[FFmpeg-cvslog] avcodec/vp8: Check for bitstream end before vp7_fade_frame()
ffmpeg | branch: master | Michael Niedermayer | Sat
Feb 17 04:20:52 2018 +0100| [de675648cef7e451ca82fabaee0d8ec1fe653311] |
committer: Michael Niedermayer
avcodec/vp8: Check for bitstream end before vp7_fade_frame()
Fixes: Timeout
Fixes: 5653/clusterfuzz-testcase-5497680018014208
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=de675648cef7e451ca82fabaee0d8ec1fe653311
---
libavcodec/vp8.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavcodec/vp8.c b/libavcodec/vp8.c
index 7f71a75e4b..62b9f8bc2d 100644
--- a/libavcodec/vp8.c
+++ b/libavcodec/vp8.c
@@ -656,6 +656,8 @@ static int vp7_decode_frame_header(VP8Context *s, const
uint8_t *buf, int buf_si
s->fade_present = vp8_rac_get(c);
}
+if (c->end <= c->buffer && c->bits >= 0)
+return AVERROR_INVALIDDATA;
/* E. Fading information for previous frame */
if (s->fade_present && vp8_rac_get(c)) {
if ((ret = vp7_fade_frame(s ,c)) < 0)
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] libavfilter/vf_fps: Add more fate tests
ffmpeg | branch: master | Calvin Walton | Fri Feb 16 15:02:02 2018 -0500| [d2fc244293b531cf1ce175155f74202b697a7a23] | committer: Michael Niedermayer libavfilter/vf_fps: Add more fate tests These tests cover specific rounding behaviour, to ensure that I don't introduce any regressions with the rewritten "activate" callback based fps filter. Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d2fc244293b531cf1ce175155f74202b697a7a23 --- tests/fate/filter-video.mak | 10 +- tests/ref/fate/filter-fps-down| 15 +++ tests/ref/fate/filter-fps-down-eof-pass | 16 tests/ref/fate/filter-fps-down-round-down | 15 +++ tests/ref/fate/filter-fps-down-round-up | 16 tests/ref/fate/filter-fps-up | 17 + tests/ref/fate/filter-fps-up-round-down | 16 tests/ref/fate/filter-fps-up-round-up | 17 + 8 files changed, 121 insertions(+), 1 deletion(-) diff --git a/tests/fate/filter-video.mak b/tests/fate/filter-video.mak index 221ae81fdc..e3e128cf67 100644 --- a/tests/fate/filter-video.mak +++ b/tests/fate/filter-video.mak @@ -108,7 +108,6 @@ FATE_FILTER-$(call ALLYES, AVDEVICE TESTSRC_FILTER FORMAT_FILTER CONCAT_FILTER S fate-filter-lavd-scalenorm: tests/data/filtergraphs/scalenorm fate-filter-lavd-scalenorm: CMD = framecrc -f lavfi -graph_file $(TARGET_PATH)/tests/data/filtergraphs/scalenorm -i dummy - FATE_FILTER-$(call ALLYES, FRAMERATE_FILTER TESTSRC2_FILTER) += fate-filter-framerate-up fate-filter-framerate-down fate-filter-framerate-up: CMD = framecrc -lavfi testsrc2=r=2:d=10,framerate=fps=10 -t 1 fate-filter-framerate-down: CMD = framecrc -lavfi testsrc2=r=2:d=10,framerate=fps=1 -t 1 @@ -426,6 +425,15 @@ fate-filter-concat: CMD = framecrc -filter_complex_script $(TARGET_PATH)/tests/d FATE_FILTER-$(call ALLYES, TESTSRC2_FILTER FPS_FILTER MPDECIMATE_FILTER) += fate-filter-mpdecimate fate-filter-mpdecimate: CMD = framecrc -lavfi testsrc2=r=2:d=10,fps=3,mpdecimate -r 3 -pix_fmt yuv420p +FATE_FILTER-$(call ALLYES, FPS_FILTER TESTSRC2_FILTER) += fate-filter-fps-up fate-filter-fps-up-round-down fate-filter-fps-up-round-up fate-filter-fps-down fate-filter-fps-down-round-down fate-filter-fps-down-round-up fate-filter-fps-down-eof-pass +fate-filter-fps-up: CMD = framecrc -lavfi testsrc2=r=3:d=2,fps=7 +fate-filter-fps-up-round-down: CMD = framecrc -lavfi testsrc2=r=3:d=2,fps=7:round=down +fate-filter-fps-up-round-up: CMD = framecrc -lavfi testsrc2=r=3:d=2,fps=7:round=up +fate-filter-fps-down: CMD = framecrc -lavfi testsrc2=r=7:d=3.5,fps=3 +fate-filter-fps-down-round-down: CMD = framecrc -lavfi testsrc2=r=7:d=3.5,fps=3:round=down +fate-filter-fps-down-round-up: CMD = framecrc -lavfi testsrc2=r=7:d=3.5,fps=3:round=up +fate-filter-fps-down-eof-pass: CMD = framecrc -lavfi testsrc2=r=7:d=3.5,fps=3:eof_action=pass + FATE_FILTER_SAMPLES-$(call ALLYES, MOV_DEMUXER FPS_FILTER QTRLE_DECODER) += fate-filter-fps-cfr fate-filter-fps fate-filter-fps-r fate-filter-fps-cfr: CMD = framecrc -i $(TARGET_SAMPLES)/qtrle/apple-animation-variable-fps-bug.mov -r 30 -vsync cfr -pix_fmt yuv420p fate-filter-fps-r: CMD = framecrc -i $(TARGET_SAMPLES)/qtrle/apple-animation-variable-fps-bug.mov -r 30 -vf fps -pix_fmt yuv420p diff --git a/tests/ref/fate/filter-fps-down b/tests/ref/fate/filter-fps-down new file mode 100644 index 00..eb8b368985 --- /dev/null +++ b/tests/ref/fate/filter-fps-down @@ -0,0 +1,15 @@ +#tb 0: 1/3 +#media_type 0: video +#codec_id 0: rawvideo +#dimensions 0: 320x240 +#sar 0: 1/1 +0, 0, 0,1, 115200, 0x0c1062d6 +0, 1, 1,1, 115200, 0x278d887e +0, 2, 2,1, 115200, 0x75e1a17b +0, 3, 3,1, 115200, 0x686b77e7 +0, 4, 4,1, 115200, 0x1fc2d693 +0, 5, 5,1, 115200, 0x2d0ba5a4 +0, 6, 6,1, 115200, 0x40426f99 +0, 7, 7,1, 115200, 0xc705ccd9 +0, 8, 8,1, 115200, 0x5635daa5 +0, 9, 9,1, 115200, 0x7161ef8f diff --git a/tests/ref/fate/filter-fps-down-eof-pass b/tests/ref/fate/filter-fps-down-eof-pass new file mode 100644 index 00..0b6725f037 --- /dev/null +++ b/tests/ref/fate/filter-fps-down-eof-pass @@ -0,0 +1,16 @@ +#tb 0: 1/3 +#media_type 0: video +#codec_id 0: rawvideo +#dimensions 0: 320x240 +#sar 0: 1/1 +0, 0, 0,1, 115200, 0x0c1062d6 +0, 1, 1,1, 115200, 0x278d887e +0, 2, 2,1, 115200, 0x75e1a17b +0, 3, 3,1, 115200, 0x686b77e7 +0, 4, 4,1, 115200, 0x1fc2d693 +0, 5, 5,1, 115200, 0x2d0ba5a4 +0, 6, 6,1, 115200, 0x40426f99 +0,
[FFmpeg-cvslog] avcodec/jpeg2000dec: Use av_image_check_size2()
ffmpeg | branch: master | Michael Niedermayer | Sat
Feb 17 04:20:53 2018 +0100| [01370b31aced784593f2bc0836f4ba6fd8e7f6b3] |
committer: Michael Niedermayer
avcodec/jpeg2000dec: Use av_image_check_size2()
Fixes: OOM
Fixes: 5733/clusterfuzz-testcase-minimized-4906757966004224
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=01370b31aced784593f2bc0836f4ba6fd8e7f6b3
---
libavcodec/jpeg2000dec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c
index 4cf8a2880c..5414ce5655 100644
--- a/libavcodec/jpeg2000dec.c
+++ b/libavcodec/jpeg2000dec.c
@@ -285,7 +285,7 @@ static int get_siz(Jpeg2000DecoderContext *s)
avpriv_request_sample(s->avctx, "Support for image offsets");
return AVERROR_PATCHWELCOME;
}
-if (av_image_check_size(s->width, s->height, 0, s->avctx)) {
+if (av_image_check_size2(s->width, s->height, s->avctx->max_pixels,
AV_PIX_FMT_NONE, 0, s->avctx)) {
avpriv_request_sample(s->avctx, "Large Dimensions");
return AVERROR_PATCHWELCOME;
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/h264: Increase field_poc to 64bit in ff_h264_init_poc() to detect overflows
ffmpeg | branch: master | Michael Niedermayer | Sat
Feb 17 04:20:54 2018 +0100| [1be49cee34eb588d70c2bf4c46dc23539fd71b53] |
committer: Michael Niedermayer
avcodec/h264: Increase field_poc to 64bit in ff_h264_init_poc() to detect
overflows
Fixes: Integer overflow
Fixes: 5746/clusterfuzz-testcase-minimized-6270097623613440
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1be49cee34eb588d70c2bf4c46dc23539fd71b53
---
libavcodec/h264_parse.c | 6 +-
libavcodec/h264_parser.c | 4 +++-
libavcodec/h264_slice.c | 4 +++-
3 files changed, 11 insertions(+), 3 deletions(-)
diff --git a/libavcodec/h264_parse.c b/libavcodec/h264_parse.c
index fee28d90d9..6cbef5a13d 100644
--- a/libavcodec/h264_parse.c
+++ b/libavcodec/h264_parse.c
