[FFmpeg-cvslog] avcodec/dvdsubdec: Avoid branch in decode_run_8bit()
ffmpeg | branch: release/4.0 | Michael Niedermayer | Thu Sep 13 04:24:49 2018 +0200| [9afcf994f6f79eee1ff4e80c9b7c04115eb1a3b5] | committer: Michael Niedermayer avcodec/dvdsubdec: Avoid branch in decode_run_8bit() Speed improvment 35.5 sec -> 34.7sec Reviewed-by: Paul B Mahol Signed-off-by: Michael Niedermayer (cherry picked from commit 71bf0330505e2108935d05c5c018ec65eac4b946) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9afcf994f6f79eee1ff4e80c9b7c04115eb1a3b5 --- libavcodec/dvdsubdec.c | 5 + 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/libavcodec/dvdsubdec.c b/libavcodec/dvdsubdec.c index e18113c20c..a5107096df 100644 --- a/libavcodec/dvdsubdec.c +++ b/libavcodec/dvdsubdec.c @@ -82,10 +82,7 @@ static int decode_run_8bit(GetBitContext *gb, int *color) { int len; int has_run = get_bits1(gb); -if (get_bits1(gb)) -*color = get_bits(gb, 8); -else -*color = get_bits(gb, 2); +*color = get_bits(gb, 2 + 6*get_bits1(gb)); if (has_run) { if (get_bits1(gb)) { len = get_bits(gb, 7); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/eac3dec: Check that channel_map does not contain more than EAC3_MAX_CHANNELS
ffmpeg | branch: release/4.0 | Michael Niedermayer | Wed Jun 27 14:43:39 2018 +0200| [45fb50b4bc5d686329064ae7cc4bc0a93be64d6f] | committer: Michael Niedermayer avcodec/eac3dec: Check that channel_map does not contain more than EAC3_MAX_CHANNELS Signed-off-by: Michael Niedermayer (cherry picked from commit fe315feab59f2f99765547096357826bc9454d24) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=45fb50b4bc5d686329064ae7cc4bc0a93be64d6f --- libavcodec/ac3dec.c | 27 --- libavcodec/ac3tab.c | 18 ++ libavcodec/ac3tab.h | 2 ++ libavcodec/eac3dec.c | 14 -- 4 files changed, 36 insertions(+), 25 deletions(-) diff --git a/libavcodec/ac3dec.c b/libavcodec/ac3dec.c index ea7e052f8b..eed8ce5b39 100644 --- a/libavcodec/ac3dec.c +++ b/libavcodec/ac3dec.c @@ -106,25 +106,6 @@ static const uint8_t ac3_default_coeffs[8][5][2] = { { { 2, 7 }, { 5, 5 }, { 7, 2 }, { 6, 7 }, { 7, 6 }, }, }; -static const uint64_t custom_channel_map_locations[16][2] = { -{ 1, AV_CH_FRONT_LEFT }, -{ 1, AV_CH_FRONT_CENTER }, -{ 1, AV_CH_FRONT_RIGHT }, -{ 1, AV_CH_SIDE_LEFT }, -{ 1, AV_CH_SIDE_RIGHT }, -{ 0, AV_CH_FRONT_LEFT_OF_CENTER | AV_CH_FRONT_RIGHT_OF_CENTER }, -{ 0, AV_CH_BACK_LEFT | AV_CH_BACK_RIGHT }, -{ 0, AV_CH_BACK_CENTER }, -{ 0, AV_CH_TOP_CENTER }, -{ 0, AV_CH_SURROUND_DIRECT_LEFT | AV_CH_SURROUND_DIRECT_RIGHT }, -{ 0, AV_CH_WIDE_LEFT | AV_CH_WIDE_RIGHT }, -{ 0, AV_CH_TOP_FRONT_LEFT | AV_CH_TOP_FRONT_RIGHT}, -{ 0, AV_CH_TOP_FRONT_CENTER }, -{ 0, AV_CH_TOP_BACK_LEFT | AV_CH_TOP_BACK_RIGHT }, -{ 0, AV_CH_LOW_FREQUENCY_2 }, -{ 1, AV_CH_LOW_FREQUENCY }, -}; - /** * Symmetrical Dequantization * reference: Section 7.3.3 Expansion of Mantissas for Symmetrical Quantization @@ -1700,7 +1681,7 @@ dependent_frame: channel_layout = ich_layout; for (ch = 0; ch < 16; ch++) { if (s->channel_map & (1 << (EAC3_MAX_CHANNELS - ch - 1))) { -channel_layout |= custom_channel_map_locations[ch][1]; +channel_layout |= ff_eac3_custom_channel_map_locations[ch][1]; } } if (av_get_channel_layout_nb_channels(channel_layout) > EAC3_MAX_CHANNELS) { @@ -1714,9 +1695,9 @@ dependent_frame: for (ch = 0; ch < EAC3_MAX_CHANNELS; ch++) { if (s->channel_map & (1 << (EAC3_MAX_CHANNELS - ch - 1))) { -if (custom_channel_map_locations[ch][0]) { +if (ff_eac3_custom_channel_map_locations[ch][0]) { int index = av_get_channel_layout_channel_index(channel_layout, - custom_channel_map_locations[ch][1]); + ff_eac3_custom_channel_map_locations[ch][1]); if (index < 0) return AVERROR_INVALIDDATA; if (extend >= channel_map_size) @@ -1727,7 +1708,7 @@ dependent_frame: int i; for (i = 0; i < 64; i++) { -if ((1LL << i) & custom_channel_map_locations[ch][1]) { +if ((1LL << i) & ff_eac3_custom_channel_map_locations[ch][1]) { int index = av_get_channel_layout_channel_index(channel_layout, 1LL << i); if (index < 0) diff --git a/libavcodec/ac3tab.c b/libavcodec/ac3tab.c index d62d8bfbf5..bd88f32d92 100644 --- a/libavcodec/ac3tab.c +++ b/libavcodec/ac3tab.c @@ -314,3 +314,21 @@ const uint16_t ff_eac3_default_chmap[8] = { AC3_CHMAP_L | AC3_CHMAP_R | AC3_CHMAP_L_SUR | AC3_CHMAP_R_SUR, AC3_CHMAP_L | AC3_CHMAP_C | AC3_CHMAP_R | AC3_CHMAP_L_SUR | AC3_CHMAP_R_SUR }; +const uint64_t ff_eac3_custom_channel_map_locations[16][2] = { +{ 1, AV_CH_FRONT_LEFT }, +{ 1, AV_CH_FRONT_CENTER }, +{ 1, AV_CH_FRONT_RIGHT }, +{ 1, AV_CH_SIDE_LEFT }, +{ 1, AV_CH_SIDE_RIGHT }, +{ 0, AV_CH_FRONT_LEFT_OF_CENTER | AV_CH_FRONT_RIGHT_OF_CENTER }, +{ 0, AV_CH_BACK_LEFT | AV_CH_BACK_RIGHT }, +{ 0, AV_CH_BACK_CENTER }, +{ 0, AV_CH_TOP_CENTER }, +{ 0, AV_CH_SURROUND_DIRECT_LEFT | AV_CH_SURROUND_DIRECT_RIGHT }, +{ 0, AV_CH_WIDE_LEFT | AV_CH_WIDE_RIGHT }, +{ 0, AV_CH_TOP_FRONT_LEFT | AV_CH_TOP_FRONT_RIGHT}, +{ 0, AV_CH_TOP_FRONT_CENTER }, +{ 0, AV_CH_TOP_BACK_LEFT | AV_CH_TOP_BACK_RIGHT }, +{ 0, AV_CH_LOW_FREQUENCY_2 }, +{ 1, AV_CH_LOW_FREQUENCY }, +}; diff --git a/libavcodec/ac3tab.h b/libavcodec/ac3tab.h index ade6fb15e7..aa71acbce1 100644 --- a/libavcodec/ac3tab.h +++ b/libavcodec/ac3tab.h @@ -50,6 +50,8 @@ extern const uint16_t ff_ac3_fast_gain_tab[8]; extern const uint16_t ff_eac3_default_chmap[8]; extern const uint8
[FFmpeg-cvslog] avcodec/unary: Improve get_unary() docs
ffmpeg | branch: release/4.0 | Michael Niedermayer | Sat Sep 22 15:18:17 2018 +0200| [7f521fae2b1f8807cd155b97d5778085041ae5e2] | committer: Michael Niedermayer avcodec/unary: Improve get_unary() docs Found-by: kierank Signed-off-by: Michael Niedermayer (cherry picked from commit ad89e203bfedf25df00e2a6ed9196170d772f25b) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7f521fae2b1f8807cd155b97d5778085041ae5e2 --- libavcodec/unary.h | 15 ++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/libavcodec/unary.h b/libavcodec/unary.h index 908dc93507..d57f9f70c5 100644 --- a/libavcodec/unary.h +++ b/libavcodec/unary.h @@ -28,7 +28,20 @@ * @param gb GetBitContext * @param[in] stop The bitstop value (unary code of 1's or 0's) * @param[in] len Maximum length - * @return Unary length/index + * @return unary 0 based code index. This is also the length in bits of the + * code excluding the stop bit. + * (in case len=1) + * 10 + * 01 + * (in case len=2) + * 10 + * 01 1 + * 00 2 + * (in case len=3) + * 10 + * 01 1 + * 001 2 + * 000 3 */ static inline int get_unary(GetBitContext *gb, int stop, int len) { ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/ac3dec: Fix shift signedness in mask creation
ffmpeg | branch: release/4.0 | Michael Niedermayer | Fri Sep 21 02:36:50 2018 +0200| [d7973cf03d07d002b3ded68b5358f4239c7e0de1] | committer: Michael Niedermayer avcodec/ac3dec: Fix shift signedness in mask creation Fixes: 9924/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EAC3_fuzzer-5473421772193792 Fixes: left shift of 1 by 63 places cannot be represented in type 'long long' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 148a21611d856609fc034147f4a27cfdb6d90ff4) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d7973cf03d07d002b3ded68b5358f4239c7e0de1 --- libavcodec/ac3dec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/ac3dec.c b/libavcodec/ac3dec.c index eed8ce5b39..43b22b7654 100644 --- a/libavcodec/ac3dec.c +++ b/libavcodec/ac3dec.c @@ -1708,9 +1708,9 @@ dependent_frame: int i; for (i = 0; i < 64; i++) { -if ((1LL << i) & ff_eac3_custom_channel_map_locations[ch][1]) { +if ((1ULL << i) & ff_eac3_custom_channel_map_locations[ch][1]) { int index = av_get_channel_layout_channel_index(channel_layout, - 1LL << i); + 1ULL << i); if (index < 0) return AVERROR_INVALIDDATA; if (extend >= channel_map_size) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/ra144: Fix undefined integer overflow in add_wav()
ffmpeg | branch: release/4.0 | Michael Niedermayer | Sun Aug 26 02:26:24 2018 +0200| [318b13a5adb3731316a0fa9f17b4ebaf75f5cd19] | committer: Michael Niedermayer avcodec/ra144: Fix undefined integer overflow in add_wav() Fixes: signed integer overflow: -26884 * 91439 cannot be represented in type 'int' Fixes: 9687/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RA_144_fuzzer-4995588121690112 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 93a203662f6ff1bb9fd2e966bf7df27e9bdb1916) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=318b13a5adb3731316a0fa9f17b4ebaf75f5cd19 --- libavcodec/ra144.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/ra144.c b/libavcodec/ra144.c index cf8127c236..573703d70b 100644 --- a/libavcodec/ra144.c +++ b/libavcodec/ra144.c @@ -1516,7 +1516,7 @@ static void add_wav(int16_t *dest, int n, int skip_first, int *m, if (v[0]) { for (i=0; i < BLOCKSIZE; i++) -dest[i] = (s1[i]*v[0] + s2[i]*v[1] + s3[i]*v[2]) >> 12; +dest[i] = ((int)(s1[i]*(unsigned)v[0]) + s2[i]*v[1] + s3[i]*v[2]) >> 12; } else { for (i=0; i < BLOCKSIZE; i++) dest[i] = ( s2[i]*v[1] + s3[i]*v[2]) >> 12; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] doc/examples/vaapi_transcode: Fix the typo
ffmpeg | branch: release/4.0 | Michael Niedermayer | Wed Sep 19 18:05:31 2018 +0200| [f645fd64c3f36f4702602d504a0e4be07055aefb] | committer: Michael Niedermayer doc/examples/vaapi_transcode: Fix the typo Reviewed-by: "myp...@gmail.com" Signed-off-by: Michael Niedermayer (cherry picked from commit c02ff77681132ce5caf11ebbae9d1feb75a430f2) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f645fd64c3f36f4702602d504a0e4be07055aefb --- doc/examples/vaapi_transcode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/examples/vaapi_transcode.c b/doc/examples/vaapi_transcode.c index 649f48b97c..ff455c0930 100644 --- a/doc/examples/vaapi_transcode.c +++ b/doc/examples/vaapi_transcode.c @@ -177,7 +177,7 @@ static int dec_enc(AVPacket *pkt, AVCodec *enc_codec) } /* set AVCodecContext Parameters for encoder, here we keep them stay * the same as decoder. - * xxx: now the the sample can't handle resolution change case. + * xxx: now the sample can't handle resolution change case. */ encoder_ctx->time_base = av_inv_q(decoder_ctx->framerate); encoder_ctx->pix_fmt = AV_PIX_FMT_VAAPI; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/mpeg4videodec: Fix slice end detection in mpeg4_decode_studio_mb()
