Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/FFmpeg/FFmpeg.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/libavcodec/mpeg4videodec.c
AgeCommit message (Collapse)Author
2019-03-12avcodec/mpeg4videodec: Check idx in mpeg4_decode_studio_block()Michael Niedermayer
Fixes: Out of array access Fixes: 13500/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5769760178962432 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Kieran Kunhya <kierank@obe.tv> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-03-12avcodec/mpeg4videodec: Fix nonsense warningAndreas Rheinhardt
Since db772308941a2a338c7809f90d347219a6a93074 parsing of mpeg4-extradata lead to a "Failed to parse extradata" warning, because ff_mpeg4_decode_picture_header returns AVERROR_INVALIDDATA in case that no VOP was found. This patch adds a parameter to signify whether a header (where the absence of a VOP does not raise an error) or not is parsed. The first mode is of course used for parsing headers. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@googlemail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-02-16avcodec/mpeg4videodec: Clear interlaced_dct for studio profileMichael Niedermayer
Fixes: Out of array access Fixes: 13090/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5408668986638336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Kieran Kunhya <kierank@obe.tv> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-11-04avcodec/mpeg4videodec: Clear partitioned frame in decode_studio_vop_header()Michael Niedermayer
partitioned_frame is also set/cleared in decode_vop_header() Fixes: out of array read Fixes: 9789/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5638681627983872 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-10-22avcodec/mpeg4videodec: Fix typo in sprite delta checkMichael Niedermayer
Fixes: Integer overflow Fixes: 10890/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5636062181851136 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-09-20avcodec/mpeg4videodec: Fix undefined shift in get_amv()Michael Niedermayer
Fixes: runtime error: shift exponent -1 is negative Fixes: 9938/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5653783529914368 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-09-20avcodec/mpeg4videodec: Check rice_prefix_codeMichael Niedermayer
Fixes: out of array read Fixes: 10064/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5766801384800256 Fixes: 10225/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5071833448054784 Fixes: 10261/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5115048024866816 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-08-25mpeg4video: Add Studio DPCM supportKieran Kunhya
2018-08-25avcodec/mpeg4videodec: Fix slice end detection in mpeg4_decode_studio_mb()Michael Niedermayer
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-07-05avcodec/mpeg4videodec: Check for bitstream end in read_quant_matrix_ext()Michael Niedermayer
Fixes: out of array read Fixes: asff-crash-0e53d0dc491dfdd507530b66562812fbd4c36678 Found-by: Paul Ch <paulcher@icloud.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-07-04avcodec/mpeg4videodec: Remove use of FF_PROFILE_MPEG4_SIMPLE_STUDIO as ↵Michael Niedermayer
indicator of studio profile The profile field is changed by code inside and outside the decoder, its not a reliable indicator of the internal codec state. Maintaining it consistency with studio_profile is messy. Its easier to just avoid it and use only studio_profile Fixes: assertion failure Fixes: ffmpeg_crash_9.avi Found-by: Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu with AFLSmart Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-06-28avcodec/mpeg4videodec: Check read profile before setting itMichael Niedermayer
Fixes: null pointer dereference Fixes: ffmpeg_crash_7.avi Found-by: Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu with AFLSmart Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-06-13avcodec/mpeg4videodec: Clear bits_per_raw_sample if it has originated from a ↵Michael Niedermayer
previous instance Fixes: assertion failure Fixes: ffmpeg_crash_5.avi Found-by: Thuan Pham <thuanpv@comp.nus.edu.sg>, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu with AFLSmart Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-05-17avcodec/mpeg4video: Detect reference studio streams as studio streamsMichael Niedermayer