@@ -271,7 +271,7 @@ int ff_h264_init_poc(int pic_field_poc[2], int *pic_poc,
int picture_structure, int nal_ref_idc)
{
const int max_frame_num = 1 << sps->log2_max_frame_num;
-int field_poc[2];
+int64_t field_poc[2];
pc->frame_num_offset = pc->prev_frame_num_offset;
if (pc->frame_num < pc->prev_frame_num)
@@ -337,6 +337,10 @@ int ff_h264_init_poc(int pic_field_poc[2], int *pic_poc,
field_poc[1] = poc;
}
+if ( field_poc[0] != (int)field_poc[0]
+|| field_poc[1] != (int)field_poc[1])
+return AVERROR_INVALIDDATA;
+
if (picture_structure != PICT_BOTTOM_FIELD)
pic_field_poc[0] = field_poc[0];
if (picture_structure != PICT_TOP_FIELD)
diff --git a/libavcodec/h264_parser.c b/libavcodec/h264_parser.c
index 65d9d44b50..1a9840a62c 100644
--- a/libavcodec/h264_parser.c
+++ b/libavcodec/h264_parser.c
@@ -449,8 +449,10 @@ static inline int parse_nal_units(AVCodecParserContext *s,
/* Decode POC of this picture.
* The prev_ values needed for decoding POC of the next picture
are not set here. */
field_poc[0] = field_poc[1] = INT_MAX;
-ff_h264_init_poc(field_poc, &s->output_picture_number, sps,
+ret = ff_h264_init_poc(field_poc, &s->output_picture_number, sps,
&p->poc, p->picture_structure, nal.ref_idc);
+if (ret < 0)
+goto fail;
/* Continue parsing to check if MMCO_RESET is present.
* FIXME: MMCO_RESET could appear in non-first slice.
diff --git a/libavcodec/h264_slice.c b/libavcodec/h264_slice.c
index e6b7998834..90e05ed8f1 100644
--- a/libavcodec/h264_slice.c
+++ b/libavcodec/h264_slice.c
@@ -1607,8 +1607,10 @@ static int h264_field_start(H264Context *h, const
H264SliceContext *sl,
(h->mb_height * h->mb_stride - 1) * sizeof(*h->slice_table));
}
-ff_h264_init_poc(h->cur_pic_ptr->field_poc, &h->cur_pic_ptr->poc,
+ret = ff_h264_init_poc(h->cur_pic_ptr->field_poc, &h->cur_pic_ptr->poc,
h->ps.sps, &h->poc, h->picture_structure, nal->ref_idc);
+if (ret < 0)
+return ret;
memcpy(h->mmco, sl->mmco, sl->nb_mmco * sizeof(*h->mmco));
h->nb_mmco = sl->nb_mmco;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/hevcdec: Check luma/chroma_log2_weight_denom
ffmpeg | branch: master | Michael Niedermayer | Sat
Feb 17 21:42:34 2018 +0100| [f82dd4c09b2decb033f1e339d4be81efd38554f1] |
committer: Michael Niedermayer
avcodec/hevcdec: Check luma/chroma_log2_weight_denom
Fixes: signed integer overflow: 3 + 2147483647 cannot be represented in type
'int'
Fixes: 5888/clusterfuzz-testcase-minimized-5634701067812864
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f82dd4c09b2decb033f1e339d4be81efd38554f1
---
libavcodec/hevcdec.c | 12 +---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/libavcodec/hevcdec.c b/libavcodec/hevcdec.c
index 8f1c1f1953..fc4eb781dc 100644
--- a/libavcodec/hevcdec.c
+++ b/libavcodec/hevcdec.c
@@ -151,12 +151,18 @@ static int pred_weight_table(HEVCContext *s,
GetBitContext *gb)
int luma_log2_weight_denom;
luma_log2_weight_denom = get_ue_golomb_long(gb);
-if (luma_log2_weight_denom < 0 || luma_log2_weight_denom > 7)
+if (luma_log2_weight_denom < 0 || luma_log2_weight_denom > 7) {
av_log(s->avctx, AV_LOG_ERROR, "luma_log2_weight_denom %d is
invalid\n", luma_log2_weight_denom);
+return AVERROR_INVALIDDATA;
+}
s->sh.luma_log2_weight_denom = av_clip_uintp2(luma_log2_weight_denom, 3);
if (s->ps.sps->chroma_format_idc != 0) {
-int delta = get_se_golomb(gb);
-s->sh.chroma_log2_weight_denom =
av_clip_uintp2(s->sh.luma_log2_weight_denom + delta, 3);
+int64_t chroma_log2_weight_denom = luma_log2_weight_denom +
(int64_t)get_se_golomb(gb);
+if (chroma_log2_weight_denom < 0 || chroma_log2_weight_denom > 7) {
+av_log(s->avctx, AV_LOG_ERROR, "chroma_log2_weight_denom %"PRId64"
is invalid\n", chroma_log2_weight_denom);
