyos
0a012a5338 lavc: Lower MediaFoundation audio encoder priority. 
The actual encoders may not be available.
Fixes ticket #8699.

(cherry picked from commit 13db5061ff)
 2020-08-25 18:58:59 +02:00
James Almer
590a36acbd x86/h264_deblock: fix warning about trailing empty parameter 
Fixes part of ticket #8771

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 2c844c9828)
 2020-07-12 11:39:29 -03:00
Michael Niedermayer
5086d22697 avcodec/tiff: Check input space in dng_decode_jpeg() 
Fixes: out of array read
Fixes: 24034/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5111884337119232

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 79e8d17024)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-11 00:25:33 +02:00
Michael Niedermayer
3c4679c430 avcodec/mjpeg_parser: Adjust size rejection threshold 
Fixes: 86987846-429c8d80-c197-11ea-916b-bb4738e09687.jpg
Fixes: Regression since ec3d8a0e69

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit dde6077297)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-11 00:25:33 +02:00
Michael Niedermayer
832652a9d1 avcodec/cbs_jpeg: Fix uninitialized end index in cbs_jpeg_split_fragment() 
Fixes: Out of array read
Fixes: 24043/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5084566275751936.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4a10bc8f6f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-11 00:25:33 +02:00
Michael Niedermayer
b021eba8b6 avcodec/apedec: Fix undefined integer overflow with 24bit 
Fixes: signed integer overflow: 8683744 * 256 cannot be represented in type 'int'
Fixes: 23527/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5679885932822528

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9f7b252cdf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-09 12:35:39 +02:00
Michael Niedermayer
093c2dd644 avcodec/loco: Fix integer overflow with large values from loco_get_rice() 
Fixes: signed integer overflow: 155 + 2147483647 cannot be represented in type 'int'
Fixes: 23421/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5652849097965568

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3ddc5e1f3c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-09 12:35:39 +02:00
Michael Niedermayer
b228e0c5f6 avcodec/tiff: Check frame parameters before blit for DNG 
Fixes: out of array access
Fixes: 23888/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-6021365974171648.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4091f4f780)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-09 12:35:39 +02:00
Michael Niedermayer
11a10e30a9 avcodec/mjpegdec: Limit bayer to single plane outputting format 
This reduces the number of paths reachable with DNG and should
improve security

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 865a34970e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-09 12:35:39 +02:00
Michael Niedermayer
f98f29de5e avcodec/pnmdec: Fix misaligned reads 
Found-by: "Steinar H. Gunderson" <steinar+ffmpeg@gunderson.no>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ea28ce9bc1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-09 12:35:39 +02:00
Michael Niedermayer
531ddbacb5 avcodec/mv30: Fix integer overflows in idct2_1d() 
Fixes: signed integer overflow: 6500736 * 473 cannot be represented in type 'int'
Fixes: 23259/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MV30_fuzzer-5179394271477760

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3b8d5bcc31)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-09 12:35:39 +02:00
Michael Niedermayer
d25345bb00 avcodec/hcadec: Check total_band_count against imdct_in size 
Fixes: index 128 out of bounds for type 'float [128]'
Fixes: 23465/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HCA_fuzzer-5089866596745216

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2d96c94531)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-09 12:35:39 +02:00
Michael Niedermayer
1ff86cb452 avcodec/scpr3: Fix out of array access with dectab 
Fixes: 23721/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-5914074721550336

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c8de8dfba6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-09 12:35:39 +02:00
Michael Niedermayer
f1ebea7c91 avcodec/tiff: Do not overrun the array ends in dng_blit() 
Fixes: out of array access
Fixes: 23589/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5110559589793792.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f35caea77f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-09 12:35:39 +02:00
Michael Niedermayer
c86a9d5b82 avcodec/dstdec: Replace AC overread check by sample rate check 
Real files do skip coding 0 bits at the end, thus this kind of check
does not work reliable.

Fixes: Ticket 8770
Fixes: dst-256fs44-6ch-refdstencoder.dff

The samplerate is specified in ISO/IEC 14496-3:2005(E) as one of 3 fixed
values, this also can be used to limit the duration and avoid the timeout

This reverts commit f6df99dba1.