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-05-17avcodec/mpeg4videodec: Check bps (VOL header) before VOP for studio profileMichael Niedermayer
Fixes: runtime error: shift exponent -1 is negative Fixes: 7486/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-4977380939530240 Fixes: runtime error: index 36 out of bounds for type 'const uint8_t [32]' Fixes: 7566/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-6536620682510336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-05-17avcodec/mpeg4videodec: Do not corrupt bits_per_raw_sampleMichael Niedermayer
Reviewed-by: Kieran Kunhya <kierank@obe.tv> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-05-17avcodec/mpeg4videode: Eliminate out of loop VOP startcode reading for studio ↵Michael Niedermayer
profile Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-05-03avcodec/mpeg4videodec: Split decode_studio_vol_header() out of ↵Michael Niedermayer
decode_studiovisualobject() Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-05-03avcodec/mpeg4videodec: Move decode_studiovisualobject() parsing in the ↵Michael Niedermayer
branch for visual object parsing Fixes: runtime error: shift exponent -1 is negative Fixes: 7510/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5024523356209152 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-04avcodec/mpeg4videodec: unbreak multithreading decodingJames Almer
Should fix double free related crashes. Signed-off-by: James Almer <jamrial@gmail.com>
2018-04-04avcodec/mpeg4videodec: free studio profile VLCs when closing the decoderJames Almer
Fixes memleaks. Signed-off-by: James Almer <jamrial@gmail.com>
2018-04-02mpeg4video: Add support for MPEG-4 Simple Studio Profile.Kieran Kunhya
This is a profile supporting > 8-bit video and has a higher quality DCT
2018-03-26avcodec/mpeg4videodec: Use more specific error codesMichael Niedermayer
Forward error codes where possible. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-02-11avcodec/mpeg4videodec: Ignore multiple VOL headersMichael Niedermayer
Fixes: Ticket7005 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-01-29avcodec/mpeg4videodec: Avoid possibly aliasing violating castsMichael Niedermayer
Found-by: kierank Reviewed-by: Kieran Kunhya <kieran618@googlemail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-01-29avcodec/mpeg4videodec: Check mb_num also against 0Michael Niedermayer
The spec implies that 0 is invalid in addition to the existing checks Found-by: <kierank> Reviewed-by: Kieran Kunhya <kieran618@googlemail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-12-26mpeg4videodec: Fix unused variable warningMark Thompson
video_format is not used.
2017-12-21avcodec/mpeg4videodec: Add support for parsing and exporting video_rangeMichael Niedermayer
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-11-27avcodec/mpeg4videodec: fix preprocessor check for the nvdec hwaccelJames Almer
Signed-off-by: James Almer <jamrial@gmail.com>
2017-11-27lavc: Add hardware config metadata for decoders supporting hardware outputMark Thompson
This includes a pointer to the associated hwaccel for decoders using hwaccels - these will be used later to implement the hwaccel setup without needing a global list. Also added is a new file listing all hwaccels as external declarations - this will be used later to generate the hwaccel list at configure time.
2017-11-21avcodec/mpeg4videodec: Check also for negative versions in the validity checkMichael Niedermayer
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-11-21Fix undefined shift on assumed 8-bit input.Dale Curtis
decode_user_data() attempts to create an integer |build| value with 8 bits of spacing for 3 components. However each component is an int32_t, so shifting each component is undefined for values outside of the 8 bit range. This patch simply clamps input to 8-bits per component and prints out a warning that the values were clamped. Signed-off-by: Dale Curtis <dalecurtis@chromium.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-11-02Merge commit '97cfe1d8bd1968143e2ba9aa46ebe9504a835e24'James Almer
* commit '97cfe1d8bd1968143e2ba9aa46ebe9504a835e24': Convert all AVClass struct declarations to designated initializers. Merged-by: James Almer <jamrial@gmail.com>
2017-10-26Merge commit '6ac0e7818399a57e4684202bac79f35b3561ad1e'James Almer
* commit '6ac0e7818399a57e4684202bac79f35b3561ad1e': mpeg4videodec: raise an error if sprite_trajectory.table is NULL Merged-by: James Almer <jamrial@gmail.com>