+return AVERROR_INVALIDDATA;
+}
+s->sh.chroma_log2_weight_denom = chroma_log2_weight_denom;
}
for (i = 0; i < s->sh.nb_refs[L0]; i++) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/dirac_dwt_template: Fix Integer overflow in horizontal_compose_dd137i()
ffmpeg | branch: master | Michael Niedermayer | Sat
Feb 17 21:47:09 2018 +0100| [647fa49495c39a48b7ccb92acd8fb975b1575456] |
committer: Michael Niedermayer
avcodec/dirac_dwt_template: Fix Integer overflow in horizontal_compose_dd137i()
Fixes: 5894/clusterfuzz-testcase-minimized-5315325420634112
Fixes: runtime error: signed integer overflow: 2147483647 + 1 cannot be
represented in type 'int'
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=647fa49495c39a48b7ccb92acd8fb975b1575456
---
libavcodec/dirac_dwt_template.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/libavcodec/dirac_dwt_template.c b/libavcodec/dirac_dwt_template.c
index e68cc4d530..8c25c1f822 100644
--- a/libavcodec/dirac_dwt_template.c
+++ b/libavcodec/dirac_dwt_template.c
@@ -95,8 +95,8 @@ static void RENAME(horizontal_compose_dd97i)(uint8_t *_b,
uint8_t *_tmp, int w)
tmp[w2+1] = tmp[w2] = tmp[w2-1];
for (x = 0; x < w2; x++) {
-b[2*x ] = (tmp[x] + 1)>>1;
-b[2*x+1] = (COMPOSE_DD97iH0(tmp[x-1], tmp[x], b[x+w2], tmp[x+1],
tmp[x+2]) + 1)>>1;
+b[2*x ] = ((int)(tmp[x] + 1U))>>1;
+b[2*x+1] = ((int)(COMPOSE_DD97iH0(tmp[x-1], tmp[x], b[x+w2], tmp[x+1],
tmp[x+2]) + 1U))>>1;
}
}
@@ -118,8 +118,8 @@ static void RENAME(horizontal_compose_dd137i)(uint8_t *_b,
uint8_t *_tmp, int w)
tmp[w2+1] = tmp[w2] = tmp[w2-1];
for (x = 0; x < w2; x++) {
-b[2*x ] = (tmp[x] + 1)>>1;
-b[2*x+1] = (COMPOSE_DD97iH0(tmp[x-1], tmp[x], b[x+w2], tmp[x+1],
tmp[x+2]) + 1)>>1;
+b[2*x ] = ((int)(tmp[x] + 1U))>>1;
+b[2*x+1] = ((int)(COMPOSE_DD97iH0(tmp[x-1], tmp[x], b[x+w2], tmp[x+1],
tmp[x+2]) + 1U))>>1;
}
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avutil/common: Fix integer overflow in av_clip_uint8_c() and av_clip_uint16_c()
ffmpeg | branch: release/2.8 | Michael Niedermayer |
Wed Feb 14 03:54:13 2018 +0100| [a3c66132d957db7f146601ac35f31944b0e5d98f] |
committer: Michael Niedermayer
avutil/common: Fix integer overflow in av_clip_uint8_c() and av_clip_uint16_c()
Fixes: 5567/clusterfuzz-testcase-minimized-5769966247739392
Fixes: runtime error: negation of -2147483648 cannot be represented in type
'int'; cast to an unsigned type to negate this value to itself
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit ab6f571ef71967da7c7c1cfba483d3597c7357d5)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a3c66132d957db7f146601ac35f31944b0e5d98f
---
libavutil/common.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavutil/common.h b/libavutil/common.h
index 7fe3ccc25a..81f5fedf29 100644
--- a/libavutil/common.h
+++ b/libavutil/common.h
@@ -162,7 +162,7 @@ static av_always_inline av_const int64_t
av_clip64_c(int64_t a, int64_t amin, in
*/
static av_always_inline av_const uint8_t av_clip_uint8_c(int a)
{
-if (a&(~0xFF)) return (-a)>>31;
+if (a&(~0xFF)) return (~a)>>31;
else return a;
}
@@ -184,7 +184,7 @@ static av_always_inline av_const int8_t av_clip_int8_c(int
a)
*/
static av_always_inline av_const uint16_t av_clip_uint16_c(int a)
{
-if (a&(~0x)) return (-a)>>31;
+if (a&(~0x)) return (~a)>>31;
else return a;
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/vp8: Check for bitstream end before vp7_fade_frame()
ffmpeg | branch: release/2.8 | Michael Niedermayer |
Sat Feb 17 04:20:52 2018 +0100| [603d23ffebdd6891167ad6c439e27517e7227a9d] |
committer: Michael Niedermayer
avcodec/vp8: Check for bitstream end before vp7_fade_frame()
