Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/FFmpeg/FFmpeg.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/libavcodec/apedec.c
AgeCommit message (Collapse)Author
2020-02-22avcodec/apedec: fix decoding 3800 version with 2000 compression levelPaul B Mahol
2020-02-12avcodec/apedec: Fix invalid shift with 24 bpsMichael Niedermayer
Fixes: left shift of negative value -463 Fixes: 20542/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5688714435231744 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-02-04avcodec/apedec: Fix integer overflows in predictor_decode_mono_3950()Michael Niedermayer
Fixes: signed integer overflow: -2147407150 + -1871606 cannot be represented in type 'int' Fixes: 18702/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5679095417667584 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-01-30avcodec/apedec: Fix undefined integer overflow in decode_array_0000()Michael Niedermayer
Fixes: signed integer overflow: -2143289344 - 6246400 cannot be represented in type 'int' Fixes: 19239/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5173755680915456 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-15avcodec/apedec: Set error on error in ape_decode_value_3860()Michael Niedermayer
Fixes: Timeout (unknown -> 15sec) Fixes: 18808/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5677586072207360 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-10avcodec/apedec: Fix 2 integer overflowsMichael Niedermayer
Fixes: signed integer overflow: 2119056926 - -134217728 cannot be represented in type 'int' Fixes: 18728/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5747539563511808 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-11-20avcodec/apedec: Fixes integer overflow of res+*data in do_apply_filter()Michael Niedermayer
Fixes: signed integer overflow: 7400 + 2147482786 cannot be represented in type 'int' Fixes: 18405/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5708834760294400 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-11-09avcodec/apedec: Fix integer overflow in filter_3800()Michael Niedermayer
Fixes: signed integer overflow: 2117181180 + 60483298 cannot be represented in type 'int' Fixes: 18344/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5685327791915008 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-11-09avcodec/apedec: Fix undefined integer overflow in long_filter_ehigh_3830()Michael Niedermayer
Fixes: signed integer overflow: -1094995529 * 2 cannot be represented in type 'int' Fixes: 18281/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5692589180715008 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-10-29avcodec/apedec: Only clear the needed buffer space, instead of allMichael Niedermayer
Fixes: Timeout (15sec -> 0.4sec) Fixes: 18396/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5730080487112704 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-10-16avcodec/apedec: Fix integer overflow in predictor_update_3930()Michael Niedermayer
Fixes: signed integer overflow: -69555262 * 31 cannot be represented in type 'int' Fixes: 17698/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5728970447781888 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-10-16avcodec/apedec: Check remaining space in decode_array_0000()Michael Niedermayer
Fixes: Timeout (? -> 2sec) Fixes: 17886/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5728165124636672 Fixes: 18131/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5710803432374272 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-10-16avcodec/apedec: Check error flag after entropy_decode*Michael Niedermayer
Fixes: 17886/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5728165124636672 Fixes: 18131/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5710803432374272 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-09-28avcodec/apedec: Allocate decoded_buffer after successful ff_get_buffer()Michael Niedermayer
We need to reset samples in this case to avoid being stuck with incorrect samples value. Fixes: OOM Fixes: Timeout Fixes: 16627/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5638059583864832 Fixes: 17089/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5672188463546368 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-09-28avcodec/apedec: Fix several integer overflows in predictor_update_filter() ↵Michael Niedermayer
and do_apply_filter() Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself Fixes: signed integer overflow: -14527961 - 2147483425 cannot be represented in type 'int' Fixes: 16380/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5645957131141120 Fixes: 16968/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5716169901735936 Fixes: 17074/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5198710497083392 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-09-05avcodec/apedec: Fix 32bit int overflow in do_apply_filter()Michael Niedermayer
Fixes: signed integer overflow: 2147480546 + 4096 cannot be represented in type 'int' Fixes: 16280/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5123442566758400 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-09-02vcodec/apedec: Fix integer overflow in filter_3800()Michael Niedermayer
