Stowage/ffmpeg
2
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2026-06-06 07:20:31 +00:00
Code Issues Projects Releases Packages Wiki Activity
124397 commits 39 branches 423 tags 258 MiB
Commit graph

54123 commits

Author SHA1 Message Date
Andreas Rheinhardt
1c522ffdef avcodec/x86/mpegvideoenc{,_template}: Remove remnants of MMX 
Reviewed-by: Kieran Kunhya <kieran@kunhya.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
 2026-05-04 17:31:05 +02:00
Andreas Rheinhardt
d328a02a9a avcodec/x86/vp6dsp_init: Update obsolete comment 
Forgotten in 6cb3ee80b3.

Reviewed-by: Kieran Kunhya <kieran@kunhya.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
 2026-05-04 17:31:01 +02:00
Andreas Rheinhardt
564f610cbf avcodec/x86/vc1dsp_loopfilter: Remove MMXEXT funcs overridden by SSSE3 
Reviewed-by: Kieran Kunhya <kieran@kunhya.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
 2026-05-04 17:28:28 +02:00
Andreas Rheinhardt
6a46ea7da2 avcodec/x86/constants, h263_loopfilter: Move pb_FC to h263_loopfilter 
Only used there.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
 2026-05-04 16:57:18 +02:00
Thilo Borgmann
aa14727cd5 avcodec/webp: export XMP metadata 
Signed-off-by: Ramiro Polla <ramiro.polla@gmail.com>
 2026-05-04 12:47:30 +02:00
João Neves
2c71a28bf0 avcodec/hdrdec: fix pixel count decrement in RLE decompress loop 
The w variable counts pixels, not bytes. The non-RLE path correctly
uses w-- (one pixel = 4 bytes), but the RLE path uses w -= 4, causing
the loop to terminate after roughly 1/4 of the expected pixels.

The w -= 4 was introduced in 14e99cb472 which moved the decrement
inside the loop to fix an OOB write (clusterfuzz-5423041009549312).
The move was correct, but the decrement value should have been 1 to
match the non-RLE path.

Signed-off-by: João Neves <joaocns0@protonmail.com>
 2026-05-03 20:19:51 +00:00
João Neves
daedf4012d avcodec/exr: check rle() return value in rle_uncompress() 
rle_uncompress() silently discards the return value of rle(). When the
compressed data is malformed and rle() returns AVERROR_INVALIDDATA,
processing continues on a partially filled buffer. Propagate the error
to the caller, which already handles it at line 1420.

Signed-off-by: João Neves <joaocns0@protonmail.com>
 2026-05-03 20:15:54 +00:00
James Almer
1a2c16fe51 avcodec/av1dec: check that primary_ref_frame is within range 
Fixes CVE-2026-30997