Fixes: Timeout
Fixes: 5653/clusterfuzz-testcase-5497680018014208
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit de675648cef7e451ca82fabaee0d8ec1fe653311)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=603d23ffebdd6891167ad6c439e27517e7227a9d
---
libavcodec/vp8.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavcodec/vp8.c b/libavcodec/vp8.c
index da28032d9f..3adecba2f0 100644
--- a/libavcodec/vp8.c
+++ b/libavcodec/vp8.c
@@ -605,6 +605,8 @@ static int vp7_decode_frame_header(VP8Context *s, const
uint8_t *buf, int buf_si
s->fade_present = vp8_rac_get(c);
}
+if (c->end <= c->buffer && c->bits >= 0)
+return AVERROR_INVALIDDATA;
/* E. Fading information for previous frame */
if (s->fade_present && vp8_rac_get(c)) {
if ((ret = vp7_fade_frame(s ,c)) < 0)
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/exr: Check remaining bits in last get code loop
ffmpeg | branch: release/2.8 | Michael Niedermayer |
Wed Feb 14 13:01:46 2018 +0100| [09dad52390025b8ab73c4196cd616a7e4410cf32] |
committer: Michael Niedermayer
avcodec/exr: Check remaining bits in last get code loop
Fixes: runtime error: shift exponent -7 is negative
Fixes:
3902/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-6081926122176512
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit dd8351b1184b8054925c28ecc5fcb6dbbc177fad)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=09dad52390025b8ab73c4196cd616a7e4410cf32
---
libavcodec/exr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/exr.c b/libavcodec/exr.c
index a62a4c8a6f..329db66149 100644
--- a/libavcodec/exr.c
+++ b/libavcodec/exr.c
@@ -537,7 +537,7 @@ static int huf_decode(const uint64_t *hcode, const HufDec
*hdecod,
while (lc > 0) {
const HufDec pl = hdecod[(c << (HUF_DECBITS - lc)) & HUF_DECMASK];
-if (pl.len) {
+if (pl.len && lc >= pl.len) {
lc -= pl.len;
get_code(pl.lit, rlc, c, lc, gb, out, oe, outb);
} else {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] Changelog: update
ffmpeg | branch: release/2.8 | Michael Niedermayer | Mon Feb 19 00:43:07 2018 +0100| [3f8a0d5ad1a9ee2d15083f954a75f2aabe987b07] | committer: Michael Niedermayer Changelog: update Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3f8a0d5ad1a9ee2d15083f954a75f2aabe987b07 --- Changelog | 5 + 1 file changed, 5 insertions(+) diff --git a/Changelog b/Changelog index 07edb32653..646ae02510 100644 --- a/Changelog +++ b/Changelog @@ -2,6 +2,11 @@ Entries are sorted chronologically from oldest to youngest within each release, releases are sorted from youngest to oldest. version 2.8.14: +- avcodec/vp8: Check for bitstream end before vp7_fade_frame() +- avcodec/exr: Check remaining bits in last get code loop +- avutil/common: Fix integer overflow in av_clip_uint8_c() and av_clip_uint16_c() +- avcodec/h264_cabac: Tighten allowed coeff_abs range +- avcodec/h264_cavlc: Set valid qscale value in ff_h264_decode_mb_cavlc() - avcodec/vp3: Error out on invalid num_coeffs in unpack_vlcs() - avcodec/mpeg4videodec: Ignore multiple VOL headers - avcodec/vp3: Check eob_run ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/h264_cavlc: Set valid qscale value in ff_h264_decode_mb_cavlc()
ffmpeg | branch: release/2.8 | Xiaohan Wang | Sat Feb 3
01:43:35 2018 -0800| [07e46226ae50ce0e4754b5cc11fafaffb1d4116a] | committer:
Michael Niedermayer
avcodec/h264_cavlc: Set valid qscale value in ff_h264_decode_mb_cavlc()
When ff_h264_decode_mb_cavlc() failed due to wrong sl->qscale values,
e.g. dquant out of range, set the qscale to be a valid value before
returning -1 and exiting the function. The qscale value can be used
later e.g. in loop filter.
