Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/FFmpeg/FFmpeg.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/libavcodec/diracdec.c
AgeCommit message (Collapse)Author
2019-06-05avcodec/diracdec: Fix integer overflow in global_mv()Michael Niedermayer
Fixes: signed integer overflow: 16384 * 196607 cannot be represented in type 'int' Fixes: 14810/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5091232683917312 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-05-27avcodec/diracdec: Check for arith decoder errors in ↵Michael Niedermayer
dirac_unpack_block_motion_data() Fixes: Timeout (54sec -> 188ms) Fixes: 14585/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5649933052411904 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-04-19avcodec/diracdec: Use 64bit in intermediate of global motion vector field ↵Michael Niedermayer
generation It seems the specification does not limit the value to 32bit Fixes: signed integer overflow: -109611143 * 24 cannot be represented in type 'int' Fixes: 13477/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5648337460527104 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-03-17avcodec/diracdec: Count truncated parts as errors in decode_component()Michael Niedermayer
Fixes: Timeout (29sec -> 4sec) Fixes: 13150/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5690185671507968 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-03-03avcodec/diracdec: Correct max pixels checkMichael Niedermayer
Dirac internally allocates 5 images per plane and frame currently. One being the actual image the other 4 being filtered for motion compensation. Fixes: Out of memory Fixes: 12870/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5684825871089664 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-01-16avcodec/diracdec: Propagate errors from dirac_get_arith_uint()Michael Niedermayer
Testcase: 11663/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5636791864918016 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-11-27avcodec/diracdec: Check component quantMichael Niedermayer
Fixes: Timeout Fixes: 10708/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5730140957442048 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-09-28avcodec/diracdec: check that GetBitContext has not ended in codeblock()Michael Niedermayer
Fixes: Timeout (part 2 of 2) Fixes: 9774/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5748957085958144 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-09-28avcodec/diracdec: Propagate errors from codeblock()Michael Niedermayer
Consider a component to be damaged if more than 50% of its subbands are damaged Fixes: Timeout (part 1 of 2) Fixes: 9774/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5748957085958144 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-07-28avcodec/diracdec: Check bytes count in else branch in decode_lowdelay() tooMichael Niedermayer
Fixes: signed integer overflow: 8 * 340018243 cannot be represented in type 'int' Fixes: 9441/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5194665207791616 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-07-28avcodec/diracdec: Check slice numbers for overflows in relation to picture ↵Michael Niedermayer
dimensions Fixes: signed integer overflow: 88 * 33685506 cannot be represented in type 'int' Fixes: 9433/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5725943535501312 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-07-28avcodec/diracdec: Change frame_number to 64bit as its a 32bit from the ↵Michael Niedermayer
bitstream and we also have a -1 special case Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 9291/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-6324345860259840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-07-28avcodec/diracdec: Prevent integer overflow in intermediate in global_mv()Michael Niedermayer
Fixes: signed integer overflow: -393471 * 5460 cannot be represented in type 'int' Fixes: 8890/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-6299775379963904 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-02-20avcodec/diracdec: Fix integer overflow in mv computationMichael Niedermayer
