[FFmpeg-cvslog] avcodec/vp8: Check for bitstream end before vp7_fade_frame()
ffmpeg | branch: master | Michael Niedermayer | Sat Feb 17 04:20:52 2018 +0100| [de675648cef7e451ca82fabaee0d8ec1fe653311] | committer: Michael Niedermayer avcodec/vp8: Check for bitstream end before vp7_fade_frame() Fixes: Timeout Fixes: 5653/clusterfuzz-testcase-5497680018014208 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=de675648cef7e451ca82fabaee0d8ec1fe653311 --- libavcodec/vp8.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/vp8.c b/libavcodec/vp8.c index 7f71a75e4b..62b9f8bc2d 100644 --- a/libavcodec/vp8.c +++ b/libavcodec/vp8.c @@ -656,6 +656,8 @@ static int vp7_decode_frame_header(VP8Context *s, const uint8_t *buf, int buf_si s->fade_present = vp8_rac_get(c); } +if (c->end <= c->buffer && c->bits >= 0) +return AVERROR_INVALIDDATA; /* E. Fading information for previous frame */ if (s->fade_present && vp8_rac_get(c)) { if ((ret = vp7_fade_frame(s ,c)) < 0) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] libavfilter/vf_fps: Add more fate tests
ffmpeg | branch: master | Calvin Walton | Fri Feb 16 15:02:02 2018 -0500| [d2fc244293b531cf1ce175155f74202b697a7a23] | committer: Michael Niedermayer libavfilter/vf_fps: Add more fate tests These tests cover specific rounding behaviour, to ensure that I don't introduce any regressions with the rewritten "activate" callback based fps filter. Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d2fc244293b531cf1ce175155f74202b697a7a23 --- tests/fate/filter-video.mak | 10 +- tests/ref/fate/filter-fps-down| 15 +++ tests/ref/fate/filter-fps-down-eof-pass | 16 tests/ref/fate/filter-fps-down-round-down | 15 +++ tests/ref/fate/filter-fps-down-round-up | 16 tests/ref/fate/filter-fps-up | 17 + tests/ref/fate/filter-fps-up-round-down | 16 tests/ref/fate/filter-fps-up-round-up | 17 + 8 files changed, 121 insertions(+), 1 deletion(-) diff --git a/tests/fate/filter-video.mak b/tests/fate/filter-video.mak index 221ae81fdc..e3e128cf67 100644 --- a/tests/fate/filter-video.mak +++ b/tests/fate/filter-video.mak @@ -108,7 +108,6 @@ FATE_FILTER-$(call ALLYES, AVDEVICE TESTSRC_FILTER FORMAT_FILTER CONCAT_FILTER S fate-filter-lavd-scalenorm: tests/data/filtergraphs/scalenorm fate-filter-lavd-scalenorm: CMD = framecrc -f lavfi -graph_file $(TARGET_PATH)/tests/data/filtergraphs/scalenorm -i dummy - FATE_FILTER-$(call ALLYES, FRAMERATE_FILTER TESTSRC2_FILTER) += fate-filter-framerate-up fate-filter-framerate-down fate-filter-framerate-up: CMD = framecrc -lavfi testsrc2=r=2:d=10,framerate=fps=10 -t 1 fate-filter-framerate-down: CMD = framecrc -lavfi testsrc2=r=2:d=10,framerate=fps=1 -t 1 @@ -426,6 +425,15 @@ fate-filter-concat: CMD = framecrc -filter_complex_script $(TARGET_PATH)/tests/d FATE_FILTER-$(call ALLYES, TESTSRC2_FILTER FPS_FILTER MPDECIMATE_FILTER) += fate-filter-mpdecimate fate-filter-mpdecimate: CMD = framecrc -lavfi testsrc2=r=2:d=10,fps=3,mpdecimate -r 3 -pix_fmt yuv420p +FATE_FILTER-$(call ALLYES, FPS_FILTER TESTSRC2_FILTER) += fate-filter-fps-up fate-filter-fps-up-round-down fate-filter-fps-up-round-up fate-filter-fps-down fate-filter-fps-down-round-down fate-filter-fps-down-round-up fate-filter-fps-down-eof-pass +fate-filter-fps-up: CMD = framecrc -lavfi testsrc2=r=3:d=2,fps=7 +fate-filter-fps-up-round-down: CMD = framecrc -lavfi testsrc2=r=3:d=2,fps=7:round=down +fate-filter-fps-up-round-up: CMD = framecrc -lavfi testsrc2=r=3:d=2,fps=7:round=up +fate-filter-fps-down: CMD = framecrc -lavfi testsrc2=r=7:d=3.5,fps=3 +fate-filter-fps-down-round-down: CMD = framecrc -lavfi testsrc2=r=7:d=3.5,fps=3:round=down +fate-filter-fps-down-round-up: CMD = framecrc -lavfi testsrc2=r=7:d=3.5,fps=3:round=up +fate-filter-fps-down-eof-pass: CMD = framecrc -lavfi testsrc2=r=7:d=3.5,fps=3:eof_action=pass + FATE_FILTER_SAMPLES-$(call ALLYES, MOV_DEMUXER FPS_FILTER QTRLE_DECODER) += fate-filter-fps-cfr fate-filter-fps fate-filter-fps-r fate-filter-fps-cfr: CMD = framecrc -i $(TARGET_SAMPLES)/qtrle/apple-animation-variable-fps-bug.mov -r 30 -vsync cfr -pix_fmt yuv420p fate-filter-fps-r: CMD = framecrc -i $(TARGET_SAMPLES)/qtrle/apple-animation-variable-fps-bug.mov -r 30 -vf fps -pix_fmt yuv420p diff --git a/tests/ref/fate/filter-fps-down b/tests/ref/fate/filter-fps-down new file mode 100644 index 00..eb8b368985 --- /dev/null +++ b/tests/ref/fate/filter-fps-down @@ -0,0 +1,15 @@ +#tb 0: 1/3 +#media_type 0: video +#codec_id 0: rawvideo +#dimensions 0: 320x240 +#sar 0: 1/1 +0, 0, 0,1, 115200, 0x0c1062d6 +0, 1, 1,1, 115200, 0x278d887e +0, 2, 2,1, 115200, 0x75e1a17b +0, 3, 3,1, 115200, 0x686b77e7 +0, 4, 4,1, 115200, 0x1fc2d693 +0, 5, 5,1, 115200, 0x2d0ba5a4 +0, 6, 6,1, 115200, 0x40426f99 +0, 7, 7,1, 115200, 0xc705ccd9 +0, 8, 8,1, 115200, 0x5635daa5 +0, 9, 9,1, 115200, 0x7161ef8f diff --git a/tests/ref/fate/filter-fps-down-eof-pass b/tests/ref/fate/filter-fps-down-eof-pass new file mode 100644 index 00..0b6725f037 --- /dev/null +++ b/tests/ref/fate/filter-fps-down-eof-pass @@ -0,0 +1,16 @@ +#tb 0: 1/3 +#media_type 0: video +#codec_id 0: rawvideo +#dimensions 0: 320x240 +#sar 0: 1/1 +0, 0, 0,1, 115200, 0x0c1062d6 +0, 1, 1,1, 115200, 0x278d887e +0, 2, 2,1, 115200, 0x75e1a17b +0, 3, 3,1, 115200, 0x686b77e7 +0, 4, 4,1, 115200, 0x1fc2d693 +0, 5, 5,1, 115200, 0x2d0ba5a4 +0, 6, 6,1, 115200, 0x40426f99 +0,
[FFmpeg-cvslog] avcodec/jpeg2000dec: Use av_image_check_size2()
ffmpeg | branch: master | Michael Niedermayer | Sat Feb 17 04:20:53 2018 +0100| [01370b31aced784593f2bc0836f4ba6fd8e7f6b3] | committer: Michael Niedermayer avcodec/jpeg2000dec: Use av_image_check_size2() Fixes: OOM Fixes: 5733/clusterfuzz-testcase-minimized-4906757966004224 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=01370b31aced784593f2bc0836f4ba6fd8e7f6b3 --- libavcodec/jpeg2000dec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c index 4cf8a2880c..5414ce5655 100644 --- a/libavcodec/jpeg2000dec.c +++ b/libavcodec/jpeg2000dec.c @@ -285,7 +285,7 @@ static int get_siz(Jpeg2000DecoderContext *s) avpriv_request_sample(s->avctx, "Support for image offsets"); return AVERROR_PATCHWELCOME; } -if (av_image_check_size(s->width, s->height, 0, s->avctx)) { +if (av_image_check_size2(s->width, s->height, s->avctx->max_pixels, AV_PIX_FMT_NONE, 0, s->avctx)) { avpriv_request_sample(s->avctx, "Large Dimensions"); return AVERROR_PATCHWELCOME; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/h264: Increase field_poc to 64bit in ff_h264_init_poc() to detect overflows