BUG=806122
Signed-off-by: Michael Niedermayer
(cherry picked from commit 71f39de2a57efc8db1d607b09c162c3b806cd45d)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=07e46226ae50ce0e4754b5cc11fafaffb1d4116a
---
libavcodec/h264_cavlc.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/libavcodec/h264_cavlc.c b/libavcodec/h264_cavlc.c
index 3fa5b2e197..97ec6fd4ae 100644
--- a/libavcodec/h264_cavlc.c
+++ b/libavcodec/h264_cavlc.c
@@ -1113,6 +1113,7 @@ decode_intra_mb:
elsesl->qscale -= max_qp+1;
if (((unsigned)sl->qscale) > max_qp){
av_log(h->avctx, AV_LOG_ERROR, "dquant out of range (%d) at %d
%d\n", dquant, sl->mb_x, sl->mb_y);
+sl->qscale = max_qp;
return -1;
}
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/h264_cabac: Tighten allowed coeff_abs range
ffmpeg | branch: release/2.8 | Michael Niedermayer |
Wed Feb 14 00:32:30 2018 +0100| [6cfd81b04c7159450a01dadb748b7042559d1dca] |
committer: Michael Niedermayer
avcodec/h264_cabac: Tighten allowed coeff_abs range
Fixes: integer overflows
Reported-by: "Xiaohan Wang (王消寒)"
Based on limits in "8.5 Transform coefficient decoding process and picture
construction process prior to deblocking filter process"
Signed-off-by: Michael Niedermayer
(cherry picked from commit f26a63c4ee1bdbe21d7ab462cd66f8ba20b14244)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6cfd81b04c7159450a01dadb748b7042559d1dca
---
libavcodec/h264_cabac.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/h264_cabac.c b/libavcodec/h264_cabac.c
index 397253ff34..3679bd3df8 100644
--- a/libavcodec/h264_cabac.c
+++ b/libavcodec/h264_cabac.c
@@ -1732,7 +1732,7 @@ decode_cabac_residual_internal(const H264Context *h,
H264SliceContext *sl,
\
if( coeff_abs >= 15 ) { \
int j = 0; \
-while (get_cabac_bypass(CC) && j < 30) { \
+while (get_cabac_bypass(CC) && j < 16+7) { \
j++; \
} \
\
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] Tag n2.8.14 : FFmpeg 2.8.14 release
[ffmpeg] [branch: refs/tags/n2.8.14] Tag:69083be98a03d9620db84aeb29c496d3a4f9510a > http://git.videolan.org/gitweb.cgi/ffmpeg.git?a=tag;h=69083be98a03d9620db84aeb29c496d3a4f9510a Tagger: Michael Niedermayer Date: Mon Feb 19 01:49:32 2018 +0100 FFmpeg 2.8.14 release ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] [ffmpeg-web] branch master updated. 4ee8d5d web/download: add FFmpeg 2.8.14
The branch, master has been updated via 4ee8d5d5a42fc942f3e0dbc85557074117ab4ab1 (commit) from e047806ab009920077923e671698d614d7693335 (commit) - Log - commit 4ee8d5d5a42fc942f3e0dbc85557074117ab4ab1 Author: Michael Niedermayer AuthorDate: Mon Feb 19 02:31:17 2018 +0100 Commit: Michael Niedermayer CommitDate: Mon Feb 19 02:31:17 2018 +0100 web/download: add FFmpeg 2.8.14 diff --git a/src/download b/src/download index 3f20921..737b880 100644 --- a/src/download +++ b/src/download @@ -464,10 +464,10 @@ libpostproc54. 0.100 - FFmpeg 2.8.13 "Feynman" + FFmpeg 2.8.14 "Feynman" -2.8.13 was released on 2017-09-02. It is the latest stable FFmpeg release +2.8.14 was released on 2018-02-18. It is the latest stable FFmpeg release from the 2.8 release branch, which was cut from master on 2015-09-05. Amongst lots of other changes, it includes all changes from ffmpeg-mt, libav master of 2015-08-28, libav 11 as of 2015-08-28. @@ -487,19 +487,19 @@ libpostproc53. 