Fixes: signed integer overflow: 2021654528 + 2032575680 cannot be represented in type 'int' Fixes: 16270/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5732438816325632 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-09-02avcodec/apedec: Fix integer overflow in filter_fast_3320()Michael Niedermayer
Fixes: signed integer overflow: -1094994793 * 2 cannot be represented in type 'int' Fixes: 16139/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5663911036059648 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-08-05avcodec/apedec: Fix 2 signed overflowsMichael Niedermayer
Fixes: left shift of 1073741824 by 1 places cannot be represented in type 'int' Fixes: signed integer overflow: 2049431315 + 262759074 cannot be represented in type 'int' Fixes: 16012/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5719016003338240 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-08-05avcodec/apedec: Do not partially clear data arrayMichael Niedermayer
Fixes: Assertion failure and memleak Fixes: 15709/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5182435093905408 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-07-31avcodec/apedec: Make coeffsA/B uint32_t, this avoids several cases of ↵Michael Niedermayer
undefined behavior Changing the type to an unsigned one to avoid many casts was suggested This may be inadequate for fixing the UB on ILP64 Fixes: signed integer overflow: -1418162611 * 383 cannot be represented in type 'int' Fixes: 15547/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5691384901664768 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-07-31avcodec/apedec: make left/right unsigned to avoid undefined behaviorMichael Niedermayer
Fixes: signed integer overflow: 755176387 + 1515360583 cannot be represented in type 'int' Fixes: 15506/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5706859232624640 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-07-31avcodec/apedec: Fix multiple integer overflows and undefined behaviorin ↵Michael Niedermayer
filter_3800() Fixes: left shift of negative value -4 Fixes: signed integer overflow: -15091694 * 167 cannot be represented in type 'int' Fixes: signed integer overflow: 1898547155 + 453967445 cannot be represented in type 'int' Fixes: 15258/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5759095564402688 Fixes: signed integer overflow: 962196438 * 31 cannot be represented in type 'int' Fixes: 15364/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5718799845687296 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-07-21avcodec/apedec: Fix various integer overflowsMichael Niedermayer
Fixes: signed integer overflow: -538976267 * 31 cannot be represented in type 'int' Fixes: left shift of 65312 by 16 places cannot be represented in type 'int' Fixes: 15255/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5718831688843264 Fixes: 15547/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5691384901664768 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-07-21avcodec/apedec: Fix multiple integer overflows in predictor_update_filter()Michael Niedermayer
Fixes: signed integer overflow: -829262115 + -1410750414 cannot be represented in type 'int' Fixes: 15251/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5651742252859392 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-06-30avcodec/apedec: Add k < 24 check to the only k++ case which lacks such a checkMichael Niedermayer
Fixes: 15255/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5718831688843264 Fixes: left shift of 1 by 31 places cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-07-16avcodec/apedec: Fix integer overflowMichael Niedermayer
Fixes: out of array access Fixes: PoC.ape and others Found-by: Bingchang, Liu@VARAS of IIE Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-03-29Fix all -Wformat warnings raised by DJGPPClément Bœsch
2016-06-21Merge commit '41ed7ab45fc693f7d7fc35664c0233f4c32d69bb'Clément Bœsch
* commit '41ed7ab45fc693f7d7fc35664c0233f4c32d69bb': cosmetics: Fix spelling mistakes Merged-by: Clément Bœsch <u@pkh.me>
2016-05-12ape: Unbreak adaptcoeffs computationLuca Barbato
And simplify and explain the expression. Fault introduced in f3fdef108eb06b1e71b29152bf6822519e787efe Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2016-05-12Merge commit 'f3fdef108eb06b1e71b29152bf6822519e787efe'Derek Buitenhuis
* commit 'f3fdef108eb06b1e71b29152bf6822519e787efe': ape: Avoid undefined behaviour Merged-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2016-05-04cosmetics: Fix spelling mistakesVittorio Giovara
Signed-off-by: Diego Biurrun <diego@biurrun.de>
2016-04-24ape: Unbreak adaptcoeffs computationLuca Barbato
And simplify and explain the expression. Fault introduced in f3fdef108eb06b1e71b29152bf6822519e787efe
2016-04-19ape: Avoid undefined behaviourLuca Barbato
Avoid the clang warning "warning: shifting a negative signed value is undefined"
2016-04-12avcodec/apedec: fix decoding of stereo files with one channel full of silencePaul B Mahol
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2016-01-19ape: Show more information for loglevel verbose.Carl Eugen Hoyos
Requested by Andy E, fixes bug 687.