2017-10-24Merge commit 'dd343fd986459f467a2d1d70c26101dff1d47d68'James Almer
* commit 'dd343fd986459f467a2d1d70c26101dff1d47d68': lavu: Drop deprecated VDPAU pixel formats Merged-by: James Almer <jamrial@gmail.com>
2017-10-11avcodec/mpeg4videodec: Use 64 bit intermediates for sprite deltaMichael Niedermayer
Fixes: runtime error: signed integer overflow: -104713 * 65536 cannot be represented in type 'int' Fixes: 3453/clusterfuzz-testcase-minimized-5555554657239040 Fixes: 3528/clusterfuzz-testcase-minimized-6283628420005888 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-08-11avcodec/mpeg4videodec: Clear mcsel before decoding an imageMichael Niedermayer
Fixes: runtime error: signed integer overflow: 2146467840 + 1032192 cannot be represented in type 'int' Fixes: 2826/clusterfuzz-testcase-minimized-5901511613743104 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-24avcodec/mpeg4videodec: Fix GMC with videos of dimension 1Michael Niedermayer
Fixes: runtime error: shift exponent -1 is negative Fixes: 2338/clusterfuzz-testcase-minimized-5153426541379584 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-21avcodec/mpeg4videodec: Fix overflow in virtual_ref computationMichael Niedermayer
Fixes: runtime error: signed integer overflow: 262144 * -16120 cannot be represented in type 'int' Fixes: 2292/clusterfuzz-testcase-minimized-6156080415506432 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-15avcodec/mpeg4videodec: Check sprite delta upshift against overflowing.Michael Niedermayer
Fixes: runtime error: signed integer overflow: -268386304 * 16 cannot be represented in type 'int' Fixes: 2204/clusterfuzz-testcase-minimized-5616756909408256 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-15avcodec/mpeg4videodec: Fix integer overflow in num_sprite_warping_points=2 caseMichael Niedermayer
Fixes: runtime error: signed integer overflow: 131072 + 2147352576 cannot be represented in type 'int' Fixes: 2192/clusterfuzz-testcase-minimized-5370387988742144 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-06avcodec/mpeg4videodec: Fix runtime error: signed integer overflow: 53098 * ↵Michael Niedermayer
40448 cannot be represented in type 'int' Fixes: 2106/clusterfuzz-testcase-minimized-6136503639998464 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-21avcodec/mpeg4videodec: Check for multiple VOL headersMichael Niedermayer
Fixes multiple: runtime error: signed integer overflow: 2147115008 + 413696 cannot be represented in type 'int' Fixes: 1723/clusterfuzz-testcase-minimized-5309409372667904 Fixes: 1727/clusterfuzz-testcase-minimized-5900685306494976 Fixes: 1737/clusterfuzz-testcase-minimized-5922321338466304 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-14avcodec/mpeg4videodec: Clear sprite wraping on unsupported cases in VOP decodeMichael Niedermayer
Fixes: Integer overflow Fixes: 1572/clusterfuzz-testcase-minimized-4578773729017856 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-04libavcodec/mpeg4videodec: Convert sprite_offset to 64bitMichael Niedermayer
This avoids intermediates from overflowing (the final values are checked) Fixes: runtime error: signed integer overflow: -167712 + -2147352576 cannot be represented in type 'int' Fixes: 1298/clusterfuzz-testcase-minimized-5955580877340672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-04-06mpeg4videodec: raise an error if sprite_trajectory.table is NULLSean McGovern
CC: libav-stable@libav.org Bug-Id: 1012
2017-03-10avcodec/mpeg4videodec: Fix runtime error: signed integer overflow: ↵Michael Niedermayer
-135088512 * 16 cannot be represented in type 'int' Fixes: 736/clusterfuzz-testcase-5580263943831552 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-03-05avcodec/mpeg4videodec: Fix runtime error: signed integer overflow: 134527392 ↵Michael Niedermayer
* 16 cannot be represented in type 'int' This checks the sprite delta intermediates for overflow Fixes: 716/clusterfuzz-testcase-4890287480504320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-03-04avcodec/mpeg4videodec: Improve the overflow checks in ↵Michael Niedermayer
mpeg4_decode_sprite_trajectory() Also clear the state on errors Fixes integer overflows in 701/clusterfuzz-testcase-6594719951880192 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-02-28avcodec/mpeg4videodec: Fix runtime error: left shift of negative value -2650Michael Niedermayer
Fixes: 674/clusterfuzz-testcase-6713275880308736 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-05 11:56:20 +0300