3.100 - Download xz tarball - PGP signature + Download xz tarball + PGP signature - Download bzip2 tarball - PGP signature + Download bzip2 tarball + PGP signature - Download gzip tarball - PGP signature + Download gzip tarball + PGP signature - https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n2.8.13";>Changelog + https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n2.8.14";>Changelog https://git.ffmpeg.org/gitweb/ffmpeg.git/blob/refs/heads/release/2.8:/RELEASE_NOTES";>Release Notes --- Summary of changes: src/download | 18 +- 1 file changed, 9 insertions(+), 9 deletions(-) hooks/post-receive -- ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] fate: add tests for pan audio filter
ffmpeg | branch: master | Tobias Rapp | Thu Feb 15 08:21:24 2018 +0100| [56f77b0f678de74404ae3a64f6ba664ea4449348] | committer: Tobias Rapp fate: add tests for pan audio filter Signed-off-by: Tobias Rapp > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=56f77b0f678de74404ae3a64f6ba664ea4449348 --- tests/fate/filter-audio.mak | 30 ++ tests/ref/fate/filter-pan-mono1 | 26 ++ tests/ref/fate/filter-pan-mono2 | 26 ++ tests/ref/fate/filter-pan-stereo1 | 26 ++ tests/ref/fate/filter-pan-stereo2 | 26 ++ tests/ref/fate/filter-pan-stereo3 | 26 ++ tests/ref/fate/filter-pan-stereo4 | 26 ++ 7 files changed, 186 insertions(+) diff --git a/tests/fate/filter-audio.mak b/tests/fate/filter-audio.mak index bd8b3d3c35..2a3ba1992f 100644 --- a/tests/fate/filter-audio.mak +++ b/tests/fate/filter-audio.mak @@ -128,6 +128,36 @@ fate-filter-firequalizer: CMP = oneoff fate-filter-firequalizer: CMP_UNIT = s16 fate-filter-firequalizer: SIZE_TOLERANCE = 1058400 - 1097208 +FATE_AFILTER-$(call FILTERDEMDECENCMUX, PAN, WAV, PCM_S16LE, PCM_S16LE, WAV) += fate-filter-pan-mono1 +fate-filter-pan-mono1: tests/data/asynth-44100-2.wav +fate-filter-pan-mono1: SRC = $(TARGET_PATH)/tests/data/asynth-44100-2.wav +fate-filter-pan-mono1: CMD = framecrc -ss 3.14 -i $(SRC) -frames:a 20 -filter:a "pan=mono|FC=FL" + +FATE_AFILTER-$(call FILTERDEMDECENCMUX, PAN, WAV, PCM_S16LE, PCM_S16LE, WAV) += fate-filter-pan-mono2 +fate-filter-pan-mono2: tests/data/asynth-44100-2.wav +fate-filter-pan-mono2: SRC = $(TARGET_PATH)/tests/data/asynth-44100-2.wav +fate-filter-pan-mono2: CMD = framecrc -ss 3.14 -i $(SRC) -frames:a 20 -filter:a "pan=1C|c0=c0+c1" + +FATE_AFILTER-$(call FILTERDEMDECENCMUX, PAN, WAV, PCM_S16LE, PCM_S16LE, WAV) += fate-filter-pan-stereo1 +fate-filter-pan-stereo1: tests/data/asynth-44100-3.wav +fate-filter-pan-stereo1: SRC = $(TARGET_PATH)/tests/data/asynth-44100-3.wav +fate-filter-pan-stereo1: CMD = framecrc -ss 3.14 -i $(SRC) -frames:a 20 -filter:a "pan=2c|FL=FR|FR=FL" + +FATE_AFILTER-$(call FILTERDEMDECENCMUX, PAN, WAV, PCM_S16LE, PCM_S16LE, WAV) += fate-filter-pan-stereo2 +fate-filter-pan-stereo2: tests/data/asynth-44100-3.wav +fate-filter-pan-stereo2: SRC = $(TARGET_PATH)/tests/data/asynth-44100-3.wav +fate-filter-pan-stereo2: CMD = framecrc -ss 3.14 -i $(SRC) -frames:a 20 -filter:a "pan=stereo|c0=c0-c2|c1=c1-c2" + +FATE_AFILTER-$(call FILTERDEMDECENCMUX, PAN, WAV, PCM_S16LE, PCM_S16LE, WAV) += fate-filter-pan-stereo3 +fate-filter-pan-stereo3: tests/data/asynth-44100-2.wav +fate-filter-pan-stereo3: SRC = $(TARGET_PATH)/tests/data/asynth-44100-2.wav +fate-filter-pan-stereo3: CMD = framecrc -ss 3.14 -i $(SRC) -frames:a 20 -filter:a "pan=FL+FR|FL<3*c0+2*c1|FR<2*c0+3*c1" + +FATE_AFILTER-$(call FILTERDEMDECENCMUX, PAN, WAV, PCM_S16LE, PCM_S16LE, WAV) += fate-filter-pan-stereo4 +fate-filter-pan-stereo4: tests/data/asynth-44100-2.wav +fate-filter-pan-stereo4: SRC = $(TARGET_PATH)/tests/data/asynth-44100-2.wav +fate-filter-pan-stereo4: CMD = framecrc -ss 3.14 -guess_layout_max 0 -i $(SRC) -frames:a 20 -filter:a "pan=4C|c0=c0-0.5*c1|c1=c1+0.5*c0|c2=0*c0|c3=0*c0" + FATE_AFILTER_SAMPLES-$(call FILTERDEMDECENCMUX, SILENCEREMOVE, WAV, PCM_S16LE, PCM_S16LE, WAV) += fate-filter-silenceremove fate-filter-silenceremove: SRC = $(TARGET_SAMPLES)/audio-reference/divertimenti_2ch_96kHz_s24.wav fate-filter-silenceremove: CMD = framecrc -i $(SRC) -frames:a 30 -af silenceremove=0:0:0:-1:0:-90dB diff --git a/tests/ref/fate/filter-pan-mono1 b/tests/ref/fate/filter-pan-mono1 new file mode 100644 index 00..3bd7c25bc1 --- /dev/null +++ b/tests/ref/fate/filter-pan-mono1 @@ -0,0 +1,26 @@ +#tb 0: 1/44100 +#media_type 0: audio +#codec_id 0: pcm_s16le +#sample_rate 0: 44100 +#channel_layout 0: 4 +#channel_layout_name 0: mono +0, 0, 0, 1024, 2048, 0x750f0a66 +0, 1024, 1024, 1024, 2048, 0x155cf063 +0, 2048, 2048, 1024, 2048, 0x1e43fc32 +0, 3072, 3072, 1024, 2048, 0x282ffc28 +0, 4096, 4096, 1024, 2048, 0x6d7bf000 +0, 5120, 5120, 1024, 2048, 0xc0b2f411 +0, 6144, 6144, 1024, 2048, 0xd711fb03 +0, 7168, 7168, 1024, 2048, 0x3164189c +0, 8192, 8192, 1024, 2048, 0x8c69e827 +0, 9216, 9216, 1024, 2048, 0x562d0518 +0, 10240, 10240, 1024, 2048, 0x380aee27 +0, 11264, 11264, 1024, 2048, 0x990a03e4 +0, 12288, 12288, 1024, 2048, 0x68d7ef60 +0, 13312, 13312, 1024, 2048, 0xd13fef9e +0, 14336, 14336, 1024, 2048, 0x009306e4 +0, 15360, 15360, 1024, 2048, 0x51850390 +0, 16384, 16384, 1024, 2048, 0xcd3ceeae +0, 17408, 17408, 102
[FFmpeg-cvslog] swresample/rematrix: fix update of channel matrix if input or output layout is undefined
ffmpeg | branch: master | Tobias Rapp | Wed Feb 14
17:01:08 2018 +0100| [6325bd3717348615adafb52e4da2fd01a3007d0a] | committer:
Tobias Rapp
swresample/rematrix: fix update of channel matrix if input or output layout is
undefined
Prefer direct in/out channel count values over channel layout, when
available. Fixes a pan filter bug (ticket #6790).
Signed-off-by: Tobias Rapp
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6325bd3717348615adafb52e4da2fd01a3007d0a
---
libswresample/rematrix.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/libswresample/rematrix.c b/libswresample/rematrix.c
index 9fcfff1318..8227730056 100644
--- a/libswresample/rematrix.c
+++ b/libswresample/rematrix.c
@@ -69,8 +69,10 @@ int swr_set_matrix(struct SwrContext *s, const double
*matrix, int stride)
return AVERROR(EINVAL);
memset(s->matrix, 0, sizeof(s->matrix));
memset(s->matrix_flt, 0, sizeof(s->matrix_flt));
-nb_in = av_get_channel_layout_nb_channels(s->user_in_ch_layout);
-nb_out = av_get_channel_layout_nb_channels(s->user_out_ch_layout);
+nb_in = (s->user_in_ch_count > 0) ? s->user_in_ch_count :
+av_get_channel_layout_nb_channels(s->user_in_ch_layout);
+nb_out = (s->user_out_ch_count > 0) ? s->user_out_ch_count :
+av_get_channel_layout_nb_channels(s->user_out_ch_layout);
for (out = 0; out < nb_out; out++) {
for (in = 0; in < nb_in; in++)
s->matrix_flt[out][in] = s->matrix[out][in] = matrix[in];
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