ffmpeg | branch: master | Michael Niedermayer | Sat Feb 17 04:20:54 2018 +0100| [1be49cee34eb588d70c2bf4c46dc23539fd71b53] | committer: Michael Niedermayer avcodec/h264: Increase field_poc to 64bit in ff_h264_init_poc() to detect overflows Fixes: Integer overflow Fixes: 5746/clusterfuzz-testcase-minimized-6270097623613440 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1be49cee34eb588d70c2bf4c46dc23539fd71b53 --- libavcodec/h264_parse.c | 6 +- libavcodec/h264_parser.c | 4 +++- libavcodec/h264_slice.c | 4 +++- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/libavcodec/h264_parse.c b/libavcodec/h264_parse.c index fee28d90d9..6cbef5a13d 100644 --- a/libavcodec/h264_parse.c +++ b/libavcodec/h264_parse.c @@ -271,7 +271,7 @@ int ff_h264_init_poc(int pic_field_poc[2], int *pic_poc, int picture_structure, int nal_ref_idc) { const int max_frame_num = 1 << sps->log2_max_frame_num; -int field_poc[2]; +int64_t field_poc[2]; pc->frame_num_offset = pc->prev_frame_num_offset; if (pc->frame_num < pc->prev_frame_num) @@ -337,6 +337,10 @@ int ff_h264_init_poc(int pic_field_poc[2], int *pic_poc, field_poc[1] = poc; } +if ( field_poc[0] != (int)field_poc[0] +|| field_poc[1] != (int)field_poc[1]) +return AVERROR_INVALIDDATA; + if (picture_structure != PICT_BOTTOM_FIELD) pic_field_poc[0] = field_poc[0]; if (picture_structure != PICT_TOP_FIELD) diff --git a/libavcodec/h264_parser.c b/libavcodec/h264_parser.c index 65d9d44b50..1a9840a62c 100644 --- a/libavcodec/h264_parser.c +++ b/libavcodec/h264_parser.c @@ -449,8 +449,10 @@ static inline int parse_nal_units(AVCodecParserContext *s, /* Decode POC of this picture. * The prev_ values needed for decoding POC of the next picture are not set here. */ field_poc[0] = field_poc[1] = INT_MAX; -ff_h264_init_poc(field_poc, &s->output_picture_number, sps, +ret = ff_h264_init_poc(field_poc, &s->output_picture_number, sps, &p->poc, p->picture_structure, nal.ref_idc); +if (ret < 0) +goto fail; /* Continue parsing to check if MMCO_RESET is present. * FIXME: MMCO_RESET could appear in non-first slice. diff --git a/libavcodec/h264_slice.c b/libavcodec/h264_slice.c index e6b7998834..90e05ed8f1 100644 --- a/libavcodec/h264_slice.c +++ b/libavcodec/h264_slice.c @@ -1607,8 +1607,10 @@ static int h264_field_start(H264Context *h, const H264SliceContext *sl, (h->mb_height * h->mb_stride - 1) * sizeof(*h->slice_table)); } -ff_h264_init_poc(h->cur_pic_ptr->field_poc, &h->cur_pic_ptr->poc, +ret = ff_h264_init_poc(h->cur_pic_ptr->field_poc, &h->cur_pic_ptr->poc, h->ps.sps, &h->poc, h->picture_structure, nal->ref_idc); +if (ret < 0) +return ret; memcpy(h->mmco, sl->mmco, sl->nb_mmco * sizeof(*h->mmco)); h->nb_mmco = sl->nb_mmco; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/hevcdec: Check luma/chroma_log2_weight_denom
ffmpeg | branch: master | Michael Niedermayer | Sat Feb 17 21:42:34 2018 +0100| [f82dd4c09b2decb033f1e339d4be81efd38554f1] | committer: Michael Niedermayer avcodec/hevcdec: Check luma/chroma_log2_weight_denom Fixes: signed integer overflow: 3 + 2147483647 cannot be represented in type 'int' Fixes: 5888/clusterfuzz-testcase-minimized-5634701067812864 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f82dd4c09b2decb033f1e339d4be81efd38554f1 --- libavcodec/hevcdec.c | 12 +--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/libavcodec/hevcdec.c b/libavcodec/hevcdec.c index 8f1c1f1953..fc4eb781dc 100644 --- a/libavcodec/hevcdec.c +++ b/libavcodec/hevcdec.c @@ -151,12 +151,18 @@ static int pred_weight_table(HEVCContext *s, GetBitContext *gb) int luma_log2_weight_denom; luma_log2_weight_denom = get_ue_golomb_long(gb); -if (luma_log2_weight_denom < 0 || luma_log2_weight_denom > 7) +if (luma_log2_weight_denom < 0 || luma_log2_weight_denom > 7) { av_log(s->avctx, AV_LOG_ERROR, "luma_log2_weight_denom %d is invalid\n", luma_log2_weight_denom); +return AVERROR_INVALIDDATA; +} s->sh.luma_log2_weight_denom = av_clip_uintp2(luma_log2_weight_denom, 3); if (s->ps.sps->chroma_format_idc != 0) { -int delta = get_se_golomb(gb); -s->sh.chroma_log2_weight_denom = av_clip_uintp2(s->sh.luma_log2_weight_denom + delta, 3); +int64_t chroma_log2_weight_denom = luma_log2_weight_denom + (int64_t)get_se_golomb(gb); +if (chroma_log2_weight_denom < 0 || chroma_log2_weight_denom > 7) { +av_log(s->avctx, AV_LOG_ERROR, "chroma_log2_weight_denom %"PRId64" is invalid\n", chroma_log2_weight_denom); +return AVERROR_INVALIDDATA; +} +s->sh.chroma_log2_weight_denom = chroma_log2_weight_denom; } for (i = 0; i < s->sh.nb_refs[L0]; i++) { ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/dirac_dwt_template: Fix Integer overflow in horizontal_compose_dd137i()
ffmpeg | branch: master | Michael Niedermayer | Sat Feb 17 21:47:09 2018 +0100| [647fa49495c39a48b7ccb92acd8fb975b1575456] | committer: Michael Niedermayer avcodec/dirac_dwt_template: Fix Integer overflow in horizontal_compose_dd137i() Fixes: 5894/clusterfuzz-testcase-minimized-5315325420634112 Fixes: runtime error: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=647fa49495c39a48b7ccb92acd8fb975b1575456 --- libavcodec/dirac_dwt_template.c | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libavcodec/dirac_dwt_template.c b/libavcodec/dirac_dwt_template.c index e68cc4d530..8c25c1f822 100644 --- a/libavcodec/dirac_dwt_template.c +++ b/libavcodec/dirac_dwt_template.c @@ -95,8 +95,8 @@ static void RENAME(horizontal_compose_dd97i)(uint8_t *_b, uint8_t *_tmp, int w) tmp[w2+1] = tmp[w2] = tmp[w2-1]; for (x = 0; x < w2; x++) { -b[2*x ] = (tmp[x] + 1)>>1; -b[2*x+1] = (COMPOSE_DD97iH0(tmp[x-1], tmp[x], b[x+w2], tmp[x+1], tmp[x+2]) + 1)>>1; +b[2*x ] = ((int)(tmp[x] + 1U))>>1; +b[2*x+1] = ((int)(COMPOSE_DD97iH0(tmp[x-1], tmp[x], b[x+w2], tmp[x+1], tmp[x+2]) + 1U))>>1; } } @@ -118,8 +118,8 @@ static void RENAME(horizontal_compose_dd137i)(uint8_t *_b, uint8_t *_tmp, int w) tmp[w2+1] = tmp[w2] = tmp[w2-1]; for (x = 0; x < w2; x++) { -b[2*x ] = (tmp[x] + 1)>>1; -b[2*x+1] = (COMPOSE_DD97iH0(tmp[x-1], tmp[x], b[x+w2], tmp[x+1], tmp[x+2]) + 1)>>1; +b[2*x ] = ((int)(tmp[x] + 1U))>>1; +b[2*x+1] = ((int)(COMPOSE_DD97iH0(tmp[x-1], tmp[x], b[x+w2], tmp[x+1], tmp[x+2]) + 1U))>>1; } } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avutil/common: Fix integer overflow in av_clip_uint8_c() and av_clip_uint16_c()
ffmpeg | branch: release/2.8 | Michael Niedermayer | Wed Feb 14 03:54:13 2018 +0100| [a3c66132d957db7f146601ac35f31944b0e5d98f] | committer: Michael Niedermayer avutil/common: Fix integer overflow in av_clip_uint8_c() and av_clip_uint16_c() Fixes: 5567/clusterfuzz-testcase-minimized-5769966247739392 Fixes: runtime error: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit ab6f571ef71967da7c7c1cfba483d3597c7357d5) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a3c66132d957db7f146601ac35f31944b0e5d98f --- libavutil/common.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavutil/common.h b/libavutil/common.h index 7fe3ccc25a..81f5fedf29 100644 --- a/libavutil/common.h +++ b/libavutil/common.h @@ -162,7 +162,7 @@ static av_always_inline av_const int64_t av_clip64_c(int64_t a, int64_t amin, in */ static av_always_inline av_const uint8_t av_clip_uint8_c(int a) { -if (a&(~0xFF)) return (-a)>>31; +if (a&(~0xFF)) return (~a)>>31; else return a; } @@ -184,7 +184,7 @@ static av_always_inline av_const int8_t av_clip_int8_c(int a) */ static av_always_inline av_const uint16_t av_clip_uint16_c(int a) { -if (a&(~0x)) return (-a)>>31; +if (a&(~0x)) return (~a)>>31; else return a; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/vp8: Check for bitstream end before vp7_fade_frame()
