Age | Commit message (Collapse) | Author |
|
Replace them with av_pix_fmt_get_chroma_sub_sample.
Signed-off-by: James Almer <jamrial@gmail.com>
|
|
This prevents potential ABI issues with GetByteContext.
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
|
|
JPEGs store embedded profiles under the APP2 marker, signified
with a "ICC_PROFILE" null-terminated string header, and can be
split across multiple APP2 markers, out of order.
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
|
|
Fixes: runtime error: signed integer overflow: -16711425 + -2130772346 cannot be represented in type 'int'
Fixes: 2533/clusterfuzz-testcase-minimized-5372857678823424
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes: out of array read
Fixes: 2097/clusterfuzz-testcase-minimized-5036861833609216
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
130560 cannot be represented in type 'int'
Fixes: 1724/clusterfuzz-testcase-minimized-4842395432648704
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
2031616 cannot be represented in type 'int'
Fixes: 943/clusterfuzz-testcase-5114865297391616
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Reviewed-by: wm4 <nfxjfg@googlemail.com>
Signed-off-by: Muhammad Faiz <mfcc64@gmail.com>
|
|
Fix decoding frame.jpg from ticket #267
Regression since 9c7ee3749 / 212c6a1d7
|
|
* commit '212c6a1d70df011b6f2a2aa02f7677503287bd00':
mjpegdec: Check return values of functions that may fail
Merged-by: Clément Bœsch <u@pkh.me>
|
|
* commit '67deba8a416d818f3d95aef0aa916589090396e2':
Use avpriv_report_missing_feature() where appropriate
Merged-by: Clément Bœsch <cboesch@gopro.com>
|
|
|
|
Fixes invalid shift
Fixes: 870/clusterfuzz-testcase-5649105424482304
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
* commit 'b53d8c3ccfeff77874f5ca7c68136b6d87a0a69c':
mjpegdec: Drop disabled code
The last chunk is replaced with a comment describing the structure.
Merged-by: Clément Bœsch <u@pkh.me>
|
|
Fixes: 733/clusterfuzz-testcase-4682158096515072
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes: 693/clusterfuzz-testcase-6109776066904064
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes: 611/clusterfuzz-testcase-5613455820193792
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
mjpeg_decode_scan_progressive_ac()
Fixes timeout
Fixes: 496/clusterfuzz-testcase-5805083497332736
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Speeds up next marker search when a SOS marker is found but the frame is
discarded (which happens in avformat_find_stream_info).
|
|
Fixes timeout
Fixes: 445/fuzz-3-ffmpeg_VIDEO_AV_CODEC_ID_MJPEG_fuzzer
Fixes: 456/fuzz-2-ffmpeg_VIDEO_AV_CODEC_ID_JPEGLS_fuzzer
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes ticket #6055.
|
|
Fixes assertion failure due to unsupported case
Fixes: 356/fuzz-1-ffmpeg_VIDEO_AV_CODEC_ID_MJPEG_fuzzer
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
|
|
|
|
|
|
Fixes ticket #5805.
|
|
They may contain 0xFFs, confusing the start code finding algorithm.
Fixes ticket #5819.
|
|
|
|
* commit 'd68fb1475856cf93199e2bc4eee3063902c35df7':
mjpegdec: Properly fail on malloc failure
Merged-by: Clément Bœsch <u@pkh.me>
|
|
* commit '41ed7ab45fc693f7d7fc35664c0233f4c32d69bb':
cosmetics: Fix spelling mistakes
Merged-by: Clément Bœsch <u@pkh.me>
|
|
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
|
|
Signed-off-by: Diego Biurrun <diego@biurrun.de>
|
|
scans for progressive jpeg
Fixes: IMG-20160418-WA0002.jpg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
This fixes issues if the permutation changes, as quantizations tables would need to be reread
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes decoding of the files from ticket #4535 visually.
|
|
The change of bps from 0 doesn't contain any info useful to the
user. This message is now at info log level only if the original
value is !=0, otherwise pushed back to debug log level. The
original value is displayed additionally.
Signed-off-by: Moritz Barsnick <barsnick@gmx.net>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
|
|
Fixes: ebd58db6-dc86-11e5-91c2-59daeddf50c7.jpg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
We do neither document nor check such a requirement
and for application-provided get_buffer2 they could
contain the result of a malloc(0) or whatever value
they had previously.
This fixes a use-after-free in e.g. MPlayer:
https://trac.mplayerhq.hu/ticket/2262
We might want to consider changing the (documented)
API in addition though.
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
|
|
Fixes ticket #5267.
|
|
Fixes build on msvc.
|
|
|
|
Libav, for some reason, merged this as a public API function. This will
aid in future merges.
A define is left for backwards compat, just in case some person
used it, since it is in a public header.
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
|
|
Fixes ticket #4479.
|
|
Fixes assertion failure
Fixes: c40c779601b77dc6e19aaea0b04b9751/signal_sigabrt_7ffff6ae7cb7_5769_b94f6ec70caecb2d3d76b4771b109ac1.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes: mjpeg_left_shift.avi
Found-by: Piotr Bandurski <ami_stuff@o2.pl>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
This can happen if s->ls changes from 0 to 1, but picture allocation is
skipped due to s->interlaced.
In that case ff_jpegls_decode_picture could be called even though the
s->picture_ptr frame has the wrong pixel format and thus a wrong
linesize, which results in a too small zero buffer being allocated.
This fixes an out-of-bounds read in ls_decode_line.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
|
|
If the chroma components are subsampled, smaller buffers are allocated
for them. In that case the maximal block_offset for the chroma
components is not as large as for the luma component.
This fixes out of bounds writes causing segmentation faults or memory
corruption.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
|
|
|