Fixes: signed integer overflow: -2072 + -2147483646 cannot be represented in type 'int' Fixes: 6097/clusterfuzz-testcase-minimized-5034145253163008 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-02-20avcodec/diracdec: Use int64 in global mv to prevent overflowMichael Niedermayer
Fixes: runtime error: signed integer overflow: 361 * -6295541 cannot be represented in type 'int' Fixes: 5911/clusterfuzz-testcase-minimized-6450382197751808 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-01-08avcodec/diracdec: Fix integer overflow with quantMichael Niedermayer
Fixes: signed integer overflow: 2 + 2147483646 cannot be represented in type 'int' Fixes: 4792/clusterfuzz-testcase-minimized-6322450775146496 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-11-03diracdec: fix deprecated API usageNicolas Frattaroli
avcodec_get_chroma_sub_sample is deprecated and generates a warning during build, so av_pix_fmt_get_chroma_sub_sample is used Signed-off-by: Nicolas Frattaroli <ffmpeg@fratti.ch> Signed-off-by: James Almer <jamrial@gmail.com>
2017-09-11avcodec/diracdec: Fix overflow in DC computationMichael Niedermayer
Fixes: runtime error: signed integer overflow: 11896 + 2147483646 cannot be represented in type 'int' Fixes: 3053/clusterfuzz-testcase-minimized-6355082062856192 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-09-03avcodec/diracdec: Fix integer overflow in INTRA_DC_PRED()Michael Niedermayer
Fixes: runtime error: signed integer overflow: 1168175789 + 1168178473 cannot be represented in type 'int' Fixes: 3081/clusterfuzz-testcase-minimized-4807564879462400 Fixes: 2844/clusterfuzz-testcase-minimized-5561715838156800 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-08-17avcodec/diracdec: Fixes integer overflowMichael Niedermayer
Fixes: runtime error: signed integer overflow: 340018243 * 27 cannot be represented in type 'int' Fixes: 2861/clusterfuzz-testcase-minimized-5361070510178304 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-08-17avcodec/diracdec: Check perspective_exp and zrs_exp.Michael Niedermayer
Fixes: undefined shift Fixes: runtime error: shift exponent 264 is too large for 32-bit type 'int' Fixes: 2860/clusterfuzz-testcase-minimized-4672811689836544 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-08-01avcodec/diracdec: Check weight_log2denomMichael Niedermayer
Fixes: runtime error: shift exponent -1 is negative Fixes: 2742/clusterfuzz-testcase-minimized-5724322402402304 Fixes: 2744/clusterfuzz-testcase-minimized-4672435653705728 Fixes: 2749/clusterfuzz-testcase-minimized-5298741273690112 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-07-29avcodec/diracdec: Fix integer overflow in divide3()Michael Niedermayer
Fixes: runtime error: signed integer overflow: -1073746548 * 21845 cannot be represented in type 'int' Fixes: 2729/clusterfuzz-testcase-minimized-5902915464069120 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-07-28avcodec/diracdec: Fix integer overflow in signed multiplication in ↵Michael Niedermayer
UNPACK_ARITH() Fixes: runtime error: signed integer overflow: 1073741823 * 4 cannot be represented in type 'int' Fixes: 2729/clusterfuzz-testcase-minimized-5902915464069120 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-07-21avcodec/diracdec: Check dimensions which are closer to what is allocated in ↵Michael Niedermayer
alloc_sequence_buffers() Fixes OOM Fixes: 2674/clusterfuzz-testcase-minimized-4999700518273024 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-25avcodec/diracdec: Fix off by 1 error in quant checkMichael Niedermayer
Fixes: out of array read Fixes: 1781/clusterfuzz-testcase-minimized-4617176877105152 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-25avcodec/diracdec: Factor quant matrix readsMichael Niedermayer
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-12avcodec/diracdec: Fix Assertion frame->buf[0] failed at libavcodec/decode.c:610Michael Niedermayer
Fixes: 1487/clusterfuzz-testcase-minimized-6288036495097856 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-03-28dirac: make initialization of arithmetic coder tables threadsafe.Ronald S. Bultje
2016-11-04diracdec: check return code of get_buffer_with_edgeAndreas Cadhalpun
If it fails, buffers aren't allocated, causing NULL pointer dereferencing. Reviewed-by: Rostislav Pehlivanov <atomnuker@gmail.com> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-11-04diracdec: clear slice_params_num_buf on allocation failureAndreas Cadhalpun