ffmpeg | branch: release/2.8 | Michael Niedermayer | Sat Feb 17 04:20:52 2018 +0100| [603d23ffebdd6891167ad6c439e27517e7227a9d] | committer: Michael Niedermayer avcodec/vp8: Check for bitstream end before vp7_fade_frame() Fixes: Timeout Fixes: 5653/clusterfuzz-testcase-5497680018014208 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit de675648cef7e451ca82fabaee0d8ec1fe653311) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=603d23ffebdd6891167ad6c439e27517e7227a9d --- libavcodec/vp8.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/vp8.c b/libavcodec/vp8.c index da28032d9f..3adecba2f0 100644 --- a/libavcodec/vp8.c +++ b/libavcodec/vp8.c @@ -605,6 +605,8 @@ static int vp7_decode_frame_header(VP8Context *s, const uint8_t *buf, int buf_si s->fade_present = vp8_rac_get(c); } +if (c->end <= c->buffer && c->bits >= 0) +return AVERROR_INVALIDDATA; /* E. Fading information for previous frame */ if (s->fade_present && vp8_rac_get(c)) { if ((ret = vp7_fade_frame(s ,c)) < 0) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/exr: Check remaining bits in last get code loop
ffmpeg | branch: release/2.8 | Michael Niedermayer | Wed Feb 14 13:01:46 2018 +0100| [09dad52390025b8ab73c4196cd616a7e4410cf32] | committer: Michael Niedermayer avcodec/exr: Check remaining bits in last get code loop Fixes: runtime error: shift exponent -7 is negative Fixes: 3902/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-6081926122176512 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit dd8351b1184b8054925c28ecc5fcb6dbbc177fad) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=09dad52390025b8ab73c4196cd616a7e4410cf32 --- libavcodec/exr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/exr.c b/libavcodec/exr.c index a62a4c8a6f..329db66149 100644 --- a/libavcodec/exr.c +++ b/libavcodec/exr.c @@ -537,7 +537,7 @@ static int huf_decode(const uint64_t *hcode, const HufDec *hdecod, while (lc > 0) { const HufDec pl = hdecod[(c << (HUF_DECBITS - lc)) & HUF_DECMASK]; -if (pl.len) { +if (pl.len && lc >= pl.len) { lc -= pl.len; get_code(pl.lit, rlc, c, lc, gb, out, oe, outb); } else { ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] Changelog: update
ffmpeg | branch: release/2.8 | Michael Niedermayer | Mon Feb 19 00:43:07 2018 +0100| [3f8a0d5ad1a9ee2d15083f954a75f2aabe987b07] | committer: Michael Niedermayer Changelog: update Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3f8a0d5ad1a9ee2d15083f954a75f2aabe987b07 --- Changelog | 5 + 1 file changed, 5 insertions(+) diff --git a/Changelog b/Changelog index 07edb32653..646ae02510 100644 --- a/Changelog +++ b/Changelog @@ -2,6 +2,11 @@ Entries are sorted chronologically from oldest to youngest within each release, releases are sorted from youngest to oldest. version 2.8.14: +- avcodec/vp8: Check for bitstream end before vp7_fade_frame() +- avcodec/exr: Check remaining bits in last get code loop +- avutil/common: Fix integer overflow in av_clip_uint8_c() and av_clip_uint16_c() +- avcodec/h264_cabac: Tighten allowed coeff_abs range +- avcodec/h264_cavlc: Set valid qscale value in ff_h264_decode_mb_cavlc() - avcodec/vp3: Error out on invalid num_coeffs in unpack_vlcs() - avcodec/mpeg4videodec: Ignore multiple VOL headers - avcodec/vp3: Check eob_run ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/h264_cavlc: Set valid qscale value in ff_h264_decode_mb_cavlc()