Fixes: Out-of-Bounds Access
Found-by: Xinghang Lv
Signed-off-by: James Almer <jamrial@gmail.com>
 2026-05-03 15:55:21 -03:00
Andreas Rheinhardt
da195b1e84 avcodec/qsvenc: Add av_fallthrough 
Reviewed-by: Ramiro Polla <ramiro.polla@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
 2026-05-03 18:23:10 +02:00
Andreas Rheinhardt
e1115751dd avcodec/nvenc: Add av_fallthrough 
Reviewed-by: Ramiro Polla <ramiro.polla@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
 2026-05-03 18:23:07 +02:00
Andreas Rheinhardt
095897060a avcodec/libzvbi-teletextdec: Add av_fallthrough 
Reviewed-by: Ramiro Polla <ramiro.polla@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
 2026-05-03 18:23:05 +02:00
Andreas Rheinhardt
a9b97d070e avcodec/libxvid: Add av_fallthrough 
Reviewed-by: Ramiro Polla <ramiro.polla@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
 2026-05-03 18:23:03 +02:00
Andreas Rheinhardt
dc12dd82a1 avcodec/libxavs2: Add av_fallthrough 
Reviewed-by: Ramiro Polla <ramiro.polla@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
 2026-05-03 18:23:00 +02:00
Andreas Rheinhardt
8881e1a52c avcodec/libvpxenc: Add av_fallthrough 
Reviewed-by: Ramiro Polla <ramiro.polla@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
 2026-05-03 18:22:58 +02:00
Andreas Rheinhardt
64bea20837 avcodec/libopusenc: Add av_fallthrough 
Reviewed-by: Ramiro Polla <ramiro.polla@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
 2026-05-03 18:22:56 +02:00
Andreas Rheinhardt
d8b02fdb9f avcodec/libaomenc: Use av_fallthrough to mark fallthrough 
Reviewed-by: Ramiro Polla <ramiro.polla@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
 2026-05-03 18:22:53 +02:00
Andreas Rheinhardt
3cf225b5f8 avcodec/aac/aacdec: Fix shadowing 
Reviewed-by: Ramiro Polla <ramiro.polla@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
 2026-05-03 18:22:42 +02:00
Andreas Rheinhardt
d29cbb87c3 avcodec/aac/aacdec: Add av_fallthrough 
Reviewed-by: Ramiro Polla <ramiro.polla@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
 2026-05-03 18:22:39 +02:00
Andreas Rheinhardt
cf5191fac7 avcodec/hevc/hevcdec: Fix shadowing 
Reviewed-by: Ramiro Polla <ramiro.polla@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
 2026-05-03 18:22:37 +02:00
Andreas Rheinhardt
0cbf77e843 avcodec/hevc/hevcdec: Add av_fallthrough 
Reviewed-by: Ramiro Polla <ramiro.polla@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
 2026-05-03 18:22:34 +02:00
Andreas Rheinhardt
e61c940654 avcodec/mpegvideo_enc: Fix shadowing 
Reviewed-by: Ramiro Polla <ramiro.polla@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
 2026-05-03 18:22:31 +02:00
Andreas Rheinhardt
04ba5e7537 avcodec/mpegvideo_enc: Add av_fallthrough 
Reviewed-by: Ramiro Polla <ramiro.polla@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
 2026-05-03 18:22:29 +02:00
Andreas Rheinhardt
7b4b658a87 avcodec/mpegvideo_motion: Add av_unreachable, fix fallthrough warnings 
Reviewed-by: Ramiro Polla <ramiro.polla@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
 2026-05-03 18:22:27 +02:00
Andreas Rheinhardt
4b58570ff7 avcodec/sga: Add av_fallthrough 
Reviewed-by: Ramiro Polla <ramiro.polla@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
 2026-05-03 18:22:24 +02:00
Andreas Rheinhardt
392ce463a5 avcodec/tiff: Fix shadowing 
Reviewed-by: Ramiro Polla <ramiro.polla@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
 2026-05-03 18:22:18 +02:00
Andreas Rheinhardt
25b7166fe3 avcodec/tiff: Add av_fallthrough 
Reviewed-by: Ramiro Polla <ramiro.polla@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
 2026-05-03 18:22:16 +02:00
Andreas Rheinhardt
05a8e89474 avcodec/tta: Fix shadowing 
Reviewed-by: Ramiro Polla <ramiro.polla@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
 2026-05-03 18:22:13 +02:00
Andreas Rheinhardt
5a7558a0a2 avcodec/tta: Add av_fallthrough 
Reviewed-by: Ramiro Polla <ramiro.polla@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
 2026-05-03 18:22:11 +02:00
Andreas Rheinhardt
9eeca76cbe avcodec/vdpau_mpeg12: Use av_fallthrough to mark fallthrough 
Reviewed-by: Ramiro Polla <ramiro.polla@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
 2026-05-03 18:22:07 +02:00
Michael Niedermayer
2e32276872 avcodec/aac/aacdec_usac_mps212: fix attach_lsb() OOB after huff_decode 
Fixes: VS-FF-2026-0001/poc.wav

Reported-by: Vuln Seeker Cyber Security Team
 2026-05-03 15:11:28 +00:00
Michael Niedermayer
118bddf0ce
avcodec/dfpwmdec: Check nb_samples 
Fixes: integer overflow

Found-by: Dhiraj Mishra <mishra.dhiraj95@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2026-05-03 16:56:43 +02:00
Michael Niedermayer
7ae36ceba9 avcodec/alsdec: do not set nbits invalidly 
note that the spec actually disallows the 0 case too but we are
a little lenient here so the full 24bit twos-complement range can be handled

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2026-05-03 14:54:27 +00:00
Michael Niedermayer
b45a6d3f76 avcodec/adpcm: signed integer overflow in ADPCM_N64 
Fixes: signed integer overflow

Found-by: Marius Momeu <marius.momeu@berkeley.edu>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2026-05-03 13:26:34 +00:00
Michael Niedermayer
0f5705959d avcodec/hevc/ps: validate rep_format dimensions in multi-layer SPS 
When an SPS uses the multi-layer extension (nuh_layer_id > 0 with
sps_max_sub_layers_minus1 == 7), width and height are taken from the
VPS rep_format without the av_image_check_size() validation that the
direct path performs.  HEVC F.7.4.3.1.1 requires rep_format pic
dimensions to satisfy the constraints in 7.4.3.2.1, including
"pic_width_in_luma_samples shall not be equal to 0".