2015-12-02avcodec/apedec: Check length in long_filter_high_3800()Michael Niedermayer
Fixes out of array read Fixes: 0a7ff0c1d93da9cef28a315ec91b692a/asan_heap-oob_4a52e5_3604_9c56dbb20e308f4faeef7b35f688521a.ape Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-10-04avcodec/apedec: fix bug introduced in commit ↵Ganesh Ajjanagadde
d3e5fbb1406995e07fccbff3ca8c1e24f57a1f7b Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-09-29avcodec/apedec: fix undefined left shifts of negative numbersGanesh Ajjanagadde
This fixes -Wshift-negative-value reported with clang 3.7+, e.g http://fate.ffmpeg.org/log.cgi?time=20150919172459&log=compile&slot=x86_64-darwin-clang-polly-notiling-3.7. Note that the patch crucially depends on int >= 32 bits, an assumption made in many places in the codebase. Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-07-27Merge commit 'def97856de6021965db86c25a732d78689bd6bb0'Michael Niedermayer
* commit 'def97856de6021965db86c25a732d78689bd6bb0': lavc: AV-prefix all codec capabilities Conflicts: cmdutils.c ffmpeg.c ffplay.c libavcodec/8svx.c libavcodec/aacenc.c libavcodec/ac3dec.c libavcodec/adpcm.c libavcodec/alac.c libavcodec/atrac3plusdec.c libavcodec/bink.c libavcodec/dnxhddec.c libavcodec/dvdec.c libavcodec/dvenc.c libavcodec/ffv1dec.c libavcodec/ffv1enc.c libavcodec/fic.c libavcodec/flacdec.c libavcodec/flacenc.c libavcodec/flvdec.c libavcodec/fraps.c libavcodec/frwu.c libavcodec/gifdec.c libavcodec/h261dec.c libavcodec/hevc.c libavcodec/iff.c libavcodec/imc.c libavcodec/libopenjpegdec.c libavcodec/libvo-aacenc.c libavcodec/libvorbisenc.c libavcodec/libvpxdec.c libavcodec/libvpxenc.c libavcodec/libx264.c libavcodec/mjpegbdec.c libavcodec/mjpegdec.c libavcodec/mpegaudiodec_float.c libavcodec/msmpeg4dec.c libavcodec/mxpegdec.c libavcodec/nvenc_h264.c libavcodec/nvenc_hevc.c libavcodec/pngdec.c libavcodec/qpeg.c libavcodec/ra288.c libavcodec/rv10.c libavcodec/s302m.c libavcodec/sp5xdec.c libavcodec/takdec.c libavcodec/tiff.c libavcodec/tta.c libavcodec/utils.c libavcodec/v210dec.c libavcodec/vp6.c libavcodec/vp9.c libavcodec/wavpack.c libavcodec/yop.c Merged-by: Michael Niedermayer <michael@niedermayer.cc>
2015-07-27lavc: AV-prefix all codec capabilitiesVittorio Giovara
Express bitfields more simply. Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
2015-05-08ape: Support _0000 files with nblock smaller than 64Andreas Cadhalpun
The decode_array_0000 assumed that 64 is the minimal block size while it is not. CC: libav-stable@libav.org Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2015-04-28apedec: prevent out of array writes in decode_array_0000Andreas Cadhalpun
s->decoded_buffer is allocated with a min_size of: 2 * FFALIGN(blockstodecode, 8) * sizeof(*s->decoded_buffer) Then it is assigned to s->decoded[0] (and s->decoded_buffer + FFALIGN(blockstodecode, 8) to s->decoded[1]) and passed as out buffer to decode_array_0000. In this function 64 elements of the out buffer are written unconditionally and outside the array if blockstodecode is too small. This causes memory corruption, leading to segmentation faults or other crashes. Thus change decode_array_0000 to write at most blockstodecode elements of the out buffer. Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-04-28apedec: set s->samples only when init_frame_decoder succeededAndreas Cadhalpun
Otherwise range_start_decoding is not necessarily run and thus ctx->rc.range still 0 in range_dec_normalize leading to an infinite loop. Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-02-14avcodec/apedec: simplify sign conversionzhaoxiu.zeng
Signed-off-by: Zeng Zhaoxiu <zhaoxiu.zeng@gmail.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-02-14avcodec/apedec: move 'coeffs[256] and delay[256]' into, long_filter_high_3800zhaoxiu.zeng
Signed-off-by: Zeng Zhaoxiu <zhaoxiu.zeng@gmail.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-06-23Merge commit 'c67b449bebbe0b35c73b203683e77a0a649bc765'Michael Niedermayer
* commit 'c67b449bebbe0b35c73b203683e77a0a649bc765': dsputil: Split bswap*_buf() off into a separate context Conflicts: configure libavcodec/4xm.c libavcodec/ac3dec.c libavcodec/ac3dec.h libavcodec/apedec.c libavcodec/eamad.c libavcodec/flacenc.c libavcodec/fraps.c libavcodec/huffyuv.c libavcodec/huffyuvdec.c libavcodec/motionpixels.c libavcodec/truemotion2.c libavcodec/x86/Makefile libavcodec/x86/dsputil_init.c Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-06-23dsputil: Split bswap*_buf() off into a separate contextDiego Biurrun
2014-06-23avcodec/apedec: optimize sign combinationMichael Niedermayer
48078630 -> 32533850 dezi cycles Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-06-23Merge commit 'f83896abda1e78ebbbda0f184b682b4fabadc682'Michael Niedermayer
* commit 'f83896abda1e78ebbbda0f184b682b4fabadc682': ape: Replace memset(0) by zero initialization Merged-by: Michael Niedermayer <michaelni@gmx.at>
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-04 09:36:21 +0300