ffmpeg | branch: release/2.8 | Xiaohan Wang | Sat Feb 3 01:43:35 2018 -0800| [07e46226ae50ce0e4754b5cc11fafaffb1d4116a] | committer: Michael Niedermayer avcodec/h264_cavlc: Set valid qscale value in ff_h264_decode_mb_cavlc() When ff_h264_decode_mb_cavlc() failed due to wrong sl->qscale values, e.g. dquant out of range, set the qscale to be a valid value before returning -1 and exiting the function. The qscale value can be used later e.g. in loop filter. BUG=806122 Signed-off-by: Michael Niedermayer (cherry picked from commit 71f39de2a57efc8db1d607b09c162c3b806cd45d) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=07e46226ae50ce0e4754b5cc11fafaffb1d4116a --- libavcodec/h264_cavlc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/h264_cavlc.c b/libavcodec/h264_cavlc.c index 3fa5b2e197..97ec6fd4ae 100644 --- a/libavcodec/h264_cavlc.c +++ b/libavcodec/h264_cavlc.c @@ -1113,6 +1113,7 @@ decode_intra_mb: elsesl->qscale -= max_qp+1; if (((unsigned)sl->qscale) > max_qp){ av_log(h->avctx, AV_LOG_ERROR, "dquant out of range (%d) at %d %d\n", dquant, sl->mb_x, sl->mb_y); +sl->qscale = max_qp; return -1; } } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/h264_cabac: Tighten allowed coeff_abs range
ffmpeg | branch: release/2.8 | Michael Niedermayer | Wed Feb 14 00:32:30 2018 +0100| [6cfd81b04c7159450a01dadb748b7042559d1dca] | committer: Michael Niedermayer avcodec/h264_cabac: Tighten allowed coeff_abs range Fixes: integer overflows Reported-by: "Xiaohan Wang (王消寒)" Based on limits in "8.5 Transform coefficient decoding process and picture construction process prior to deblocking filter process" Signed-off-by: Michael Niedermayer (cherry picked from commit f26a63c4ee1bdbe21d7ab462cd66f8ba20b14244) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6cfd81b04c7159450a01dadb748b7042559d1dca --- libavcodec/h264_cabac.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/h264_cabac.c b/libavcodec/h264_cabac.c index 397253ff34..3679bd3df8 100644 --- a/libavcodec/h264_cabac.c +++ b/libavcodec/h264_cabac.c @@ -1732,7 +1732,7 @@ decode_cabac_residual_internal(const H264Context *h, H264SliceContext *sl, \ if( coeff_abs >= 15 ) { \ int j = 0; \ -while (get_cabac_bypass(CC) && j < 30) { \ +while (get_cabac_bypass(CC) && j < 16+7) { \ j++; \ } \ \ ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] Tag n2.8.14 : FFmpeg 2.8.14 release
[ffmpeg] [branch: refs/tags/n2.8.14] Tag:69083be98a03d9620db84aeb29c496d3a4f9510a > http://git.videolan.org/gitweb.cgi/ffmpeg.git?a=tag;h=69083be98a03d9620db84aeb29c496d3a4f9510a Tagger: Michael Niedermayer Date: Mon Feb 19 01:49:32 2018 +0100 FFmpeg 2.8.14 release ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] [ffmpeg-web] branch master updated. 4ee8d5d web/download: add FFmpeg 2.8.14
The branch, master has been updated via 4ee8d5d5a42fc942f3e0dbc85557074117ab4ab1 (commit) from e047806ab009920077923e671698d614d7693335 (commit) - Log - commit 4ee8d5d5a42fc942f3e0dbc85557074117ab4ab1 Author: Michael Niedermayer AuthorDate: Mon Feb 19 02:31:17 2018 +0100 Commit: Michael Niedermayer CommitDate: Mon Feb 19 02:31:17 2018 +0100 web/download: add FFmpeg 2.8.14 diff --git a/src/download b/src/download index 3f20921..737b880 100644 --- a/src/download +++ b/src/download @@ -464,10 +464,10 @@ libpostproc54. 