ffmpeg | branch: release/4.0 | Michael Niedermayer | Sun Aug 19 10:15:53 2018 +0200| [ce828a247d5f6ae6cbb416dcdc56321be820ba4d] | committer: Michael Niedermayer avcodec/mpeg4videodec: Fix slice end detection in mpeg4_decode_studio_mb() Signed-off-by: Michael Niedermayer (cherry picked from commit 168d8d56bfb0c69684637f3d04889db647de6238) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ce828a247d5f6ae6cbb416dcdc56321be820ba4d --- libavcodec/mpeg4videodec.c | 8 1 file changed, 8 insertions(+) diff --git a/libavcodec/mpeg4videodec.c b/libavcodec/mpeg4videodec.c index 24c280df46..1686ed1001 100644 --- a/libavcodec/mpeg4videodec.c +++ b/libavcodec/mpeg4videodec.c @@ -1955,6 +1955,14 @@ static int mpeg4_decode_studio_mb(MpegEncContext *s, int16_t block_[12][64]) return SLICE_END; } +//vcon-stp9L1.bits (first frame) +if (get_bits_left(&s->gb) == 0) +return SLICE_END; + +//vcon-stp2L1.bits, vcon-stp3L1.bits, vcon-stp6L1.bits, vcon-stp7L1.bits, vcon-stp8L1.bits, vcon-stp10L1.bits (first frame) +if (get_bits_left(&s->gb) < 8U && show_bits(&s->gb, get_bits_left(&s->gb)) == 0) +return SLICE_END; + return SLICE_OK; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/mpeg4videodec: Fix undefined shift in get_amv()
ffmpeg | branch: release/4.0 | Michael Niedermayer | Sat Sep 15 00:20:38 2018 +0200| [5a4234de5eb3f4608f4b4f42cb6da1a0e2c00c85] | committer: Michael Niedermayer avcodec/mpeg4videodec: Fix undefined shift in get_amv() Fixes: runtime error: shift exponent -1 is negative Fixes: 9938/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5653783529914368 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit c88afa44c4823aba7b6f4a1b01fd6a4169643c57) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5a4234de5eb3f4608f4b4f42cb6da1a0e2c00c85 --- libavcodec/mpeg4videodec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/mpeg4videodec.c b/libavcodec/mpeg4videodec.c index 1686ed1001..f9ec0fd0c9 100644 --- a/libavcodec/mpeg4videodec.c +++ b/libavcodec/mpeg4videodec.c @@ -596,7 +596,7 @@ static inline int get_amv(Mpeg4DecContext *ctx, int n) len >>= s->quarter_sample; if (s->real_sprite_warping_points == 1) { -if (ctx->divx_version == 500 && ctx->divx_build == 413) +if (ctx->divx_version == 500 && ctx->divx_build == 413 && a >= s->quarter_sample) sum = s->sprite_offset[0][n] / (1 << (a - s->quarter_sample)); else sum = RSHIFT(s->sprite_offset[0][n] * (1 << s->quarter_sample), a); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/gdv: Replace divisions by shifts in rescale()
ffmpeg | branch: release/4.0 | Michael Niedermayer | Sun Aug 5 16:13:24 2018 +0200| [531ebb7506fddf03451ca984b216b244d71848a2] | committer: Michael Niedermayer avcodec/gdv: Replace divisions by shifts in rescale() Divisions tend to be slower than shifts unless the compiler optimizes them out. And some of these are in inner loops. Signed-off-by: Michael Niedermayer (cherry picked from commit b90d8cc7466386a166dd72107457498aa5a7c43d) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=531ebb7506fddf03451ca984b216b244d71848a2 --- libavcodec/gdv.c | 16 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/libavcodec/gdv.c b/libavcodec/gdv.c index e52a637610..79ca157dde 100644 --- a/libavcodec/gdv.c +++ b/libavcodec/gdv.c @@ -85,14 +85,14 @@ static void rescale(GDVContext *gdv, uint8_t *dst, int w, int h, int scale_v, in int y = h - j - 1; for (i = 0; i < w; i++) { int x = w - i - 1; -dst[PREAMBLE_SIZE + x + y * w] = dst[PREAMBLE_SIZE + x/2 + (y/2) * (w/2)]; +dst[PREAMBLE_SIZE + x + y * w] = dst[PREAMBLE_SIZE + (x>>1) + (y>>1) * (w>>1)]; } } } else if (gdv->scale_h) { for (j = 0; j < h; j++) { int y = h - j - 1; for (x = 0; x < w; x++) { -dst[PREAMBLE_SIZE + x + y * w] = dst[PREAMBLE_SIZE + x + (y/2) * w]; +dst[PREAMBLE_SIZE + x + y * w] = dst[PREAMBLE_SIZE + x + (y>>1) * w]; } } } else if (gdv->scale_v) { @@ -100,26 +100,26 @@ static void rescale(GDVContext *gdv, uint8_t *dst, int w, int h, int scale_v, in int y = h - j - 1; for (i = 0; i < w; i++) { int x = w - i - 1; -dst[PREAMBLE_SIZE + x + y * w] = dst[PREAMBLE_SIZE + x/2 + y * (w/2)]; +dst[PREAMBLE_SIZE + x + y * w] = dst[PREAMBLE_SIZE + (x>>1) + y * (w>>1)]; } } } if (scale_h && scale_v) { -for (y = 0; y < h/2; y++) { -for (x = 0; x < w/2; x++) { -dst[PREAMBLE_SIZE + x + y * (w/2)] = dst[PREAMBLE_SIZE + x*2 + y*2 * w]; +for (y = 0; y < (h>>1); y++) { +for (x = 0; x < (w>>1); x++) { +dst[PREAMBLE_SIZE + x + y * (w>>1)] = dst[PREAMBLE_SIZE + x*2 + y*2 * w]; } } } else if (scale_h) { -for (y = 0; y < h/2; y++) { +for (y = 0; y < (h>>1); y++) { for (x = 0; x < w; x++) { dst[PREAMBLE_SIZE + x + y * w] = dst[PREAMBLE_SIZE + x + y*2 * w]; } } } else if (scale_v) { for (y = 0; y < h; y++) { -for (x = 0; x < w/2; x++) { +for (x = 0; x < (w>>1); x++) { dst[PREAMBLE_SIZE + x + y * w] = dst[PREAMBLE_SIZE + x*2 + y * w]; } } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/hq_hqa: Check remaining input bits in hqa_decode_mb()
ffmpeg | branch: release/4.0 | Michael Niedermayer | Mon Aug 20 22:53:32 2018 +0200| [8327559fe80d710d8f62cc68d4103b9eabb06103] | committer: Michael Niedermayer avcodec/hq_hqa: Check remaining input bits in hqa_decode_mb() Fixes: Timeout Fixes: 9634/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HQ_HQA_fuzzer-6267852259590144 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit c9222b972d6cbdaf6571cf7ae0a6513bffa5ff9f) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8327559fe80d710d8f62cc68d4103b9eabb06103 --- libavcodec/hq_hqa.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/hq_hqa.c b/libavcodec/hq_hqa.c index f88ad7d5f5..ec9da3e04f 100644 --- a/libavcodec/hq_hqa.c +++ b/libavcodec/hq_hqa.c @@ -181,6 +181,9 @@ static int hqa_decode_mb(HQContext *c, AVFrame *pic, int qgroup, int flag = 0; int i, ret, cbp; +if (get_bits_left(gb) < 1) +return AVERROR_INVALIDDATA; + cbp = get_vlc2(gb, c->hqa_cbp_vlc.table, 5, 1); for (i = 0; i < 12; i++) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/dvdsubdec: Sanity check len in decode_rle()
ffmpeg | branch: release/4.0 | Michael Niedermayer | Thu Sep 13 03:33:50 2018 +0200| [1a05e6ced3dcc371febde26f494f6c5a6ff4c141] | committer: Michael Niedermayer avcodec/dvdsubdec: Sanity check len in decode_rle() Fixes: Timeout Fixes: 9778/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DVDSUB_fuzzer-5186007132536832 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit e7b023e1db9fb13175929c02a02846d03510ec91) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1a05e6ced3dcc371febde26f494f6c5a6ff4c141 --- libavcodec/dvdsubdec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/dvdsubdec.c b/libavcodec/dvdsubdec.c index a5107096df..cf10844753 100644 --- a/libavcodec/dvdsubdec.c +++ b/libavcodec/dvdsubdec.c @@ -124,6 +124,8 @@ static int decode_rle(uint8_t *bitmap, int linesize, int w, int h, len = decode_run_8bit(&gb, &color); else len = decode_run_2bit(&gb, &color); +if (len != INT_MAX && len > w - x) +return AVERROR_INVALIDDATA; len = FFMIN(len, w - x); memset(d + x, color, len); x += len; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/nsvdec: Do not parse multiple NSVf
ffmpeg | branch: release/4.0 | Michael Niedermayer | Thu Aug 16 12:23:20 2018 +0200| [6e60a38322d18be3464cfd81cf47b04b9b620d71] | committer: Michael Niedermayer avformat/nsvdec: Do not parse multiple NSVf The specification states "NSV files may contain a single file header. " Fixes: out of array access Fixes: nsv-asan-002f473f726a0dcbd3bd53e422c4fc40b3cf3421 Found-by: Paul Ch Tested-by: Paul Ch Signed-off-by: Michael Niedermayer (cherry picked from commit 78d4b6bd43fc266a2ee926f0555c8782246f9445) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6e60a38322d18be3464cfd81cf47b04b9b620d71 --- libavformat/nsvdec.c | 7 +++ 1 file changed, 7 insertions(+) diff --git a/libavformat/nsvdec.c b/libavformat/nsvdec.c index d8ce656817..92f7d178f6 100644 --- a/libavformat/nsvdec.c +++ b/libavformat/nsvdec.c @@ -176,6 +176,7 @@ typedef struct NSVContext { int16_t avsync; AVRational framerate; uint32_t *nsvs_timestamps; +int nsvf; } NSVContext; static const AVCodecTag nsv_codec_video_tags[] = { @@ -266,6 +267,12 @@ static int nsv_parse_NSVf_header(AVFormatContext *s) nsv->state = NSV_UNSYNC; /* in case we fail */ +if (nsv->nsvf) { +av_log(s, AV_LOG_TRACE, "Multiple NSVf\n"); +return 0; +} +nsv->nsvf = 1; + size = avio_rl32(pb); if (size < 28) return -1; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/shorten: Fix bitstream end check in read_header()
ffmpeg | branch: release/4.0 | Michael Niedermayer | Sat Sep 15 02:08:20 2018 +0200| [6d2b2ee3a53ad96868f55d32f15edb657217441f] | committer: Michael Niedermayer avcodec/shorten: Fix bitstream end check in read_header() Fixes: Timeout Fixes: 9961/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5687856176562176 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol Signed-off-by: Michael Niedermayer (cherry picked from commit 28b80c2d52d82eb4f73af5f818dab60946bcf299) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6d2b2ee3a53ad96868f55d32f15edb657217441f --- libavcodec/shorten.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/shorten.c b/libavcodec/shorten.c index 1ffb7d8d79..4b45e6d6dc 100644 --- a/libavcodec/shorten.c +++ b/libavcodec/shorten.c @@ -456,7 +456,7 @@ static int read_header(ShortenContext *s) } skip_bytes = get_uint(s, NSKIPSIZE); -if ((unsigned)skip_bytes > get_bits_left(&s->gb)/8) { +if ((unsigned)skip_bytes > FFMAX(get_bits_left(&s->gb), 0)/8) { av_log(s->avctx, AV_LOG_ERROR, "invalid skip_bytes: %d\n", skip_bytes); return AVERROR_INVALIDDATA; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/zmbv: Update decomp_len in raw frames
ffmpeg | branch: release/4.0 | Michael Niedermayer | Mon Sep 17 21:33:59 2018 +0200| [5af88171e73882a3f9642a4067bca24097bb6755] | committer: Michael Niedermayer avcodec/zmbv: Update decomp_len in raw frames decomp_len is used in raw frames, so it should not be left at the value from whatever was decoded previously (which may be any other frame) Signed-off-by: Michael Niedermayer (cherry picked from commit 3d201b83cda03fd9e866acafee82d7ce88260e66) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5af88171e73882a3f9642a4067bca24097bb6755 --- libavcodec/zmbv.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/zmbv.c b/libavcodec/zmbv.c index f91d2e3931..1ec656be36 100644 --- a/libavcodec/zmbv.c +++ b/libavcodec/zmbv.c @@ -519,6 +519,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame, AVPac return AVERROR_INVALIDDATA; } memcpy(c->decomp_buf, buf, len); +c->decomp_len = len; } else { // ZLIB-compressed data c->zstream.total_in = c->zstream.total_out = 0; c->zstream.next_in = (uint8_t*)buf; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/utils: Fix potential integer overflow in extract_extradata()
ffmpeg | branch: release/4.0 | Michael Niedermayer | Thu Sep 27 00:00:26 2018 +0200| [eb495b20e51fb7a5a02ca3004fd5a8ea359592f4] | committer: Michael Niedermayer avformat/utils: Fix potential integer overflow in extract_extradata() Signed-off-by: Michael Niedermayer (cherry picked from commit 0a41a8bf2945e59db7a0773ebce11a26b95d45b6) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=eb495b20e51fb7a5a02ca3004fd5a8ea359592f4 --- libavformat/utils.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index c25eab4d49..685fdb9b76 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -3542,7 +3542,9 @@ static int extract_extradata(AVStream *st, AVPacket *pkt) &extradata_size); if (extradata) { -i->avctx->extradata = av_mallocz(extradata_size + AV_INPUT_BUFFER_PADDING_SIZE); +av_assert0(!i->avctx->extradata); +if ((unsigned)extradata_size < FF_MAX_EXTRADATA_SIZE) +i->avctx->extradata = av_mallocz(extradata_size + AV_INPUT_BUFFER_PADDING_SIZE); if (!i->avctx->extradata) { av_packet_unref(pkt_ref); return AVERROR(ENOMEM); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/zmbv: Check that the decompressed data size is correct
ffmpeg | branch: release/4.0 | Michael Niedermayer | Tue Sep 18 00:28:37 2018 +0200| [47f608a7e146d57bb910c3b2e2f4dd24ecef4ab1] | committer: Michael Niedermayer avcodec/zmbv: Check that the decompressed data size is correct This checks the value exactly for intra frames and checks it against a minimum for inter frames as they can be variable. Fixes: Timeout Fixes: 10182/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ZMBV_fuzzer-6245951174344704 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol Signed-off-by: Michael Niedermayer (cherry picked from commit e33b28cc79d164fff22bfee750c9283587c00bc4) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=47f608a7e146d57bb910c3b2e2f4dd24ecef4ab1 --- libavcodec/zmbv.c | 14 ++ 1 file changed, 14 insertions(+) diff --git a/libavcodec/zmbv.c b/libavcodec/zmbv.c index 1ec656be36..b994e96e95 100644 --- a/libavcodec/zmbv.c +++ b/libavcodec/zmbv.c @@ -408,6 +408,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame, AVPac int zret = Z_OK; // Zlib return code int len = buf_size; int hi_ver, lo_ver, ret; +int expected_size; /* parse header */ if (len < 1) @@ -504,6 +505,14 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame, AVPac memset(c->prev, 0, avctx->width * avctx->height * (c->bpp / 8)); c->decode_intra= decode_intra; } +if (c->flags & ZMBV_KEYFRAME) { +expected_size = avctx->width * avctx->height * (c->bpp / 8); +} else { +expected_size = (c->bx * c->by * 2 + 3) & ~3; +} +if (avctx->pix_fmt == AV_PIX_FMT_PAL8 && +(c->flags & (ZMBV_DELTAPAL | ZMBV_KEYFRAME))) +expected_size += 768; if (!c->decode_intra) { av_log(avctx, AV_LOG_ERROR, "Error! Got no format or no keyframe!\n"); @@ -533,6 +542,11 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame, AVPac } c->decomp_len = c->zstream.total_out; } +if (expected_size > c->decomp_len || +(c->flags & ZMBV_KEYFRAME) && expected_size < c->decomp_len) { +av_log(avctx, AV_LOG_ERROR, "decompressed size %d is incorrect, expected %d\n", c->decomp_len, expected_size); +return AVERROR_INVALIDDATA; +} if (c->flags & ZMBV_KEYFRAME) { frame->key_frame = 1; frame->pict_type = AV_PICTURE_TYPE_I; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/snowdec: Fix integer overflow with motion vector residual
ffmpeg | branch: release/4.0 | Michael Niedermayer | Mon Aug 20 20:15:19 2018 +0200| [a04ff0c054e8036c8a9d1421a46bf936a66e3bc0] | committer: Michael Niedermayer avcodec/snowdec: Fix integer overflow with motion vector residual Fixes: signed integer overflow: -19818 + -2147483648 cannot be represented in type 'int' Fixes: 9545/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-4928769537081344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit acba153a148782c08f9fd17f0c05b93468f3cbd0) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a04ff0c054e8036c8a9d1421a46bf936a66e3bc0 --- libavcodec/snowdec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/snowdec.c b/libavcodec/snowdec.c index 0146a2a4c9..59bd24e881 100644 --- a/libavcodec/snowdec.c +++ b/libavcodec/snowdec.c @@ -208,8 +208,8 @@ static int decode_q_branch(SnowContext *s, int level, int x, int y){ return AVERROR_INVALIDDATA; } pred_mv(s, &mx, &my, ref, left, top, tr); -mx+= get_symbol(&s->c, &s->block_state[128 + 32*(mx_context + 16*!!ref)], 1); -my+= get_symbol(&s->c, &s->block_state[128 + 32*(my_context + 16*!!ref)], 1); +mx+= (unsigned)get_symbol(&s->c, &s->block_state[128 + 32*(mx_context + 16*!!ref)], 1); +my+= (unsigned)get_symbol(&s->c, &s->block_state[128 + 32*(my_context + 16*!!ref)], 1); } set_blocks(s, level, x, y, l, cb, cr, mx, my, ref, type); }else{ ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/dashdec: Fix strlen(rep_id_val) with it being NULL
ffmpeg | branch: release/4.0 | Michael Niedermayer | Sat Aug 18 02:19:51 2018 +0200| [f2b51fd54c44659ef9d6b39abd38b87de6d8848d] | committer: Michael Niedermayer avformat/dashdec: Fix strlen(rep_id_val) with it being NULL Fixes: dash-crash-da39a3ee5e6b4b0d3255bfef95601890afd80709.xml Found-by: Paul Ch Reviewed-by: Steven Liu Signed-off-by: Michael Niedermayer (cherry picked from commit 46753bfdd0182f721499939a1118c0406c8a3674) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f2b51fd54c44659ef9d6b39abd38b87de6d8848d --- libavformat/dashdec.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavformat/dashdec.c b/libavformat/dashdec.c index 8bfde4dbce..a51154699f 100644 --- a/libavformat/dashdec.c +++ b/libavformat/dashdec.c @@ -862,7 +862,9 @@ static int parse_manifest_representation(AVFormatContext *s, const char *url, baseurl_nodes[3] = representation_baseurl_node; ret = resolve_content_path(s, url, &c->max_url_size, baseurl_nodes, 4); -c->max_url_size = aligned(c->max_url_size + strlen(rep_id_val) + strlen(rep_bandwidth_val)); +c->max_url_size = aligned(c->max_url_size + + (rep_id_val ? strlen(rep_id_val) : 0) + + (rep_bandwidth_val ? strlen(rep_bandwidth_val) : 0)); if (ret == AVERROR(ENOMEM) || ret == 0) { goto end; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/scpr: Check for min > max in decompress_p()
ffmpeg | branch: release/4.0 | Michael Niedermayer | Sat Aug 4 23:45:52 2018 +0200| [b95c209a6108700a32cb4cdca516f1a36b56134a] | committer: Michael Niedermayer avcodec/scpr: Check for min > max in decompress_p() Fixes: Timeout Fixes: 9342/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-4795990841229312 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 3378194ce8e9a126a7cc6ed57bedde1221790469) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b95c209a6108700a32cb4cdca516f1a36b56134a --- libavcodec/scpr.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/scpr.c b/libavcodec/scpr.c index 72f59d5917..d76148998b 100644 --- a/libavcodec/scpr.c +++ b/libavcodec/scpr.c @@ -526,6 +526,9 @@ static int decompress_p(AVCodecContext *avctx, return ret; max += temp << 8; +if (min > max) +return AVERROR_INVALIDDATA; + memset(s->blocks, 0, sizeof(*s->blocks) * s->nbcount); while (min <= max) { ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/shorten: Check verbatim length
ffmpeg | branch: release/4.0 | Michael Niedermayer | Sun Aug 12 22:43:33 2018 +0200| [2c3ea340826a687ed82ff236f7ac798a622650f5] | committer: Michael Niedermayer avcodec/shorten: Check verbatim length Fixes: Timeout Fixes: 9252/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5780720709533696 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 7007dabec08f2f9f81661e71ef482dde394e17a8) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2c3ea340826a687ed82ff236f7ac798a622650f5 --- libavcodec/shorten.c | 5 + 1 file changed, 5 insertions(+) diff --git a/libavcodec/shorten.c b/libavcodec/shorten.c index 0f491090fd..9094d3fc55 100644 --- a/libavcodec/shorten.c +++ b/libavcodec/shorten.c @@ -623,6 +623,11 @@ static int shorten_decode_frame(AVCodecContext *avctx, void *data, switch (cmd) { case FN_VERBATIM: len = get_ur_golomb_shorten(&s->gb, VERBATIM_CKSIZE_SIZE); +if (len < 0 || len > get_bits_left(&s->gb)) { +av_log(avctx, AV_LOG_ERROR, "verbatim length %d invalid\n", + len); +return AVERROR_INVALIDDATA; +} while (len--) get_ur_golomb_shorten(&s->gb, VERBATIM_BYTE_SIZE); break; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/mlvdec: read_string() received unsigned size, make the argument unsigned