(cherry picked from commit 1679f23beb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-09 12:35:39 +02:00
Andreas Rheinhardt
7cbb6ee2ee avcodec/h264_metadata_bsf: Fix invalid av_freep 
This bug was introduced in 3c8a2a1180.

Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
(cherry picked from commit 04e06beb0a)
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
 2020-07-04 22:33:21 +02:00
James Almer
acefb59ac5 avcodec/cbs_h265: set default VUI parameters when vui_parameters_present_flag is false 
Based on cbs_h264 code.

Should fix ticket #8752.

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit d1c55fc460)
 2020-07-02 22:26:39 -03:00
Manoj Bonda
797574400d avcodec/av1_parser: initialize avctx->pix_fmt 
Initialize avctx->pix_fmt in av1_parser.c
AV1 Chroma format is invalid when quering using below code if no AV1 decoder
is available:

iVideoStream = av_find_best_stream(fmtc, AVMEDIA_TYPE_VIDEO, -1, -1, NULL, 0);
eChromaFormat = (AVPixelFormat)fmtc->streams[iVideoStream]->codecpar->format;

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 23d06f606e)
 2020-07-02 22:26:39 -03:00
James Almer
b303fe926e avcodec/av1_parser: add missing parsing for RGB pixel format signaling 
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit af6cddae1f)
 2020-07-02 22:26:39 -03:00
James Almer
8f5f453998 avcodec/av1_parser: set context values outside the OBU parsing loop 
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 634a44db5a)
 2020-07-02 22:26:39 -03:00
Michael Niedermayer
f27a510211 avcodec/pngdec: Check for fctl after idat 
Fixes: out of array access
Fixes: 23554/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APNG_fuzzer-4796622520451072.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 65b1ba680f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-02 10:20:36 +02:00
Michael Niedermayer
f4affa071a avcodec/wmalosslessdec: fix overflow with pred in revert_cdlms 
Fixes: signed integer overflow: 2048 + 2147483646 cannot be represented in type 'int'
Fixes: 23538/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5227567073460224

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 21598d711d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-07-02 10:20:36 +02:00
Andreas Rheinhardt
b3d8e13a88 avcodec/cbs_av1: Fix writing uvlc numbers >= INT_MAX 
Fixes: assertion failure
Fixes: left shift of 1 by 31 places cannot be represented in type 'int'
Fixes: 23264/clusterfuzz-testcase-minimized-ffmpeg_BSF_AV1_METADATA_fuzzer-6308429248593920

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
(cherry picked from commit 6f06c17a55)
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
 2020-07-01 19:01:31 +02:00
Andreas Rheinhardt
284fffa92f avcodec/bitstream: Don't check for undefined behaviour after it happened 
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
(cherry picked from commit 5e196dac22)
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
 2020-07-01 18:59:57 +02:00
Michael Niedermayer
8e12af29d1 avcodec/tiff: Check stride for dng 
Fixes: assertion failure
Fixes: 23422/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5746026064642048

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 276dfa9d91)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-06-15 20:41:15 +02:00
Andreas Rheinhardt
82d70d8038 avcodec/hevc_mp4toannexb_bsf: Check NAL size against available input 
The hevc_mp4toannexb bsf does not explicitly check whether a NAL unit
is so big that it extends beyond the end of the input packet; it does so
only implicitly by using the checked version of the bytestream2 API.
But this has downsides compared to real checks: It can lead to huge
allocations (up to 2GiB) even when the input packet is just a few bytes.
And furthermore it leads to uninitialized data being output.
So add a check to error out early if it happens.

Also check directly whether there is enough data for the length field.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
(cherry picked from commit ea1b71e82f)
 2020-06-15 04:18:16 +02:00
Michael Niedermayer
a3e0c9f8f0 avcodec/ffwavesynth: Avoid undefined operation on ts overflow 
Alternatively these conditions could be treated as errors
Fixes: 23147/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5639254549200896
Fixes: signed integer overflow: 9223372036854775807 + 1 cannot be represented in type 'int64_t' (aka 'long')

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 584d334afd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-06-14 22:02:34 +02:00
Michael Niedermayer
95b9ac040e avcodec/mv30: check mode_size vs. input space 
Fixes: Timeout (longer than my patience vs 1sec)
Fixes: 22984/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MV30_fuzzer-5630021988515840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 75e2ac4f07)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-06-14 22:02:34 +02:00
Michael Niedermayer
f823932349 avcodec/mpeg4videodec: Fix 2 integer overflows in get_amv() 
Fixes: signed integer overflow: -144876608 * 16 cannot be represented in type 'int'
Fixes: 22782/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-6039584977977344