0.100 - FFmpeg 2.8.13 "Feynman" + FFmpeg 2.8.14 "Feynman" -2.8.13 was released on 2017-09-02. It is the latest stable FFmpeg release +2.8.14 was released on 2018-02-18. It is the latest stable FFmpeg release from the 2.8 release branch, which was cut from master on 2015-09-05. Amongst lots of other changes, it includes all changes from ffmpeg-mt, libav master of 2015-08-28, libav 11 as of 2015-08-28. @@ -487,19 +487,19 @@ libpostproc53. 3.100 - Download xz tarball - PGP signature + Download xz tarball + PGP signature - Download bzip2 tarball - PGP signature + Download bzip2 tarball + PGP signature - Download gzip tarball - PGP signature + Download gzip tarball + PGP signature - https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n2.8.13";>Changelog + https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n2.8.14";>Changelog https://git.ffmpeg.org/gitweb/ffmpeg.git/blob/refs/heads/release/2.8:/RELEASE_NOTES";>Release Notes --- Summary of changes: src/download | 18 +- 1 file changed, 9 insertions(+), 9 deletions(-) hooks/post-receive -- ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] fate: add tests for pan audio filter
ffmpeg | branch: master | Tobias Rapp | Thu Feb 15 08:21:24 2018 +0100| [56f77b0f678de74404ae3a64f6ba664ea4449348] | committer: Tobias Rapp fate: add tests for pan audio filter Signed-off-by: Tobias Rapp > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=56f77b0f678de74404ae3a64f6ba664ea4449348 --- tests/fate/filter-audio.mak | 30 ++ tests/ref/fate/filter-pan-mono1 | 26 ++ tests/ref/fate/filter-pan-mono2 | 26 ++ tests/ref/fate/filter-pan-stereo1 | 26 ++ tests/ref/fate/filter-pan-stereo2 | 26 ++ tests/ref/fate/filter-pan-stereo3 | 26 ++ tests/ref/fate/filter-pan-stereo4 | 26 ++ 7 files changed, 186 insertions(+) diff --git a/tests/fate/filter-audio.mak b/tests/fate/filter-audio.mak index bd8b3d3c35..2a3ba1992f 100644 --- a/tests/fate/filter-audio.mak +++ b/tests/fate/filter-audio.mak @@ -128,6 +128,36 @@ fate-filter-firequalizer: CMP = oneoff fate-filter-firequalizer: CMP_UNIT = s16 fate-filter-firequalizer: SIZE_TOLERANCE = 1058400 - 1097208 +FATE_AFILTER-$(call FILTERDEMDECENCMUX, PAN, WAV, PCM_S16LE, PCM_S16LE, WAV) += fate-filter-pan-mono1 +fate-filter-pan-mono1: tests/data/asynth-44100-2.wav +fate-filter-pan-mono1: SRC = $(TARGET_PATH)/tests/data/asynth-44100-2.wav +fate-filter-pan-mono1: CMD = framecrc -ss 3.14 -i $(SRC) -frames:a 20 -filter:a "pan=mono|FC=FL" + +FATE_AFILTER-$(call FILTERDEMDECENCMUX, PAN, WAV, PCM_S16LE, PCM_S16LE, WAV) += fate-filter-pan-mono2 +fate-filter-pan-mono2: tests/data/asynth-44100-2.wav +fate-filter-pan-mono2: SRC = $(TARGET_PATH)/tests/data/asynth-44100-2.wav +fate-filter-pan-mono2: CMD = framecrc -ss 3.14 -i $(SRC) -frames:a 20 -filter:a "pan=1C|c0=c0+c1" + +FATE_AFILTER-$(call FILTERDEMDECENCMUX, PAN, WAV, PCM_S16LE, PCM_S16LE, WAV) += fate-filter-pan-stereo1 +fate-filter-pan-stereo1: tests/data/asynth-44100-3.wav +fate-filter-pan-stereo1: SRC = $(TARGET_PATH)/tests/data/asynth-44100-3.wav +fate-filter-pan-stereo1: CMD = framecrc -ss 3.14 -i $(SRC) -frames:a 20 -filter:a "pan=2c|FL=FR|FR=FL" + +FATE_AFILTER-$(call FILTERDEMDECENCMUX, PAN, WAV, PCM_S16LE, PCM_S16LE, WAV) += fate-filter-pan-stereo2 +fate-filter-pan-stereo2: tests/data/asynth-44100-3.wav +fate-filter-pan-stereo2: SRC = $(TARGET_PATH)/tests/data/asynth-44100-3.wav +fate-filter-pan-stereo2: CMD = framecrc -ss 3.14 -i $(SRC) -frames:a 20 -filter:a "pan=stereo|c0=c0-c2|c1=c1-c2" + +FATE_AFILTER-$(call FILTERDEMDECENCMUX, PAN, WAV, PCM_S16LE, PCM_S16LE, WAV) += fate-filter-pan-stereo3 +fate-filter-pan-stereo3: tests/data/asynth-44100-2.wav +fate-filter-pan-stereo3: SRC = $(TARGET_PATH)/tests/data/asynth-44100-2.wav +fate-filter-pan-stereo3: CMD = framecrc -ss 3.14 -i $(SRC) -frames:a 20 -filter:a "pan=FL+FR|FL<3*c0+2*c1|FR<2*c0+3*c1" + +FATE_AFILTER-$(call FILTERDEMDECENCMUX, PAN, WAV, PCM_S16LE, PCM_S16LE, WAV) += fate-filter-pan-stereo4 +fate-filter-pan-stereo4: tests/data/asynth-44100-2.wav +fate-filter-pan-stereo4: SRC = $(TARGET_PATH)/tests/data/asynth-44100-2.wav +fate-filter-pan-stereo4: CMD = framecrc -ss 3.14 -guess_layout_max 0 -i $(SRC) -frames:a 20 -filter:a "pan=4C|c0=c0-0.5*c1|c1=c1+0.5*c0|c2=0*c0|c3=0*c0" + FATE_AFILTER_SAMPLES-$(call FILTERDEMDECENCMUX, SILENCEREMOVE, WAV, PCM_S16LE, PCM_S16LE, WAV) += fate-filter-silenceremove fate-filter-silenceremove: SRC = $(TARGET_SAMPLES)/audio-reference/divertimenti_2ch_96kHz_s24.wav fate-filter-silenceremove: CMD = framecrc -i $(SRC) -frames:a 30 -af silenceremove=0:0:0:-1:0:-90dB diff --git a/tests/ref/fate/filter-pan-mono1 b/tests/ref/fate/filter-pan-mono1 new file mode 100644 index 00..3bd7c25bc1 --- /dev/null +++ b/tests/ref/fate/filter-pan-mono1 @@ -0,0 +1,26 @@ +#tb 0: 1/44100 +#media_type 0: audio +#codec_id 0: pcm_s16le +#sample_rate 0: 44100 +#channel_layout 0: 4 +#channel_layout_name 0: mono +0, 0, 0, 1024, 2048, 0x750f0a66 +0, 1024, 1024, 1024, 2048, 0x155cf063 +0, 2048, 2048, 1024, 2048, 0x1e43fc32 +0, 3072, 3072, 1024, 2048, 0x282ffc28 +0, 4096, 4096, 1024, 2048, 0x6d7bf000 +0, 5120, 5120, 1024, 2048, 0xc0b2f411 +0, 6144, 6144, 1024, 2048, 0xd711fb03 +0, 7168, 7168, 1024, 2048, 0x3164189c +0, 8192, 8192, 1024, 2048, 0x8c69e827 +0, 9216, 9216, 1024, 2048, 0x562d0518 +0, 10240, 10240, 1024, 2048, 0x380aee27 +0, 11264, 11264, 1024, 2048, 0x990a03e4 +0, 12288, 12288, 1024, 2048, 0x68d7ef60 +0, 13312, 13312, 1024, 2048, 0xd13fef9e +0, 14336, 14336, 1024, 2048, 0x009306e4 +0, 15360, 15360, 1024, 2048, 0x51850390 +0, 16384, 16384, 1024, 2048, 0xcd3ceeae +0, 17408, 17408, 102
[FFmpeg-cvslog] swresample/rematrix: fix update of channel matrix if input or output layout is undefined
ffmpeg | branch: master | Tobias Rapp | Wed Feb 14 17:01:08 2018 +0100| [6325bd3717348615adafb52e4da2fd01a3007d0a] | committer: Tobias Rapp swresample/rematrix: fix update of channel matrix if input or output layout is undefined Prefer direct in/out channel count values over channel layout, when available. Fixes a pan filter bug (ticket #6790). Signed-off-by: Tobias Rapp > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6325bd3717348615adafb52e4da2fd01a3007d0a --- libswresample/rematrix.c | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libswresample/rematrix.c b/libswresample/rematrix.c index 9fcfff1318..8227730056 100644 --- a/libswresample/rematrix.c +++ b/libswresample/rematrix.c @@ -69,8 +69,10 @@ int swr_set_matrix(struct SwrContext *s, const double *matrix, int stride) return AVERROR(EINVAL); memset(s->matrix, 0, sizeof(s->matrix)); memset(s->matrix_flt, 0, sizeof(s->matrix_flt)); -nb_in = av_get_channel_layout_nb_channels(s->user_in_ch_layout); -nb_out = av_get_channel_layout_nb_channels(s->user_out_ch_layout); +nb_in = (s->user_in_ch_count > 0) ? s->user_in_ch_count : +av_get_channel_layout_nb_channels(s->user_in_ch_layout); +nb_out = (s->user_out_ch_count > 0) ? s->user_out_ch_count : +av_get_channel_layout_nb_channels(s->user_out_ch_layout); for (out = 0; out < nb_out; out++) { for (in = 0; in < nb_in; in++) s->matrix_flt[out][in] = s->matrix[out][in] = matrix[in]; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog