James Almer [Fri, 29 May 2020 16:59:12 +0000 (13:59 -0300)]
avcodec/snow: ensure current_picture is writable before modifying its data
current_picture was not writable here because a reference existed in
at least avctx->coded_frame, and potentially elsewhere if the caller
created new ones from it.
Anton Khirnov [Thu, 4 Jun 2020 10:01:51 +0000 (12:01 +0200)]
pthread_frame: change the way delay is set
It is a constant known at codec init, so set it in
ff_frame_thread_init(). Also, only set it for video, since the meaning
of this field is not well-defined for audio with frame threading.
This causes indexes into scale_conversion_table to wrap around, alternatively they
could be clipped, the table be enlarged or we can error out. I have not found a document that specifies
what is the correct way to handle this
Fixes: out of array access Fixes: 21727/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HCA_fuzzer-5752477891952640.fuzz Fixes: 22438/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HCA_fuzzer-5640717790871552 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: division by zero Fixes: 22974/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PFM_fuzzer-6270027077779456 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Inside a function, the second ; in a double ;; is a null statement, but
outside of functions a double ;; is simply invalid C that compilers
happen to accept. v4l2_m2m_enc.c contained several ;; as a result of
macro-expansion. So change the underlying macro so that it doesn't
happen any longer.
This fixes warnings when compiling with -pedantic: "ISO C does not allow
extra ‘;’ outside of a function".
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Fixes: out of array access Fixes: 22520/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5100297658826752 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
I have attempted to write a JPEG2000 Parser. Have tested
by generating a file containing 14 frames, as mentioned
by Micheal. Have also tried testing with various packet
sizes by setting -frame_size option. Additionally,
fixed a few formatting issues as pointed out by Micheal.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avformat/oggdec: Do not hardcode arbitrary and sometimes unavailable size
Fixes: regression since e983197cbc93420b67aa7e811be47d7278c2c8a2 Fixes: out of array read Fixes: 22185/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5662069073641472 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Lynne <dev@lynne.ee> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avformat/oggdec: Initialize return value from ogg_read_page() and check it everywhere
Fixes regression since 9ad47762c17d2c6d06595aa17b88112baa91b72c Fixes: out of array access Fixes: 22172/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5658535590625280 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Lynne <dev@lynne.ee> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/huffyuvdec: Test vertical coordinate more often
Fixes: out of array access Fixes: 22892/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HYMT_fuzzer-5135996772679680.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: out of array access Fixes: 22686/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5121369624018944 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/mv30: Fix multiple integer overflows in idct_1d()
Fixes: signed integer overflow: -4869937 * 473 cannot be represented in type 'int' Fixes: 21934/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MV30_fuzzer-5667289925156864 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/mv30: Do not allow MVs outside the allocated image
Fixes: out of array read Fixes: 21804/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MV30_fuzzer-5673678898724864 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/wmalosslessdec: Fix integer overflow in mclms_predict()
Fixes: signed integer overflow: 2147483636 + 2048 cannot be represented in type 'int' Fixes: 22016/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5109395618004992 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/vp9dsp_template: Fix integer overflow(s) in iadst16_1d()
Fixes: signed integer overflow: 1080285923 - -1130879337 cannot be represented in type 'int' Fixes: 22002/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP9_fuzzer-6260237310099456 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/wavpack: Do not allow the sample format to change between channels
Fixes: out of array access Fixes: 22692/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVPACK_fuzzer-5678686190960640 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: David Bryant <david@wavpack.com> Tested-by: David Bryant <david@wavpack.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/bitpacked: add missing comma to codec tags
Fixes: array end overread Fixes: 22395/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BITPACKED_fuzzer-5760940300828672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: James Darnley <james.darnley@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Jun Zhao [Sat, 30 May 2020 12:41:31 +0000 (20:41 +0800)]
hwcontext_vulkan: fix make checkheaders fail
make checkheaders will get error as follow:
CC libavutil/hwcontext_vulkan.h.o
In file included from libavutil/hwcontext_vulkan.h.c:1:
./libavutil/hwcontext_vulkan.h:130:23: error: ‘AV_NUM_DATA_POINTERS’ undeclared here (not in a function)
130 | void *alloc_pnext[AV_NUM_DATA_POINTERS];
| ^~~~~~~~~~~~~~~~~~~~
./libavutil/hwcontext_vulkan.h:199:43: warning: ‘enum AVPixelFormat’ declared inside parameter list will not be visible outside of this definition or declaration
avcodec/jpeg2000dec: clear pointer which become stale in get_ppt()
Fixes: use after free Fixes: 22484/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5671488765296640 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Gautam Ramakrishnan <gautamramk@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Brad Hards [Wed, 27 May 2020 10:01:59 +0000 (20:01 +1000)]
avcodec: add constants for KLV pseudo-profile.
There are two different ways KLV is used in MISB specs - sync and async.
The corresponding text (in ST1401) says:
ISO/IEC 13818-1 Table-34 defines a stream_type = 0x15 for “Metadata carried in PES packets,”
and Table 2-22 defines a stream_id = 0xFC for “metadata stream.”
and
In ISO/IEC 13818-1, Table-34 defines a stream_type = 0x06 for “PES packets containing private
data,” and Table 2-22 defines a stream_id = 0xBD for “private_stream_1.”
These constants allow us to distinguish the two cases, as codec profiles.