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e361785ee0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-06-14 22:02:34 +02:00
Michael Niedermayer
fa0a71ac41 avcodec/jpeg2000dec: Fix/check for multiple integer overflows 
Fixes: shift exponent 35 is too large for 32-bit type 'int'
Fixes: 22857/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5202709358837760

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c579ceffbe)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-06-14 22:02:34 +02:00
Michael Niedermayer
e149b24c63 avcodec/lossless_audiodsp: Fix undefined overflows in scalarproduct_and_madd_int16_c() 
Fixes: signed integer overflow: 2142077091 + 6881070 cannot be represented in type 'int'
Fixes: 22737/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5958388889681920

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c0dfe134be)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-06-14 22:02:34 +02:00
Michael Niedermayer
2ce670fc48 avcodec/sonic: Fix several integer overflows 
Fixes: signed integer overflow: 2129689466 + 2129689466 cannot be represented in type 'int'
Fixes: 20715/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5155263109922816

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 75d520e337)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-06-14 22:02:34 +02:00
Michael Niedermayer
c372189443 avcodec/mpeg4videodec: avoid invalid values and reinitialize in format changes for studio profile 
Fixes: out of array access
Fixes: 23327/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5134822992510976

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e53235f06c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-06-14 22:02:34 +02:00
Michael Niedermayer
335ddf2fe9 avcodec/pixlet: Fix log(0) check 
Fixes: passing zero to clz(), which is not a valid argument
Fixes: 23337/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PIXLET_fuzzer-5179131989065728

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bd0f81526d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-06-14 22:02:34 +02:00
Michael Niedermayer
0e51c7b64a avcodec/iff: Fix off by x error 
Fixes: out of array access
Fixes: 23245/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5723121327013888.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 51225dee0a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-06-14 22:02:34 +02:00
Michael Niedermayer
28460ece95 avcodec/wmalosslessdec: Check block_align maximum 
Fixes: Assertion failure
Fixes: 22737/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5958388889681920

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 314d10f7a6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-06-14 22:02:34 +02:00
Michael Niedermayer
63d14168a5 avcodec/loco: Fix signed integer overflow in loco_get_rice() 
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 22975/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5658160970072064

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit aa88cdfd90)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-06-14 22:02:34 +02:00
Michael Niedermayer
e468d9248c avcodec/cbs: Allocate more CodedBitstreamUnit at once in cbs_insert_unit() 
Fixes: Timeout (85sec -> 0.5sec)
Fixes: 20791/clusterfuzz-testcase-minimized-ffmpeg_BSF_AV1_FRAME_SPLIT_fuzzer-5659537719951360
Fixes: 21214/clusterfuzz-testcase-minimized-ffmpeg_BSF_MPEG2_METADATA_fuzzer-5165560875974656
Fixes: 21247/clusterfuzz-testcase-minimized-ffmpeg_BSF_H264_METADATA_fuzzer-5715175257931776

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 49ba60fed0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-06-14 22:02:34 +02:00
Michael Niedermayer
e625d40b93 avcodec/mpeg12dec: remove outdated comments 
Found-by: Kieran
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 48de8f5816)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-06-14 22:02:34 +02:00
Michael Niedermayer
bb788dec83 avcodec/snowdec: Avoid integer overflow with huge qlog 
Fixes: integer overflow
Fixes: 22285/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-5682428762128384

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 38fbf33c72)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-06-14 22:02:34 +02:00
Michael Niedermayer
611fc7244a avcodec/movtextdec: Fix shift overflows in mov_text_init() 
Fixes: left shift of 243 by 24 places cannot be represented in type 'int'
Fixes: 22716/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOVTEXT_fuzzer-5704263425851392

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d7a2311a2c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2020-06-14 22:02:34 +02:00
James Almer
dba8e32e44 avcodec/cbs_av1: abort when written inferred values don't match 
If this happens, it's a sign of parsing issues earlier in the process, or
misuse by the calling module.

Prevents writing invalid bitstreams.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 318a1a383d)
 2020-06-14 16:45:05 -03:00