ffmpeg | branch: release/4.0 | Michael Niedermayer | Thu Aug 16 15:36:28 2018 +0200| [0f36c5f5c7763217de433602c280a0b3769d61d7] | committer: Michael Niedermayer avformat/mlvdec: read_string() received unsigned size, make the argument unsigned Fixes: infinite loop Fixes: mlv-timeout-e3b8cab9835edecad6823baa057e029671329d04 Found-by: Paul Ch Reviewed-by: Paul B Mahol Signed-off-by: Michael Niedermayer (cherry picked from commit 1e71cb2c8edcf3dad657c15a6fb8572862f2afb9) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0f36c5f5c7763217de433602c280a0b3769d61d7 --- libavformat/mlvdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mlvdec.c b/libavformat/mlvdec.c index d387c871ee..ded8196af2 100644 --- a/libavformat/mlvdec.c +++ b/libavformat/mlvdec.c @@ -77,7 +77,7 @@ static int check_file_header(AVIOContext *pb, uint64_t guid) return 0; } -static void read_string(AVFormatContext *avctx, AVIOContext *pb, const char *tag, int size) +static void read_string(AVFormatContext *avctx, AVIOContext *pb, const char *tag, unsigned size) { char * value = av_malloc(size + 1); if (!value) { ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/vb: Check for end of bytestream before reading blocktype
ffmpeg | branch: release/4.0 | Michael Niedermayer | Mon Aug 20 22:19:23 2018 +0200| [229025799f62a5db97f62f0f91402ceac5454112] | committer: Michael Niedermayer avcodec/vb: Check for end of bytestream before reading blocktype Fixes: Timeout Fixes: 9601/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VB_fuzzer-4550228702134272 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 1cbac9ce20d32806febf64cbd9f830e1485695ca) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=229025799f62a5db97f62f0f91402ceac5454112 --- libavcodec/vb.c | 4 1 file changed, 4 insertions(+) diff --git a/libavcodec/vb.c b/libavcodec/vb.c index 021657f7d8..c6dd6fb456 100644 --- a/libavcodec/vb.c +++ b/libavcodec/vb.c @@ -107,6 +107,10 @@ static int vb_decode_framedata(VBDecContext *c, int offset) blk2 = 0; for (blk = 0; blk < blocks; blk++) { if (!(blk & 3)) { +if (bytestream2_get_bytes_left(&g) < 1) { +av_log(c->avctx, AV_LOG_ERROR, "Insufficient data\n"); +return AVERROR_INVALIDDATA; +} blocktypes = bytestream2_get_byte(&g); } switch (blocktypes & 0xC0) { ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/qtrle: Check remaining bytestream in qtrle_decode_XYbpp()
ffmpeg | branch: release/4.0 | Michael Niedermayer | Sun Jul 29 12:40:48 2018 +0200| [f9235773d60b6228dd0b7aa79de5b06ca554c426] | committer: Michael Niedermayer avcodec/qtrle: Check remaining bytestream in qtrle_decode_XYbpp() Fixes: Timeout Fixes: 9213/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QTRLE_fuzzer-5649753332252672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 7dd836a3f9771e0e44df1b27e67d6866d91e06d7) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f9235773d60b6228dd0b7aa79de5b06ca554c426 --- libavcodec/qtrle.c | 10 ++ 1 file changed, 10 insertions(+) diff --git a/libavcodec/qtrle.c b/libavcodec/qtrle.c index 1b0d2016b5..cd8301d143 100644 --- a/libavcodec/qtrle.c +++ b/libavcodec/qtrle.c @@ -155,6 +155,8 @@ static inline void qtrle_decode_2n4bpp(QtrleContext *s, int row_ptr, CHECK_PIXEL_PTR(0); while ((rle_code = (int8_t)bytestream2_get_byte(&s->g)) != -1) { +if (bytestream2_get_bytes_left(&s->g) < 1) +return; if (rle_code == 0) { /* there's another skip code in the stream */ pixel_ptr += (num_pixels * (bytestream2_get_byte(&s->g) - 1)); @@ -210,6 +212,8 @@ static void qtrle_decode_8bpp(QtrleContext *s, int row_ptr, int lines_to_change) CHECK_PIXEL_PTR(0); while ((rle_code = (int8_t)bytestream2_get_byte(&s->g)) != -1) { +if (bytestream2_get_bytes_left(&s->g) < 1) +return; if (rle_code == 0) { /* there's another skip code in the stream */ pixel_ptr += (4 * (bytestream2_get_byte(&s->g) - 1)); @@ -259,6 +263,8 @@ static void qtrle_decode_16bpp(QtrleContext *s, int row_ptr, int lines_to_change CHECK_PIXEL_PTR(0); while ((rle_code = (int8_t)bytestream2_get_byte(&s->g)) != -1) { +if (bytestream2_get_bytes_left(&s->g) < 1) +return; if (rle_code == 0) { /* there's another skip code in the stream */ pixel_ptr += (bytestream2_get_byte(&s->g) - 1) * 2; @@ -303,6 +309,8 @@ static void qtrle_decode_24bpp(QtrleContext *s, int row_ptr, int lines_to_change CHECK_PIXEL_PTR(0); while ((rle_code = (int8_t)bytestream2_get_byte(&s->g)) != -1) { +if (bytestream2_get_bytes_left(&s->g) < 1) +return; if (rle_code == 0) { /* there's another skip code in the stream */ pixel_ptr += (bytestream2_get_byte(&s->g) - 1) * 3; @@ -350,6 +358,8 @@ static void qtrle_decode_32bpp(QtrleContext *s, int row_ptr, int lines_to_change CHECK_PIXEL_PTR(0); while ((rle_code = (int8_t)bytestream2_get_byte(&s->g)) != -1) { +if (bytestream2_get_bytes_left(&s->g) < 1) +return; if (rle_code == 0) { /* there's another skip code in the stream */ pixel_ptr += (bytestream2_get_byte(&s->g) - 1) * 4; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/mov: Error on too large stsd entry counts.
ffmpeg | branch: release/4.0 | Dale Curtis | Thu Aug 30 15:18:25 2018 -0700| [968ffb93af0449deea8617319aa0b9b5083da996] | committer: Michael Niedermayer avformat/mov: Error on too large stsd entry counts. Entries are always at least 8 bytes per the parsing code, so if we see an impossible entry count avoid massive allocations. This is similar to an existing check in mov_read_stsc(). Since ff_mov_read_stsd_entries() does eof checks, an alternative approach could be to clamp the entry count to atom.size / 8. Signed-off-by: Dale Curtis Signed-off-by: Michael Niedermayer (cherry picked from commit 320b631a99a9f759fd1d5460fd4e285d184b8186) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=968ffb93af0449deea8617319aa0b9b5083da996 --- libavformat/mov.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/mov.c b/libavformat/mov.c index ff95154e60..bd9b302e74 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -2554,7 +2554,8 @@ static int mov_read_stsd(MOVContext *c, AVIOContext *pb, MOVAtom atom) avio_rb24(pb); /* flags */ entries = avio_rb32(pb); -if (entries <= 0) { +/* Each entry contains a size (4 bytes) and format (4 bytes). */ +if (entries <= 0 || entries > atom.size / 8) { av_log(c->fc, AV_LOG_ERROR, "invalid STSD entries %d\n", entries); return AVERROR_INVALIDDATA; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/mlp_parser: Check if synccode is within buffer
ffmpeg | branch: release/4.0 | Michael Niedermayer | Sun Jul 29 13:16:37 2018 +0200| [07255282d0ba9db78ceb6f8db8770204e7db381e] | committer: Michael Niedermayer avcodec/mlp_parser: Check if synccode is within buffer Fixes: undefined shift Fixes: 9216/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEHD_fuzzer-6281404575907840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 51ac3f43b8bf3b7f2af555af319cd240bb8b4ebf) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=07255282d0ba9db78ceb6f8db8770204e7db381e --- libavcodec/mlp_parser.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/mlp_parser.c b/libavcodec/mlp_parser.c index 185bd4d667..eb3435b6cb 100644 --- a/libavcodec/mlp_parser.c +++ b/libavcodec/mlp_parser.c @@ -320,7 +320,7 @@ static int mlp_parse(AVCodecParserContext *s, mp->bytes_left = 0; } -sync_present = (AV_RB32(buf + 4) & 0xfffe) == 0xf8726fba; +sync_present = buf_size >= 8 && (AV_RB32(buf + 4) & 0xfffe) == 0xf8726fba; if (!sync_present) { /* The first nibble of a frame is a parity check of the 4-byte ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] examples: Fix use of AV_CODEC_FLAG_GLOBAL_HEADER
ffmpeg | branch: release/4.0 | Michael Bunk | Thu Aug 30 08:56:19 2018 +0200| [84ab680624e8082900012234cb500c850c4919dd] | committer: Michael Niedermayer examples: Fix use of AV_CODEC_FLAG_GLOBAL_HEADER AV_CODEC_FLAG_GLOBAL_HEADER should be set before calling avcodec_open2() to have any effect. Signed-off-by: Michael Niedermayer (cherry picked from commit a82e4fb8c6f26e75506df6818fee1b61f940cbeb) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=84ab680624e8082900012234cb500c850c4919dd --- doc/examples/transcoding.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/doc/examples/transcoding.c b/doc/examples/transcoding.c index a83fa3a185..e48837cbd2 100644 --- a/doc/examples/transcoding.c +++ b/doc/examples/transcoding.c @@ -172,6 +172,9 @@ static int open_output_file(const char *filename) enc_ctx->time_base = (AVRational){1, enc_ctx->sample_rate}; } +if (ofmt_ctx->oformat->flags & AVFMT_GLOBALHEADER) +enc_ctx->flags |= AV_CODEC_FLAG_GLOBAL_HEADER; + /* Third parameter can be used to pass settings to encoder */ ret = avcodec_open2(enc_ctx, encoder, NULL); if (ret < 0) { @@ -183,8 +186,6 @@ static int open_output_file(const char *filename) av_log(NULL, AV_LOG_ERROR, "Failed to copy encoder parameters to output stream #%u\n", i); return ret; } -if (ofmt_ctx->oformat->flags & AVFMT_GLOBALHEADER) -enc_ctx->flags |= AV_CODEC_FLAG_GLOBAL_HEADER; out_stream->time_base = enc_ctx->time_base; stream_ctx[i].enc_ctx = enc_ctx; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/indeo4: Check dimensions in decode_pic_hdr()
