Age | Commit message (Collapse) | Author |
|
Fixes: left shift of 1073741824 by 1 places cannot be represented in type 'int'
Fixes: signed integer overflow: 2049431315 + 262759074 cannot be represented in type 'int'
Fixes: 16012/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5719016003338240
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 392c028cd23d128f33d93b2159eed5de42f72b4d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes: Assertion failure and memleak
Fixes: 15709/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5182435093905408
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8e4b522c9146b9c14579ae7381fb1043b7423578)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes: signed integer overflow: 755176387 + 1515360583 cannot be represented in type 'int'
Fixes: 15506/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5706859232624640
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bf778af1493b0814696307432763246fb53c75e7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
filter_3800()
Fixes: left shift of negative value -4
Fixes: signed integer overflow: -15091694 * 167 cannot be represented in type 'int'
Fixes: signed integer overflow: 1898547155 + 453967445 cannot be represented in type 'int'
Fixes: 15258/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5759095564402688
Fixes: signed integer overflow: 962196438 * 31 cannot be represented in type 'int'
Fixes: 15364/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5718799845687296
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 267eb2ab7f87696e1a156ca9a5ff1b1628d170c1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes: signed integer overflow: -538976267 * 31 cannot be represented in type 'int'
Fixes: left shift of 65312 by 16 places cannot be represented in type 'int'
Fixes: 15255/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5718831688843264
Fixes: 15547/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5691384901664768
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes: signed integer overflow: -829262115 + -1410750414 cannot be represented in type 'int'
Fixes: 15251/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5651742252859392
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes: 15255/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5718831688843264
Fixes: left shift of 1 by 31 places cannot be represented in type 'int'
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes: out of array access
Fixes: PoC.ape and others
Found-by: Bingchang, Liu@VARAS of IIE
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
|
|
* commit '41ed7ab45fc693f7d7fc35664c0233f4c32d69bb':
cosmetics: Fix spelling mistakes
Merged-by: Clément Bœsch <u@pkh.me>
|
|
And simplify and explain the expression.
Fault introduced in f3fdef108eb06b1e71b29152bf6822519e787efe
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
|
|
* commit 'f3fdef108eb06b1e71b29152bf6822519e787efe':
ape: Avoid undefined behaviour
Merged-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
|
|
Signed-off-by: Diego Biurrun <diego@biurrun.de>
|
|
And simplify and explain the expression.
Fault introduced in f3fdef108eb06b1e71b29152bf6822519e787efe
|
|
Avoid the clang warning
"warning: shifting a negative signed value is undefined"
|
|
Signed-off-by: Paul B Mahol <onemda@gmail.com>
|
|
Requested by Andy E, fixes bug 687.
|
|
Fixes out of array read
Fixes: 0a7ff0c1d93da9cef28a315ec91b692a/asan_heap-oob_4a52e5_3604_9c56dbb20e308f4faeef7b35f688521a.ape
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
d3e5fbb1406995e07fccbff3ca8c1e24f57a1f7b
Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
This fixes -Wshift-negative-value reported with clang 3.7+, e.g
http://fate.ffmpeg.org/log.cgi?time=20150919172459&log=compile&slot=x86_64-darwin-clang-polly-notiling-3.7.
Note that the patch crucially depends on int >= 32 bits,
an assumption made in many places in the codebase.
Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
* commit 'def97856de6021965db86c25a732d78689bd6bb0':
lavc: AV-prefix all codec capabilities
Conflicts:
cmdutils.c
ffmpeg.c
ffplay.c
libavcodec/8svx.c
libavcodec/aacenc.c
libavcodec/ac3dec.c
libavcodec/adpcm.c
libavcodec/alac.c
libavcodec/atrac3plusdec.c
libavcodec/bink.c
libavcodec/dnxhddec.c
libavcodec/dvdec.c
libavcodec/dvenc.c
libavcodec/ffv1dec.c
libavcodec/ffv1enc.c
libavcodec/fic.c
libavcodec/flacdec.c
libavcodec/flacenc.c
libavcodec/flvdec.c
libavcodec/fraps.c
libavcodec/frwu.c
libavcodec/gifdec.c
libavcodec/h261dec.c
libavcodec/hevc.c
libavcodec/iff.c
libavcodec/imc.c
libavcodec/libopenjpegdec.c
libavcodec/libvo-aacenc.c
libavcodec/libvorbisenc.c
libavcodec/libvpxdec.c
libavcodec/libvpxenc.c
libavcodec/libx264.c
libavcodec/mjpegbdec.c
libavcodec/mjpegdec.c
libavcodec/mpegaudiodec_float.c
libavcodec/msmpeg4dec.c
libavcodec/mxpegdec.c
libavcodec/nvenc_h264.c
libavcodec/nvenc_hevc.c
libavcodec/pngdec.c
libavcodec/qpeg.c
libavcodec/ra288.c
libavcodec/rv10.c
libavcodec/s302m.c
libavcodec/sp5xdec.c
libavcodec/takdec.c
libavcodec/tiff.c
libavcodec/tta.c
libavcodec/utils.c
libavcodec/v210dec.c
libavcodec/vp6.c
libavcodec/vp9.c
libavcodec/wavpack.c
libavcodec/yop.c
Merged-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Express bitfields more simply.
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
|
|
The decode_array_0000 assumed that 64 is the minimal block size
while it is not.
CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
|
|
s->decoded_buffer is allocated with a min_size of:
2 * FFALIGN(blockstodecode, 8) * sizeof(*s->decoded_buffer)
Then it is assigned to s->decoded[0] (and s->decoded_buffer + FFALIGN(blockstodecode, 8)
to s->decoded[1]) and passed as out buffer to decode_array_0000.
In this function 64 elements of the out buffer are written
unconditionally and outside the array if blockstodecode is too small.
This causes memory corruption, leading to segmentation faults or other
crashes.
Thus change decode_array_0000 to write at most blockstodecode elements
of the out buffer.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
|
Otherwise range_start_decoding is not necessarily run and thus
ctx->rc.range still 0 in range_dec_normalize leading to an infinite
loop.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
|
Signed-off-by: Zeng Zhaoxiu <zhaoxiu.zeng@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
|
Signed-off-by: Zeng Zhaoxiu <zhaoxiu.zeng@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
|
* commit 'c67b449bebbe0b35c73b203683e77a0a649bc765':
dsputil: Split bswap*_buf() off into a separate context
Conflicts:
configure
libavcodec/4xm.c
libavcodec/ac3dec.c
libavcodec/ac3dec.h
libavcodec/apedec.c
libavcodec/eamad.c
libavcodec/flacenc.c
libavcodec/fraps.c
libavcodec/huffyuv.c
libavcodec/huffyuvdec.c
libavcodec/motionpixels.c
libavcodec/truemotion2.c
libavcodec/x86/Makefile
libavcodec/x86/dsputil_init.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
|
|
|
48078630 -> 32533850 dezi cycles
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
|
* commit 'f83896abda1e78ebbbda0f184b682b4fabadc682':
ape: Replace memset(0) by zero initialization
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
|
|
|
APE is not the sole codec using scalarproduct_and_madd_int16.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
|
* commit '054013a0fc6f2b52c60cee3e051be8cc7f82cef3':
dsputil: Move APE-specific bits into apedsp
Conflicts:
libavcodec/arm/int_neon.S
libavcodec/x86/dsputil.asm
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
|
|
|
Fixes CID1206639
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