Run the same av_image_check_size() check in the multi-layer-extension
path so the SPS is rejected before it reaches setup_pps().

Fixes: VS-FF-2026-0003/poc.flv
Fixes: out of array access

Found-by: Vuln Seeker Cyber Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2026-05-03 13:26:06 +00:00
Marius Momeu
ff3223b5d6 avcodec/ralf: Add the missing return statement after the error log 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2026-05-03 13:25:30 +00:00
Michael Niedermayer
2a991a3475 avcodec/zmbv: reject XOR data that overruns the decompression buffer 
Add a per-block bounds check at the start of each XOR block so the
read is rejected before src crosses decomp_len, and propagate the
error from decode_frame().

Fixes: out of array read

Found-by: Seung Min Shin
 2026-05-03 13:22:37 +00:00
Michael Niedermayer
2f60af465a avcodec/rasc: fix heap use-after-free in decode_move() 
Use a separate scratch buffer (s->mv_scratch) for the type-0 pixel
copy so s->delta and mc are not disturbed for the lifetime of
decode_move().  The new buffer is freed in decode_close().

Found-by: Seung Min Shin
Patch based on suggsted fix by Seung Min Shin

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2026-05-03 13:20:27 +00:00
Niels Provos
fd5023053a avcodec/hevc/refs: Check multiplication in alloc_frame() 
Fixes: integer overflow on 32bit
 2026-05-03 13:19:35 +00:00
Michael Niedermayer
1772386392 avcodec/h264: recompute per-slice direct mode state for every slice 
Regression since: 7f05c5cea0
Fixes: poc10
Fixes: null pointer dereference

Reported-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2026-05-03 12:42:47 +00:00
Michael Niedermayer
1886c3269d avcodec/h264_refs: Clear stale pointers from ref_list 
Testcase: poc10.bin

Reported-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2026-05-03 12:42:47 +00:00
Michael Niedermayer
a780d46d3b avcodec/leaddec: Check input data before allocating buffer 
Fixes: Timeout
Fixes: 471636089/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LEAD_fuzzer-6346348464242688

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2026-05-03 12:40:44 +00:00
Michael Niedermayer
b801f1fe6d avcodec/pdvdec: Check input space before buffer allocation 
this rejects packets whose claimed decompressed frame would require a deflate ratio beyond the format's theoretical 1032:1 limit

Fixes: Timeout
Fixes: 474457186/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PDV_fuzzer-5366108782919680

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2026-05-03 10:25:54 +00:00
Gyan Doshi
4a2b643646 avcodec/mediacodecdec: declare correct class for audio decoders 
The class for video decoders had been assigned till date.
 2026-05-03 05:58:13 +00:00
Michael Niedermayer
23227a444d avcodec/wmaenc: Fix missing padding in extradata 
Reported-by: Kenan Alghythee <kalghy2@uic.edu>
 2026-05-03 02:36:54 +00:00
Michael Niedermayer
242ff799c7 avcodec/tdsc: remove double stride adjustment 
Fixes: out of array access

Found-by: Seung Min Shin
Patch based on suggested fix by Seung Min Shin
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2026-05-02 23:11:24 +00:00
Michael Niedermayer
05817dc7dd avcodec/notchlc: Check 255 loops 
Fixes: integer overflow

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2026-05-02 21:39:02 +00:00
Michael Niedermayer
bf4eb194cf avcodec/tdsc: Better input size check 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2026-05-02 21:13:01 +00:00
Michael Niedermayer
bb69a090a7 avcodec/tdsc: Check jpeg size 
Fixes: out of array read
Fixes: tdsc_tile_dim_mismatch.avi

Found-by: Ante Silovic <asilovic155@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2026-05-02 21:13:01 +00:00
Michael Niedermayer
af87d77514 avcodec/tdsc: Prettier uncompress() check 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2026-05-02 21:13:01 +00:00
Michael Niedermayer
e9e6fb8798 avcodec/tdsc: Check tile_size 
Fixes: out of array read
Fixes: tdsc_war_groom_far4096.avi

Found by: Ante Silovic <asilovic155@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2026-05-02 21:13:01 +00:00