Otherwise it can be non-zero next time decode_lowdelay is called, causing slice_params_buf not to be allocated, leading to a NULL pointer dereference. The problem was introduced in commit dcad4677d637cd2f701917e38361fa96b8c9a418. Reviewed-by: Rostislav Pehlivanov <atomnuker@gmail.com> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-11-04diracdec: use correct buffer for slice_params_buf reallocAndreas Cadhalpun
This fixes a double-free detected by AddressSanitizer. The problem was introduced in commit dcad4677d637cd2f701917e38361fa96b8c9a418. Reviewed-by: Rostislav Pehlivanov <atomnuker@gmail.com> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-08-20avcodec/diracdec: Check numx/yMichael Niedermayer
Fixes division by 0 Fixes: 60261c4469ba3e11059890fb2832a515/asan_generic_135e694_2790_beb94eaa0aeb7d11c0437375a8964a99.drc Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-07-14diracdec: fix unchecked byte lengthRostislav Pehlivanov
Also drops the start variable since it's redundant. Found by Coverity, fixes CID1363964 Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>
2016-07-14diracdec: fix maximum quantization index checksRostislav Pehlivanov
Found by Coverity, fixes CID1363961 and CID1363962 Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>
2016-07-12diracdec: fix #coeffs -> byte conversionRostislav Pehlivanov
Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>
2016-07-12diracdec: do not memset the entire coefficient buffer for HQ picturesRostislav Pehlivanov
This is now handled by the slice decoding function. Signed-off-by: Rostislav Pehlivanov <rpehlivanov@obe.tv>
2016-07-12diracdec: do not allocate and free slice parameters every frameRostislav Pehlivanov
Signed-off-by: Rostislav Pehlivanov <rpehlivanov@obe.tv>
2016-07-12diracdec: implement a LUT-based Golomb code parserRostislav Pehlivanov
Still much left to optimize, but it provides a significant performance improvement - 10% for 300Mbps (1080p30), 25% for 1.5Gbps (4k 60fps) in comparison with the default implementation. Signed-off-by: Rostislav Pehlivanov <rpehlivanov@obe.tv>
2016-07-12diracdec: rewrite HQ slice decodingRostislav Pehlivanov
Now coefficients are written to a buffer and are then dequantized by the new SIMD dequantization functions. For the lower bands without enough coefficients to fill a register (and hence they overwrite) the C version of the dequantization function is used. The buffer is per-thread and will be realloc'd if anything changes. This prevents regressions and having to limit slice size. Signed-off-by: Rostislav Pehlivanov <rpehlivanov@obe.tv>
2016-07-12diractab: expose the maximum quantization index as a macroRostislav Pehlivanov
Prevents having to have random magic values in the decoder and a separate macro in the encoder. Signed-off-by: Rostislav Pehlivanov <rpehlivanov@obe.tv>
2016-07-12diracdec: decode HQ profile slices in rowsRostislav Pehlivanov
Siginificantly improves the performance. Signed-off-by: Rostislav Pehlivanov <rpehlivanov@obe.tv>
2016-07-12diracdec: simplify golomb parsing and dequantizationRostislav Pehlivanov
In preparation for the following commits, this commit simplifies the coefficient parsing and dequantization function. It was needlessly inlined without much performance gain. Signed-off-by: Rostislav Pehlivanov <rpehlivanov@obe.tv>
2016-06-26Merge commit '4024b566d664a4b161d677554be52f32e7ad4236'Hendrik Leppkes
* commit '4024b566d664a4b161d677554be52f32e7ad4236': golomb: Give svq3_get_se_golomb()/svq3_get_ue_golomb() better names Merged-by: Hendrik Leppkes <h.leppkes@gmail.com>
2016-05-19avcodec/diracdec: Fix potential integer overflowMichael Niedermayer
Fixes CID1361948 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-03-28avcodec/diracdec: check bitstream size related fields for overflowsMichael Niedermayer
Fixes segfault Fixes Ticket5333 Regression since bfc8a4dabe5a0154b31128b59dca575010176441 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-02-07diracdec: Pass DWTPlane to dwt initTimothy Gu
2016-02-07diracdec: Split DWTPlane struct from PlaneTimothy Gu
2016-02-07dirac_dwt: Rename init2 to initTimothy Gu
The functions are all private.
2016-02-03diradec: split tables away to a separate diractab fileRostislav Pehlivanov
Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-05 18:33:20 +0300