ffmpeg | branch: release/4.0 | Michael Niedermayer | Sun Aug 26 01:58:32 2018 +0200| [17a5df4ab8c661daa05150bb7f26107509fcd660] | committer: Michael Niedermayer avcodec/indeo4: Check dimensions in decode_pic_hdr() Fixes: Timeout Fixes: 9654/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INDEO4_fuzzer-6289863463665664 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 7592e88bfe3d5bf9109a55acd025af9110618405) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=17a5df4ab8c661daa05150bb7f26107509fcd660 --- libavcodec/indeo4.c | 8 1 file changed, 8 insertions(+) diff --git a/libavcodec/indeo4.c b/libavcodec/indeo4.c index 15ad6f8afc..4bfc6cdd74 100644 --- a/libavcodec/indeo4.c +++ b/libavcodec/indeo4.c @@ -30,6 +30,7 @@ #define BITSTREAM_READER_LE #include "avcodec.h" #include "get_bits.h" +#include "libavutil/imgutils.h" #include "indeo4data.h" #include "internal.h" #include "ivi.h" @@ -178,6 +179,13 @@ static int decode_pic_hdr(IVI45DecContext *ctx, AVCodecContext *avctx) pic_conf.chroma_bands = 0; if (pic_conf.luma_bands) pic_conf.chroma_bands = decode_plane_subdivision(&ctx->gb); + +if (av_image_check_size2(pic_conf.pic_width, pic_conf.pic_height, avctx->max_pixels, AV_PIX_FMT_YUV410P, 0, avctx) < 0) { +av_log(avctx, AV_LOG_ERROR, "picture dimensions %d %d cannot be decoded\n", + pic_conf.pic_width, pic_conf.pic_height); +return AVERROR_INVALIDDATA; +} + ctx->is_scalable = pic_conf.luma_bands != 1 || pic_conf.chroma_bands != 1; if (ctx->is_scalable && (pic_conf.luma_bands != 4 || pic_conf.chroma_bands != 1)) { av_log(avctx, AV_LOG_ERROR, "Scalability: unsupported subdivision! Luma bands: %d, chroma bands: %d\n", ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/diracdec: Check slice numbers for overflows in relation to picture dimensions
ffmpeg | branch: release/4.0 | Michael Niedermayer | Sun Jul 22 21:26:24 2018 +0200| [6cf72a56e7e643ee032464ef09703b47638fb089] | committer: Michael Niedermayer avcodec/diracdec: Check slice numbers for overflows in relation to picture dimensions Fixes: signed integer overflow: 88 * 33685506 cannot be represented in type 'int' Fixes: 9433/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5725943535501312 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit f457c0ad7f73e31e99761f2ad3738cf3b3c24ca0) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6cf72a56e7e643ee032464ef09703b47638fb089 --- libavcodec/diracdec.c | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c index 4ef1b3ea9b..b27c743c58 100644 --- a/libavcodec/diracdec.c +++ b/libavcodec/diracdec.c @@ -1243,7 +1243,10 @@ static int dirac_unpack_idwt_params(DiracContext *s) else { s->num_x= get_interleaved_ue_golomb(gb); s->num_y= get_interleaved_ue_golomb(gb); -if (s->num_x * s->num_y == 0 || s->num_x * (uint64_t)s->num_y > INT_MAX) { +if (s->num_x * s->num_y == 0 || s->num_x * (uint64_t)s->num_y > INT_MAX || +s->num_x * (uint64_t)s->avctx->width > INT_MAX || +s->num_y * (uint64_t)s->avctx->height > INT_MAX +) { av_log(s->avctx,AV_LOG_ERROR,"Invalid numx/y\n"); s->num_x = s->num_y = 0; return AVERROR_INVALIDDATA; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/rmdec: Fix EOF check in the stream loop in ivr_read_header()
ffmpeg | branch: release/4.0 | Michael Niedermayer | Thu Aug 16 15:36:29 2018 +0200| [3f095c5b56ba11b6fa684c7fb3343bd0f14f19e2] | committer: Michael Niedermayer avformat/rmdec: Fix EOF check in the stream loop in ivr_read_header() Fixes: long running loop Fixes: ivr-timeout-42468cb797f52f025fb329394702f5d4d64322d6 Found-by: Paul Ch Reviewed-by: Paul B Mahol Signed-off-by: Michael Niedermayer (cherry picked from commit c2eec1762d372663c35aaf3d6ee419bafb185057) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3f095c5b56ba11b6fa684c7fb3343bd0f14f19e2 --- libavformat/rmdec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c index 0216003e88..f26c5b4d90 100644 --- a/libavformat/rmdec.c +++ b/libavformat/rmdec.c @@ -1269,6 +1269,8 @@ static int ivr_read_header(AVFormatContext *s) if (avio_rb32(pb) == MKBETAG('M', 'L', 'T', 'I')) { ret = rm_read_multi(s, pb, st, NULL); } else { +if (avio_feof(pb)) +return AVERROR_INVALIDDATA; avio_seek(pb, -4, SEEK_CUR); ret = ff_rm_read_mdpr_codecdata(s, pb, st, st->priv_data, len, NULL); } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/dirac_dwt_template: Fix several integer overflows in horizontal_compose_daub97i()
ffmpeg | branch: release/4.0 | Michael Niedermayer | Sun Jul 22 19:11:04 2018 +0200| [8147da2bad1b942a566fb9dab322cc4dbf088497] | committer: Michael Niedermayer avcodec/dirac_dwt_template: Fix several integer overflows in horizontal_compose_daub97i() Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 8926/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-6047609228623872 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 69cac9e130dc8c9d2a5b8012011df372974adf35) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8147da2bad1b942a566fb9dab322cc4dbf088497 --- libavcodec/dirac_dwt_template.c | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libavcodec/dirac_dwt_template.c b/libavcodec/dirac_dwt_template.c index 2369c8d15b..5d55d932a1 100644 --- a/libavcodec/dirac_dwt_template.c +++ b/libavcodec/dirac_dwt_template.c @@ -190,15 +190,15 @@ static void RENAME(horizontal_compose_daub97i)(uint8_t *_b, uint8_t *_temp, int // second stage combined with interleave and shift b0 = b2 = COMPOSE_DAUB97iL0(temp[w2], temp[0], temp[w2]); -b[0] = (b0 + 1) >> 1; +b[0] = ~((~b0) >> 1); for (x = 1; x < w2; x++) { b2 = COMPOSE_DAUB97iL0(temp[x+w2-1], temp[x ], temp[x+w2]); b1 = COMPOSE_DAUB97iH0( b0, temp[x+w2-1], b2); -b[2*x-1] = (b1 + 1) >> 1; -b[2*x ] = (b2 + 1) >> 1; +b[2*x-1] = ~((~b1) >> 1); +b[2*x ] = ~((~b2) >> 1); b0 = b2; } -b[w-1] = (COMPOSE_DAUB97iH0(b2, temp[w-1], b2) + 1) >> 1; +b[w-1] = ~((~COMPOSE_DAUB97iH0(b2, temp[w-1], b2)) >> 1); } static void RENAME(vertical_compose_dirac53iH0)(uint8_t *_b0, uint8_t *_b1, uint8_t *_b2, ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/shorten: Fix signed 32bit overflow in shift in shorten_decode_frame()
ffmpeg | branch: release/4.0 | Michael Niedermayer | Sun Aug 12 23:06:55 2018 +0200| [cd42c19f53de29dd19e4561fb4364890e07ed7b5] | committer: Michael Niedermayer avcodec/shorten: Fix signed 32bit overflow in shift in shorten_decode_frame() Fixes: runtime error: left shift of 1 by 31 places cannot be represented in type 'int' Fixes: 9480/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-6647324284551168 -rss_limit_mb=2000 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 9b604e96a51a1fca92bbabfe4f7ac53f0470ee41) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cd42c19f53de29dd19e4561fb4364890e07ed7b5 --- libavcodec/shorten.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/shorten.c b/libavcodec/shorten.c index 054494f8ce..1ffb7d8d79 100644 --- a/libavcodec/shorten.c +++ b/libavcodec/shorten.c @@ -715,7 +715,7 @@ static int shorten_decode_frame(AVCodecContext *avctx, void *data, if (s->version < 2) s->offset[channel][s->nmean - 1] = sum / s->blocksize; else -s->offset[channel][s->nmean - 1] = s->bitshift == 32 ? 0 : (sum / s->blocksize) * (1 << s->bitshift); +s->offset[channel][s->nmean - 1] = s->bitshift == 32 ? 0 : (sum / s->blocksize) * (1LL << s->bitshift); } /* copy wrap samples for use with next block */ ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/diracdec: Prevent integer overflow in intermediate in global_mv()
ffmpeg | branch: release/4.0 | Michael Niedermayer | Sun Jul 22 18:58:34 2018 +0200| [f291acafbb304a0761f83ad03dfb3238b95d0a3b] | committer: Michael Niedermayer avcodec/diracdec: Prevent integer overflow in intermediate in global_mv() Fixes: signed integer overflow: -393471 * 5460 cannot be represented in type 'int' Fixes: 8890/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-6299775379963904 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 51290406461ed40b70e0e05b389a461a283f3367) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f291acafbb304a0761f83ad03dfb3238b95d0a3b --- libavcodec/diracdec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c index 753adeff61..e4cdd7ee2c 100644 --- a/libavcodec/diracdec.c +++ b/libavcodec/diracdec.c @@ -1399,8 +1399,8 @@ static void global_mv(DiracContext *s, DiracBlock *block, int x, int y, int ref) int *c = s->globalmc[ref].perspective; int m = (1> (ez+ep); block->u.mv[ref][1] = (my + (1<<(ez+ep))) >> (ez+ep); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/h264_refs: Document last if() in ff_h264_execute_ref_pic_marking()
ffmpeg | branch: release/4.0 | Michael Niedermayer | Fri Aug 17 02:06:27 2018 +0200| [7da37aa9804afd2fcaf25a1deb7863dec35ae809] | committer: Michael Niedermayer avcodec/h264_refs: Document last if() in ff_h264_execute_ref_pic_marking() Signed-off-by: Michael Niedermayer (cherry picked from commit 697984b9db4d4d199680f43ac3eb662cd1d37eff) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7da37aa9804afd2fcaf25a1deb7863dec35ae809 --- libavcodec/h264_refs.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/h264_refs.c b/libavcodec/h264_refs.c index 976044ce2c..388bd78816 100644 --- a/libavcodec/h264_refs.c +++ b/libavcodec/h264_refs.c @@ -812,6 +812,7 @@ int ff_h264_execute_ref_pic_marking(H264Context *h) } } +// Detect unmarked random access points if ( err >= 0 && h->long_ref_count==0 && ( h->short_ref_count<=2 ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/flvenc: Check audio packet size
ffmpeg | branch: release/4.0 | Michael Niedermayer | Sat Jul 28 15:03:50 2018 +0200| [386975d7a4aa4f41451f5895a689aedbf83c4ecd] | committer: Michael Niedermayer avformat/flvenc: Check audio packet size Fixes: Assertion failure Fixes: assert_flvenc.c:941_1.swf Found-by: #CHEN HONGXU# Signed-off-by: Michael Niedermayer (cherry picked from commit 6b67d7f05918f7a1ee8fc6ff21355d7e8736aa10) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=386975d7a4aa4f41451f5895a689aedbf83c4ecd --- libavformat/flvenc.c | 5 + 1 file changed, 5 insertions(+) diff --git a/libavformat/flvenc.c b/libavformat/flvenc.c index e8af48cb64..1f503679e2 100644 --- a/libavformat/flvenc.c +++ b/libavformat/flvenc.c @@ -879,6 +879,11 @@ static int flv_write_packet(AVFormatContext *s, AVPacket *pkt) int flags = -1, flags_size, ret; int64_t cur_offset = avio_tell(pb); +if (par->codec_type == AVMEDIA_TYPE_AUDIO && !pkt->size) { +av_log(s, AV_LOG_WARNING, "Empty audio Packet\n"); +return AVERROR(EINVAL); +} + if (par->codec_id == AV_CODEC_ID_VP6F || par->codec_id == AV_CODEC_ID_VP6A || par->codec_id == AV_CODEC_ID_VP6 || par->codec_id == AV_CODEC_ID_AAC) flags_size = 2; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/aacpsdsp_template: Fix integer overflow in ps_stereo_interpolate_c()