|
* commit 'cc8163e1a3601a56f722a4720516e860bf1c6198':
avcodec: more correct printf specifiers
Conflicts:
libavcodec/4xm.c
libavcodec/alsdec.c
libavcodec/dfa.c
libavcodec/h264_ps.c
libavcodec/jpeg2000dec.c
libavcodec/lagarith.c
libavcodec/mpeg12dec.c
libavcodec/rv10.c
libavcodec/svq3.c
libavcodec/wmaprodec.c
libavcodec/xwddec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
|
|
|
Fixes use of uninitialized memory
Fixes part of msan_uninit-mem_7fa0d8c8bd58_8417_sh3.ape
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
|
Fixes assertion failure
Fixes part of msan_uninit-mem_7fa0d8c8bd58_8417_sh3.ape
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
|
Signed-off-by: Paul B Mahol <onemda@gmail.com>
|
|
* commit 'b2bed9325dbd6be0da1d91ffed3f513c40274fd2':
cosmetics: Group .name and .long_name together in codec/format declarations
Conflicts:
libavcodec/8svx.c
libavcodec/alac.c
libavcodec/cljr.c
libavcodec/dnxhddec.c
libavcodec/dnxhdenc.c
libavcodec/dpxenc.c
libavcodec/dvdec.c
libavcodec/dvdsubdec.c
libavcodec/dvdsubenc.c
libavcodec/ffv1dec.c
libavcodec/flacdec.c
libavcodec/flvdec.c
libavcodec/fraps.c
libavcodec/frwu.c
libavcodec/g726.c
libavcodec/gif.c
libavcodec/gifdec.c
libavcodec/h261dec.c
libavcodec/h263dec.c
libavcodec/iff.c
libavcodec/imc.c
libavcodec/libopencore-amr.c
libavcodec/libopenjpegdec.c
libavcodec/libopenjpegenc.c
libavcodec/libspeexenc.c
libavcodec/libvo-amrwbenc.c
libavcodec/libvorbisenc.c
libavcodec/libvpxenc.c
libavcodec/libx264.c
libavcodec/libxavs.c
libavcodec/libxvid.c
libavcodec/ljpegenc.c
libavcodec/mjpegbdec.c
libavcodec/mjpegdec.c
libavcodec/mpeg12dec.c
libavcodec/mpeg4videodec.c
libavcodec/msmpeg4dec.c
libavcodec/pgssubdec.c
libavcodec/pngdec.c
libavcodec/pngenc.c
libavcodec/proresdec_lgpl.c
libavcodec/proresenc_kostya.c
libavcodec/ra144enc.c
libavcodec/rawdec.c
libavcodec/rv10.c
libavcodec/sp5xdec.c
libavcodec/takdec.c
libavcodec/tta.c
libavcodec/v210dec.c
libavcodec/vp6.c
libavcodec/wavpack.c
libavcodec/xbmenc.c
libavcodec/yop.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
|
|
|
Only consume an AVPacket when all the samples have been read.
When the rate of samples output is limited (by the default value
of max_samples), consuming the first packet immediately will cause
timing problems:
- The first packet with PTS 0 will output 4608 samples and be
consumed entirely
- The second packet with PTS 64 will output the remaining samples
(typically, a lot, that's why max_samples exist) until the decoded
samples of the first packet have been exhausted, at which point the
samples of the second packet will be decoded and output when
av_decode_frame is called with the next packet).
That means there's a PTS jump since the first packet is 'decoded'
immediately, which can be seen with avplay or mplayer: the timing
jumps immediately to 6.2s (which is the size of a packet).
Sample: http://streams.videolan.org/issues/6348/Goldwave-MAClib.ape
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
|
|
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
|
Fixes division by 0
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
|
* commit '613a37eca4c7b8eefceaa3e0231c23ad090ca94f':
ape: 3.80-3.92 decoding support
h264: Remove an unused variable
Conflicts:
libavcodec/apedec.c
libavformat/ape.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
|
|
|
* qatar/master:
add support for Monkey's Audio versions from 3.93
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
|
* commit '9652d4fcfc9c07a726b35efc4ac644d9751b36d7':
ape: provide two additional bytes in buffer for old MAC versions
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|