ffmpeg | branch: release/4.0 | Michael Niedermayer | Sat Jul 28 10:59:09 2018 +0200| [cc0817af0d665fd72bc7f9658cc14493724ba3fa] | committer: Michael Niedermayer avcodec/aacpsdsp_template: Fix integer overflow in ps_stereo_interpolate_c() Fixes: signed integer overflow: -1813244069 + -1407981383 cannot be represented in type 'int' Fixes: 8823/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5643295618236416 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 47db5763e21c5e3b0ddde2430d15938f8d88480d) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cc0817af0d665fd72bc7f9658cc14493724ba3fa --- libavcodec/aacpsdsp_template.c | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libavcodec/aacpsdsp_template.c b/libavcodec/aacpsdsp_template.c index 65867649c7..5f4be017d5 100644 --- a/libavcodec/aacpsdsp_template.c +++ b/libavcodec/aacpsdsp_template.c @@ -150,10 +150,10 @@ static void ps_stereo_interpolate_c(INTFLOAT (*l)[2], INTFLOAT (*r)[2], INTFLOAT h1 = h[0][1]; INTFLOAT h2 = h[0][2]; INTFLOAT h3 = h[0][3]; -INTFLOAT hs0 = h_step[0][0]; -INTFLOAT hs1 = h_step[0][1]; -INTFLOAT hs2 = h_step[0][2]; -INTFLOAT hs3 = h_step[0][3]; +UINTFLOAT hs0 = h_step[0][0]; +UINTFLOAT hs1 = h_step[0][1]; +UINTFLOAT hs2 = h_step[0][2]; +UINTFLOAT hs3 = h_step[0][3]; int n; for (n = 0; n < len; n++) { ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/diracdec: Check bytes count in else branch in decode_lowdelay() too
ffmpeg | branch: release/4.0 | Michael Niedermayer | Sun Jul 22 21:42:16 2018 +0200| [4f51a21c30c65bbfeaa24f9b0708d83d535186d1] | committer: Michael Niedermayer avcodec/diracdec: Check bytes count in else branch in decode_lowdelay() too Fixes: signed integer overflow: 8 * 340018243 cannot be represented in type 'int' Fixes: 9441/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5194665207791616 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit bed125b7108481574f36fdd6ee699b27354602e8) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4f51a21c30c65bbfeaa24f9b0708d83d535186d1 --- libavcodec/diracdec.c | 4 1 file changed, 4 insertions(+) diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c index b27c743c58..9a417caec5 100644 --- a/libavcodec/diracdec.c +++ b/libavcodec/diracdec.c @@ -986,6 +986,10 @@ static int decode_lowdelay(DiracContext *s) for (slice_x = 0; bufsize > 0 && slice_x < s->num_x; slice_x++) { bytes = (slice_num+1) * (int64_t)s->lowdelay.bytes.num / s->lowdelay.bytes.den - slice_num* (int64_t)s->lowdelay.bytes.num / s->lowdelay.bytes.den; +if (bytes >= INT_MAX || bytes*8 > bufsize) { +av_log(s->avctx, AV_LOG_ERROR, "too many bytes\n"); +return AVERROR_INVALIDDATA; +} slices[slice_num].bytes = bytes; slices[slice_num].slice_x = slice_x; slices[slice_num].slice_y = slice_y; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/diracdec: Change frame_number to 64bit as its a 32bit from the bitstream and we also have a -1 special case
ffmpeg | branch: release/4.0 | Michael Niedermayer | Sun Jul 22 20:45:39 2018 +0200| [88093d2c1fbb4f7cea3ddcb0c064876ab26e170d] | committer: Michael Niedermayer avcodec/diracdec: Change frame_number to 64bit as its a 32bit from the bitstream and we also have a -1 special case Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 9291/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-6324345860259840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 462d1be6dec5ff4768be8c202f359cbf037db3c6) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=88093d2c1fbb4f7cea3ddcb0c064876ab26e170d --- libavcodec/diracdec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c index e4cdd7ee2c..4ef1b3ea9b 100644 --- a/libavcodec/diracdec.c +++ b/libavcodec/diracdec.c @@ -141,7 +141,7 @@ typedef struct DiracContext { GetBitContext gb; AVDiracSeqHeader seq; int seen_sequence_header; -int frame_number; /* number of the next frame to display */ +int64_t frame_number; /* number of the next frame to display */ Plane plane[3]; int chroma_x_shift; int chroma_y_shift; @@ -2310,7 +2310,7 @@ static int dirac_decode_frame(AVCodecContext *avctx, void *data, int *got_frame, } if (*got_frame) -s->frame_number = picture->display_picture_number + 1; +s->frame_number = picture->display_picture_number + 1LL; return buf_idx; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] swresample/swresample: Fix input channel count in resample_first computation
ffmpeg | branch: release/4.0 | Michael Niedermayer | Tue Jul 24 22:44:12 2018 +0200| [cec6df48ba895b53ec1ebc802f42b5eb4487e9ce] | committer: Michael Niedermayer swresample/swresample: Fix input channel count in resample_first computation Found-by: Marcin Gorzel Reviewed-by: Marcin Gorzel Signed-off-by: Michael Niedermayer (cherry picked from commit bce4da85e8110b66040a5fb07ffc724ab4e09a86) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cec6df48ba895b53ec1ebc802f42b5eb4487e9ce --- libswresample/swresample.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libswresample/swresample.c b/libswresample/swresample.c index 5bd39caac4..6d28e6a798 100644 --- a/libswresample/swresample.c +++ b/libswresample/swresample.c @@ -318,7 +318,7 @@ av_cold int swr_init(struct SwrContext *s){ av_assert0(s->used_ch_count); av_assert0(s->out.ch_count); -s->resample_first= RSC*s->out.ch_count/s->in.ch_count - RSC < s->out_sample_rate/(float)s-> in_sample_rate - 1.0; +s->resample_first= RSC*s->out.ch_count/s->used_ch_count - RSC < s->out_sample_rate/(float)s-> in_sample_rate - 1.0; s->in_buffer= s->in; s->silence = s->in; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/mpegaudio_parser: Initialize poutbuf*
ffmpeg | branch: release/4.0 | Michael Niedermayer | Sun Aug 5 14:51:36 2018 +0200| [c0a6febf32318326af0d2a85b104ea6674c55d50] | committer: Michael Niedermayer avcodec/mpegaudio_parser: Initialize poutbuf* Possibly fixes: null pointer dereference Possibly fixes: 9352/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MP3ADUFLOAT_fuzzer-5146068961460224 Fixes: Heap-use-after-free Fixes: 9453/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MP3ADUFLOAT_fuzzer-5137954375729152 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 0f4c3b0b8e5435d13fd3b64c91969b31c3c018dc) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c0a6febf32318326af0d2a85b104ea6674c55d50 --- libavcodec/mpegaudio_parser.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/mpegaudio_parser.c b/libavcodec/mpegaudio_parser.c index 244281b56f..a109f12701 100644 --- a/libavcodec/mpegaudio_parser.c +++ b/libavcodec/mpegaudio_parser.c @@ -99,6 +99,8 @@ static int mpegaudio_parse(AVCodecParserContext *s1, } else if (codec_id == AV_CODEC_ID_MP3ADU) { avpriv_report_missing_feature(avctx, "MP3ADU full parser"); +*poutbuf = NULL; +*poutbuf_size = 0; return 0; /* parsers must not return error codes */ } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/shorten: Fix integer overflow in residual/LPC combination
ffmpeg | branch: release/4.0 | Michael Niedermayer | Sun Aug 12 22:55:59 2018 +0200| [32353f8bcbb4c736b4e944f239d760a8aa02e3e1] | committer: Michael Niedermayer avcodec/shorten: Fix integer overflow in residual/LPC combination Fixes: signed integer overflow: -540538872 + -2012739576 cannot be represented in type 'int' Fixes: 9255/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5758630052757504 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit db7e9082e1a1479c6a8844f7adf77eae03cc2aa7) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=32353f8bcbb4c736b4e944f239d760a8aa02e3e1 --- libavcodec/shorten.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/shorten.c b/libavcodec/shorten.c index 9094d3fc55..054494f8ce 100644 --- a/libavcodec/shorten.c +++ b/libavcodec/shorten.c @@ -391,7 +391,7 @@ static int decode_subframe_lpc(ShortenContext *s, int command, int channel, for (j = 0; j < pred_order; j++) sum += coeffs[j] * (unsigned)s->decoded[channel][i - j - 1]; s->decoded[channel][i] = get_sr_golomb_shorten(&s->gb, residual_size) + - (sum >> qshift); + (unsigned)(sum >> qshift); } /* add offset to current samples */ ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avutil/pixfmt: Document chroma plane size for odd resolutions
ffmpeg | branch: release/4.0 | Michael Niedermayer | Wed Jul 18 22:22:35 2018 +0200| [1a4a6d94ccb9be41e8ade9b26f5230b39b14b6e0] | committer: Michael Niedermayer avutil/pixfmt: Document chroma plane size for odd resolutions Signed-off-by: Michael Niedermayer (cherry picked from commit be0b77e6e83b61c2da338201b5ddfae1c9acedc5) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1a4a6d94ccb9be41e8ade9b26f5230b39b14b6e0 --- libavutil/pixfmt.h | 4 1 file changed, 4 insertions(+) diff --git a/libavutil/pixfmt.h b/libavutil/pixfmt.h index e184a56672..34a1531489 100644 --- a/libavutil/pixfmt.h +++ b/libavutil/pixfmt.h @@ -42,6 +42,10 @@ * This is stored as BGRA on little-endian CPU architectures and ARGB on * big-endian CPUs. * + * @note + * If the resolution is not a multiple of the chroma subsampling factor + * then the chroma plane resolution must be rounded up. + * * @par * When the pixel format is palettized RGB32 (AV_PIX_FMT_PAL8), the palettized * image data is stored in AVFrame.data[0]. The palette is transported in ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] lavc/svq3: Fix regression decoding some files.
ffmpeg | branch: release/4.0 | Nikolas Bowe | Mon Jul 30 17:22:02 2018 -0700| [8591d16ce5f8169efc11570916c3404d3709043d] | committer: Michael Niedermayer lavc/svq3: Fix regression decoding some files. Fixes some SVQ3 encoded files which fail to decode correctly after 6d6faa2a2d. These files exhibit lots of artifacts and logs show "Media key encryption is not implemented". However they decode without artifacts before 6d6faa2a2d. The attatched patch allows these files to successfully decode, but also reject media key files. Tested on the files in #6094 and http://samples.mplayerhq.hu/V-codecs/SVQ3/Vertical400kbit.sorenson3.mov Signed-off-by: Michael Niedermayer (cherry picked from commit 5aeb3b008080d8d4a38f245d557dbc9bd6c36dcf) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8591d16ce5f8169efc11570916c3404d3709043d --- libavcodec/svq3.c | 9 - 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/libavcodec/svq3.c b/libavcodec/svq3.c index fc17081ecf..18a4448ffa 100644 --- a/libavcodec/svq3.c +++ b/libavcodec/svq3.c @@ -1064,16 +1064,15 @@ static int svq3_decode_slice_header(AVCodecContext *avctx) av_log(s->avctx, AV_LOG_ERROR, "illegal slice type %u \n", slice_id); return -1; } -if (get_bits1(&s->gb_slice)) { -avpriv_report_missing_feature(s->avctx, "Media key encryption"); -return AVERROR_PATCHWELCOME; -} s->slice_type = ff_h264_golomb_to_pict_type[slice_id]; if ((header & 0x9F) == 2) { -i = (s->mb_num < 64) ? 5 : av_log2(s->mb_num - 1); +i = (s->mb_num < 64) ? 6 : (1 + av_log2(s->mb_num - 1)); get_bits(&s->gb_slice, i); +} else if (get_bits1(&s->gb_slice)) { +avpriv_report_missing_feature(s->avctx, "Media key encryption"); +return AVERROR_PATCHWELCOME; } s->slice_num = get_bits(&s->gb_slice, 8); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] ffplay: add options to specify window position
ffmpeg | branch: master | Dave Rice | Mon Oct 1 17:07:44 2018 -0400| [1431ff2d379e25890309569dd99ca613b4fbb564] | committer: Marton Balint ffplay: add options to specify window position Signed-off-by: Marton Balint > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1431ff2d379e25890309569dd99ca613b4fbb564 --- doc/ffplay.texi | 4 fftools/ffplay.c | 6 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/doc/ffplay.texi b/doc/ffplay.texi index dcb86ce13c..99e1d7468a 100644 --- a/doc/ffplay.texi +++ b/doc/ffplay.texi @@ -74,6 +74,10 @@ as 100. Force format. @item -window_title @var{title} Set window title (default is the input filename). +@item -left @var{title} +Set the x position for the left of the window (default is a centered window). +@item -top @var{title} +Set the y position for the top of the window (default is a centered window). @item -loop @var{number} Loops movie playback times. 0 means forever. @item -showmode @var{mode} diff --git a/fftools/ffplay.c b/fftools/ffplay.c index e375a32ec2..ab1f9faccf 100644 --- a/fftools/ffplay.c +++ b/fftools/ffplay.c @@ -314,6 +314,8 @@ static int default_width = 640; static int default_height = 480; static int screen_width = 0; static int screen_height = 0; +static int screen_left = SDL_WINDOWPOS_CENTERED; +static int screen_top = SDL_WINDOWPOS_CENTERED; static int audio_disable; static int video_disable; static int subtitle_disable; @@ -1346,7 +1348,7 @@ static int video_open(VideoState *is) SDL_SetWindowTitle(window, window_title); SDL_SetWindowSize(window, w, h); -SDL_SetWindowPosition(window, SDL_WINDOWPOS_CENTERED, SDL_WINDOWPOS_CENTERED); +SDL_SetWindowPosition(window, screen_left, screen_top); if (is_full_screen) SDL_SetWindowFullscreen(window, SDL_WINDOW_FULLSCREEN_DESKTOP); SDL_ShowWindow(window); @@ -3602,6 +3604,8 @@ static const OptionDef options[] = { { "framedrop", OPT_BOOL | OPT_EXPERT, { &framedrop }, "drop frames when cpu is too slow", "" }, { "infbuf", OPT_BOOL | OPT_EXPERT, { &infinite_buffer }, "don't limit the input buffer size (useful with realtime streams)", "" }, { "window_title", OPT_STRING | HAS_ARG, { &window_title }, "set window title", "window title" }, +{ "left", OPT_INT | HAS_ARG | OPT_EXPERT, { &screen_left }, "set the x position for the left of the window", "x pos" }, +{ "top", OPT_INT | HAS_ARG | OPT_EXPERT, { &screen_top }, "set the y position for the top of the window", "y pos" }, #if CONFIG_AVFILTER { "vf", OPT_EXPERT | HAS_ARG, { .func_arg = opt_add_vfilter }, "set video filters", "filter_graph" }, { "af", OPT_STRING | HAS_ARG, { &afilters }, "set audio filters", "filter_graph" }, ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avutil/tests/parseutils: add some big duration tests
ffmpeg | branch: master | Marton Balint | Sun Sep 30 22:10:09 2018 +0200| [416804fe412063887c1c9cd94d8ca4787d036f51] | committer: Marton Balint avutil/tests/parseutils: add some big duration tests Signed-off-by: Marton Balint > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=416804fe412063887c1c9cd94d8ca4787d036f51 --- libavutil/tests/parseutils.c | 4 tests/ref/fate/parseutils| 4 2 files changed, 8 insertions(+) diff --git a/libavutil/tests/parseutils.c b/libavutil/tests/parseutils.c index 180f624002..a1ac8d44e2 100644 --- a/libavutil/tests/parseutils.c +++ b/libavutil/tests/parseutils.c @@ -185,6 +185,10 @@ static void test_av_parse_time(void) "42.1729", "-1729.42", "12:34", +"2147483648s", +"4294967296ms", +"8589934592us", +"9223372036854775808us", }; av_log_set_level(AV_LOG_DEBUG); diff --git a/tests/ref/fate/parseutils b/tests/ref/fate/parseutils index 568b6d28be..bd36c9b01f 100644 --- a/tests/ref/fate/parseutils +++ b/tests/ref/fate/parseutils @@ -90,6 +90,10 @@ now -> 1331972053.20 = 2012-03-17T08:14:13Z 42.1729 -> +42172900 -1729.42 -> -172942 12:34->+75400 +2147483648s -> +214748364800 +4294967296ms ->+4294967296000 +8589934592us -> +8589934592 +9223372036854775808us-> error Testing av_get_known_color_name() AliceBlue -> R(240) G(248) B(255) A(0) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avfilter/af_afade: fix crossfade duration maximum value
ffmpeg | branch: master | Marton Balint | Sun Sep 30 21:18:26 2018 +0200| [0e9a09793a98a416ed86f7be0ed89dc10e9734a5] | committer: Marton Balint avfilter/af_afade: fix crossfade duration maximum value Signed-off-by: Marton Balint > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0e9a09793a98a416ed86f7be0ed89dc10e9734a5 --- libavfilter/af_afade.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavfilter/af_afade.c b/libavfilter/af_afade.c index 7216cea31d..9aab644039 100644 --- a/libavfilter/af_afade.c +++ b/libavfilter/af_afade.c @@ -363,8 +363,8 @@ AVFilter ff_af_afade = { static const AVOption acrossfade_options[] = { { "nb_samples", "set number of samples for cross fade duration", OFFSET(nb_samples), AV_OPT_TYPE_INT,{.i64 = 44100}, 1, INT32_MAX/10, FLAGS }, { "ns", "set number of samples for cross fade duration", OFFSET(nb_samples), AV_OPT_TYPE_INT,{.i64 = 44100}, 1, INT32_MAX/10, FLAGS }, -{ "duration", "set cross fade duration", OFFSET(duration), AV_OPT_TYPE_DURATION, {.i64 = 0. }, 0, 60, FLAGS }, -{ "d","set cross fade duration", OFFSET(duration), AV_OPT_TYPE_DURATION, {.i64 = 0. }, 0, 60, FLAGS }, +{ "duration", "set cross fade duration", OFFSET(duration), AV_OPT_TYPE_DURATION, {.i64 = 0. }, 0, 6000, FLAGS }, +{ "d","set cross fade duration", OFFSET(duration), AV_OPT_TYPE_DURATION, {.i64 = 0. }, 0, 6000, FLAGS }, { "overlap", "overlap 1st stream end with 2nd stream start", OFFSET(overlap), AV_OPT_TYPE_BOOL, {.i64 = 1}, 0, 1, FLAGS }, { "o","overlap 1st stream end with 2nd stream start", OFFSET(overlap), AV_OPT_TYPE_BOOL, {.i64 = 1}, 0, 1, FLAGS }, { "curve1", "set fade curve type for 1st stream", OFFSET(curve),AV_OPT_TYPE_INT,{.i64 = TRI }, 0, NB_CURVES - 1, FLAGS, "curve" }, ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avutil/parseutils: fix some overflows in duration calculations
ffmpeg | branch: master | Marton Balint | Sun Sep 30 22:34:41 2018 +0200| [4c777d52b9b1048ba92cab1a658c218c38282d25] | committer: Marton Balint avutil/parseutils: fix some overflows in duration calculations Also properly return AVERROR(ERANGE) in case of actual overflows. Signed-off-by: Marton Balint > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4c777d52b9b1048ba92cab1a658c218c38282d25 --- libavutil/parseutils.c | 14 ++ 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/libavutil/parseutils.c b/libavutil/parseutils.c index 924c49d52c..59bec6cc9d 100644 --- a/libavutil/parseutils.c +++ b/libavutil/parseutils.c @@ -661,12 +661,15 @@ int av_parse_time(int64_t *timeval, const char *timestr, int duration) if (!q) { char *o; /* parse timestr as S+ */ -dt.tm_sec = strtol(p, &o, 10); +errno = 0; +t = strtoll(p, &o, 10); if (o == p) /* the parsing didn't succeed */ return AVERROR(EINVAL); -dt.tm_min = 0; -dt.tm_hour = 0; +if (errno == ERANGE) +return AVERROR(ERANGE); q = o; +} else { +t = dt.tm_hour * 3600 + dt.tm_min * 60 + dt.tm_sec; } } @@ -688,7 +691,6 @@ int av_parse_time(int64_t *timeval, const char *timestr, int duration) } if (duration) { -t = dt.tm_hour * 3600 + dt.tm_min * 60 + dt.tm_sec; if (q[0] == 'm' && q[1] == 's') { suffix = 1000; microseconds /= 1000; @@ -734,7 +736,11 @@ int av_parse_time(int64_t *timeval, const char *timestr, int duration) if (*q) return AVERROR(EINVAL); +if (INT64_MAX / suffix < t) +return AVERROR(ERANGE); t *= suffix; +if (INT64_MAX - microseconds < t) +return AVERROR(ERANGE); t += microseconds; *timeval = negative ? -t : t; return 0; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avutil/opt: check for minimum and maximum values when setting AV_OPT_TYPE_DURATION fields
ffmpeg | branch: master | Marton Balint | Sun Sep 30 21:30:10 2018 +0200| [d40dc64173a140755f36492a0c20fc41b27d66c3] | committer: Marton Balint avutil/opt: check for minimum and maximum values when setting AV_OPT_TYPE_DURATION fields Signed-off-by: Marton Balint > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d40dc64173a140755f36492a0c20fc41b27d66c3 --- libavutil/opt.c | 21 ++--- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/libavutil/opt.c b/libavutil/opt.c index 99282605f5..93d6c26c11 100644 --- a/libavutil/opt.c +++ b/libavutil/opt.c @@ -496,15 +496,22 @@ int av_opt_set(void *obj, const char *name, const char *val, int search_flags) case AV_OPT_TYPE_SAMPLE_FMT: return set_string_sample_fmt(obj, o, val, dst); case AV_OPT_TYPE_DURATION: -if (!val) { -*(int64_t *)dst = 0; +{ +int64_t usecs = 0; +if (val) { +if ((ret = av_parse_time(&usecs, val, 1)) < 0) { +av_log(obj, AV_LOG_ERROR, "Unable to parse option value \"%s\" as duration\n", val); +return ret; +} +} +if (usecs < o->min || usecs > o->max) { +av_log(obj, AV_LOG_ERROR, "Value %f for parameter '%s' out of range [%g - %g]\n", + usecs / 100.0, o->name, o->min / 100.0, o->max / 100.0); +return AVERROR(ERANGE); +} +*(int64_t *)dst = usecs; return 0; -} else { -if ((ret = av_parse_time(dst, val, 1)) < 0) -av_log(obj, AV_LOG_ERROR, "Unable to parse option value \"%s\" as duration\n", val); -return ret; } -break; case AV_OPT_TYPE_COLOR: return set_string_color(obj, o, val, dst); case AV_OPT_TYPE_CHANNEL_LAYOUT: ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/segment: fix segment_time_delta option min/max value
ffmpeg | branch: master | Marton Balint | Sun Sep 30 21:23:55 2018 +0200| [3bfd409e59e8ce9f168bfa07f20bbe869af37522] | committer: Marton Balint avformat/segment: fix segment_time_delta option min/max value Signed-off-by: Marton Balint > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3bfd409e59e8ce9f168bfa07f20bbe869af37522 --- libavformat/segment.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/segment.c b/libavformat/segment.c index 7fb4dc7d21..e2ac2c3a7f 100644 --- a/libavformat/segment.c +++ b/libavformat/segment.c @@ -1045,7 +1045,7 @@ static const AVOption options[] = { { "segment_clocktime_offset", "set segment clocktime offset", OFFSET(clocktime_offset), AV_OPT_TYPE_DURATION, {.i64 = 0}, 0, 864LL, E}, { "segment_clocktime_wrap_duration", "set segment clocktime wrapping duration", OFFSET(clocktime_wrap_duration), AV_OPT_TYPE_DURATION, {.i64 = INT64_MAX}, 0, INT64_MAX, E}, { "segment_time", "set segment duration", OFFSET(time_str),AV_OPT_TYPE_STRING, {.str = NULL}, 0, 0, E }, -{ "segment_time_delta","set approximation value used for the segment times", OFFSET(time_delta), AV_OPT_TYPE_DURATION, {.i64 = 0}, 0, 0, E }, +{ "segment_time_delta","set approximation value used for the segment times", OFFSET(time_delta), AV_OPT_TYPE_DURATION, {.i64 = 0}, 0, INT64_MAX, E }, { "segment_times", "set segment split time points", OFFSET(times_str),AV_OPT_TYPE_STRING,{.str = NULL}, 0, 0, E }, { "segment_frames","set segment split frame numbers", OFFSET(frames_str),AV_OPT_TYPE_STRING,{.str = NULL}, 0, 0, E }, { "segment_wrap", "set number after which the index wraps", OFFSET(segment_idx_wrap), AV_OPT_TYPE_INT, {.i64 = 0}, 0, INT_MAX, E }, ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avfilter/af_afade: add logistic sigmoid curve
ffmpeg | branch: master | Paul B Mahol | Sun Oct 7 17:38:22 2018 +0200| [3d308746eb4517ed368c8b6949768ed8b2dc91e1] | committer: Paul B Mahol avfilter/af_afade: add logistic sigmoid curve > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3d308746eb4517ed368c8b6949768ed8b2dc91e1 --- doc/filters.texi | 2 ++ libavfilter/af_afade.c | 12 +++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/doc/filters.texi b/doc/filters.texi index 2ed0aa2854..b523877cf3 100644 --- a/doc/filters.texi +++ b/doc/filters.texi @@ -955,6 +955,8 @@ select inverted half of sine wave select double-exponential seat @item desi select double-exponential sigmoid +@item losi +select logistic sigmoid @end table @end table diff --git a/libavfilter/af_afade.c b/libavfilter/af_afade.c index d823e82d39..7216cea31d 100644 --- a/libavfilter/af_afade.c +++ b/libavfilter/af_afade.c @@ -57,7 +57,7 @@ typedef struct AudioFadeContext { int curve0, int curve1); } AudioFadeContext; -enum CurveType { TRI, QSIN, ESIN, HSIN, LOG, IPAR, QUA, CUB, SQU, CBR, PAR, EXP, IQSIN, IHSIN, DESE, DESI, NB_CURVES }; +enum CurveType { TRI, QSIN, ESIN, HSIN, LOG, IPAR, QUA, CUB, SQU, CBR, PAR, EXP, IQSIN, IHSIN, DESE, DESI, LOSI, NB_CURVES }; #define OFFSET(x) offsetof(AudioFadeContext, x) #define FLAGS AV_OPT_FLAG_AUDIO_PARAM|AV_OPT_FLAG_FILTERING_PARAM @@ -151,6 +151,14 @@ static double fade_gain(int curve, int64_t index, int64_t range) case DESI: gain = gain <= 0.5 ? CUBE(2 * gain) / 2: 1 - CUBE(2 * (1 - gain)) / 2; break; +case LOSI: { + const double a = 1. / (1. - 0.787) - 1; + double A = 1. / (1.0 + exp(0 -((gain-0.5) * a * 2.0))); + double B = 1. / (1.0 + exp(a)); + double C = 1. / (1.0 + exp(0-a)); + gain = (A - B) / (C - B); + } +break; } return gain; @@ -257,6 +265,7 @@ static const AVOption afade_options[] = { { "ihsin","inverted half of sine wave", 0, AV_OPT_TYPE_CONST, {.i64 = IHSIN}, 0, 0, FLAGS, "curve" }, { "dese", "double-exponential seat", 0, AV_OPT_TYPE_CONST, {.i64 = DESE }, 0, 0, FLAGS, "curve" }, { "desi", "double-exponential sigmoid", 0, AV_OPT_TYPE_CONST, {.i64 = DESI }, 0, 0, FLAGS, "curve" }, +{ "losi", "logistic sigmoid",0, AV_OPT_TYPE_CONST, {.i64 = LOSI }, 0, 0, FLAGS, "curve" }, { NULL } }; @@ -376,6 +385,7 @@ static const AVOption acrossfade_options[] = { { "ihsin","inverted half of sine wave",0, AV_OPT_TYPE_CONST, {.i64 = IHSIN}, 0, 0, FLAGS, "curve" }, { "dese", "double-exponential seat", 0, AV_OPT_TYPE_CONST, {.i64 = DESE }, 0, 0, FLAGS, "curve" }, { "desi", "double-exponential sigmoid",0, AV_OPT_TYPE_CONST, {.i64 = DESI }, 0, 0, FLAGS, "curve" }, +{ "losi", "logistic sigmoid", 0, AV_OPT_TYPE_CONST, {.i64 = LOSI }, 0, 0, FLAGS, "curve" }, { "curve2", "set fade curve type for 2nd stream", OFFSET(curve2), AV_OPT_TYPE_INT,{.i64 = TRI }, 0, NB_CURVES - 1, FLAGS, "curve" }, { "c2", "set fade curve type for 2nd stream", OFFSET(curve2), AV_OPT_TYPE_INT,{.i64 = TRI }, 0, NB_CURVES - 1, FLAGS, "curve" }, { NULL } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avfilter/avf_showspectrum: add legend support to showspectrum filter
ffmpeg | branch: master | Paul B Mahol | Sun Oct 7 12:10:59 2018 +0200| [9c120b4d4201edad9381ec7fe292de36c785fab7] | committer: Paul B Mahol avfilter/avf_showspectrum: add legend support to showspectrum filter > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9c120b4d4201edad9381ec7fe292de36c785fab7 --- doc/filters.texi | 3 + libavfilter/avf_showspectrum.c | 730 + 2 files changed, 385 insertions(+), 348 deletions(-) diff --git a/doc/filters.texi b/doc/filters.texi index c0ec41df8a..2ed0aa2854 100644 --- a/doc/filters.texi +++ b/doc/filters.texi @@ -20730,6 +20730,9 @@ Set stop frequency to which to display spectrogram. Default is @code{0}. @item fps Set upper frame rate limit. Default is @code{auto}, unlimited. + +@item legend +Draw time and frequency axes and legends. Default is disabled. @end table The usage is very similar to the showwaves filter; see the examples in that diff --git a/libavfilter/avf_showspectrum.c b/libavfilter/avf_showspectrum.c index 883413b468..41693a0ce1 100644 --- a/libavfilter/avf_showspectrum.c +++ b/libavfilter/avf_showspectrum.c @@ -91,6 +91,7 @@ typedef struct ShowSpectrumContext { AVAudioFifo *fifo; int64_t pts; int64_t old_pts; +int old_len; int single_pic; int legend; int start_x, start_y; @@ -163,6 +164,7 @@ static const AVOption showspectrum_options[] = { { "start", "start frequency", OFFSET(start), AV_OPT_TYPE_INT, {.i64 = 0}, 0, INT32_MAX, FLAGS }, { "stop", "stop frequency", OFFSET(stop), AV_OPT_TYPE_INT, {.i64 = 0}, 0, INT32_MAX, FLAGS }, { "fps", "set video rate", OFFSET(rate_str), AV_OPT_TYPE_STRING, {.str = "auto"}, 0, 0, FLAGS }, +{ "legend", "draw legend", OFFSET(legend), AV_OPT_TYPE_BOOL, {.i64 = 0}, 0, 1, FLAGS }, { NULL } }; @@ -430,6 +432,346 @@ static int run_channel_fft(AVFilterContext *ctx, void *arg, int jobnr, int nb_jo return 0; } +static void drawtext(AVFrame *pic, int x, int y, const char *txt, int o) +{ +const uint8_t *font; +int font_height; +int i; + +font = avpriv_cga_font, font_height = 8; + +for (i = 0; txt[i]; i++) { +int char_y, mask; + +if (o) { +for (char_y = font_height - 1; char_y >= 0; char_y--) { +uint8_t *p = pic->data[0] + (y + i * 10) * pic->linesize[0] + x; +for (mask = 0x80; mask; mask >>= 1) { +if (font[txt[i] * font_height + font_height - 1 - char_y] & mask) +p[char_y] = ~p[char_y]; +p += pic->linesize[0]; +} +} +} else { +uint8_t *p = pic->data[0] + y*pic->linesize[0] + (x + i*8); +for (char_y = 0; char_y < font_height; char_y++) { +for (mask = 0x80; mask; mask >>= 1) { +if (font[txt[i] * font_height + char_y] & mask) +*p = ~(*p); +p++; +} +p += pic->linesize[0] - 8; +} +} +} +} + +static void color_range(ShowSpectrumContext *s, int ch, +float *yf, float *uf, float *vf) +{ +switch (s->mode) { +case COMBINED: +// reduce range by channel count +*yf = 256.0f / s->nb_display_channels; +switch (s->color_mode) { +case RAINBOW: +case MORELAND: +case NEBULAE: +case FIRE: +case FIERY: +case FRUIT: +case COOL: +case GREEN: +case MAGMA: +case INTENSITY: +*uf = *yf; +*vf = *yf; +break; +case CHANNEL: +/* adjust saturation for mixed UV coloring */ +/* this factor is correct for infinite channels, an approximation otherwise */ +*uf = *yf * M_PI; +*vf = *yf * M_PI; +break; +default: +av_assert0(0); +} +break; +case SEPARATE: +// full range +*yf = 256.0f; +*uf = 256.0f; +*vf = 256.0f; +break; +default: +av_assert0(0); +} + +if (s->color_mode == CHANNEL) { +if (s->nb_display_channels > 1) { +*uf *= 0.5 * sin((2 * M_PI * ch) / s->nb_display_channels + M_PI * s->rotation); +*vf *= 0.5 * cos((2 * M_PI * ch) / s->nb_display_channels + M_PI * s->rotation); +} else { +*uf *= 0.5 * sin(M_PI * s->rotation); +*vf *= 0.5 * cos(M_PI * s->rotation + M_PI_2); +} +} else { +*uf += *uf * sin(M_PI * s->rotation); +*vf += *vf * cos(M_PI * s->rotation + M_PI_2); +} + +*uf *= s->saturation; +*vf *= s->saturation; +} + +static void pick_color(ShowSpectrumContext *s, + float yf, float uf, float vf, + float a, float *out) +{ +if (s->color_mode > CHANNEL) { +const int cm = s