Age | Commit message (Collapse) | Author |
|
Fixes out of array access
Fixes: 546/clusterfuzz-testcase-4809433909559296
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e477f09d0b3619f3d29173b2cd593e17e2d1978e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes out of array access
Fixes: 444/fuzz-2-ffmpeg_VIDEO_AV_CODEC_ID_PNG_fuzzer
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e371f031b942d73e02c090170975561fabd5c264)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
This reverts commit e0c6b32046f4bab7d34be77dd2f03b2a80c86d39.
Said commit changed the behavior of the demuxer and decoder in a non
backwards compatible way.
Demuxers should make extradata available at init if possible, and send
new extradata as side data within a packet if needed.
A better fix for the remuxing crash will follow.
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 16c429166ddf1736972b6ccce84bd3509ec16a34)
|
|
Fixes remuxing apng streams coming from the apng demuxer.
This is a regression since 940b8908b94404a65f9f55e33efb4ccc6c81383c.
Found-by: James Almer <jamrial@gmail.com>
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit e0c6b32046f4bab7d34be77dd2f03b2a80c86d39)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
|
|
* commit '41ed7ab45fc693f7d7fc35664c0233f4c32d69bb':
cosmetics: Fix spelling mistakes
Merged-by: Clément Bœsch <u@pkh.me>
|
|
Signed-off-by: Diego Biurrun <diego@biurrun.de>
|
|
Fixes Ticket4816
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
|
|
Fixes assertion failure
Fixes: 7f646252a30ee28b583aac1f82e7985e/signal_sigabrt_7ffff6ae7cc9_7353_62fc077bf2f454d39e188c69807193a6.png
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
|
|
The buffer needs s->bpp bytes, at maximum currently 10.
Assert that s->bpp is not larger.
This fixes a stack buffer overflow.
Reviewed-by: wm4 <nfxjfg@googlemail.com>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
|
|
* commit '1720791e36f9cc24c05efea5bb275ab52156ce50':
png: read and write stereo3d frame side data information
Merged-by: Hendrik Leppkes <h.leppkes@gmail.com>
|
|
Use optional sTER chunk defining side-by-side stereo pair
within "Extensions to the PNG 1.2 Specification", version 1.3.0.
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
|
|
|
|
Use optional sTER chunk defining side-by-side stereo pair
within "Extensions to the PNG 1.2 Specification", version 1.3.0.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Suggested-by: ubitux
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Avoids memleak on error
Fixes CID1322342
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes CID1322359, CID1322358
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
When compiled with --disable-pthreads, e.g
http://fate.ffmpeg.org/report.cgi?time=20150917015044&slot=alpha-debian-qemu-gcc-4.7,
a bunch of -Wunused-functions are reported due to missing header guards
around threading related functions.
This patch should silence such warnings.
Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>
|
|
Fixes deadlock with threads
Found-by: Paul B Mahol
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Fixes #4887.
Signed-off-by: Paul B Mahol <onemda@gmail.com>
|
|
Signed-off-by: Donny Yang <work@kota.moe>
|
|
* commit '4fee11ab05fc8569ef35c0ce86a60375c903eefb':
png: Be more informative regarding signature errors
Conflicts:
libavcodec/pngdec.c
Merged-by: Hendrik Leppkes <h.leppkes@gmail.com>
|
|
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
|
|
* commit 'def97856de6021965db86c25a732d78689bd6bb0':
lavc: AV-prefix all codec capabilities
Conflicts:
cmdutils.c
ffmpeg.c
ffplay.c
libavcodec/8svx.c
libavcodec/aacenc.c
libavcodec/ac3dec.c
libavcodec/adpcm.c
libavcodec/alac.c
libavcodec/atrac3plusdec.c
libavcodec/bink.c
libavcodec/dnxhddec.c
libavcodec/dvdec.c
libavcodec/dvenc.c
libavcodec/ffv1dec.c
libavcodec/ffv1enc.c
libavcodec/fic.c
libavcodec/flacdec.c
libavcodec/flacenc.c
libavcodec/flvdec.c
libavcodec/fraps.c
libavcodec/frwu.c
libavcodec/gifdec.c
libavcodec/h261dec.c
libavcodec/hevc.c
libavcodec/iff.c
libavcodec/imc.c
libavcodec/libopenjpegdec.c
libavcodec/libvo-aacenc.c
libavcodec/libvorbisenc.c
libavcodec/libvpxdec.c
libavcodec/libvpxenc.c
libavcodec/libx264.c
libavcodec/mjpegbdec.c
libavcodec/mjpegdec.c
libavcodec/mpegaudiodec_float.c
libavcodec/msmpeg4dec.c
libavcodec/mxpegdec.c
libavcodec/nvenc_h264.c
libavcodec/nvenc_hevc.c
libavcodec/pngdec.c
libavcodec/qpeg.c
libavcodec/ra288.c
libavcodec/rv10.c
libavcodec/s302m.c
libavcodec/sp5xdec.c
libavcodec/takdec.c
libavcodec/tiff.c
libavcodec/tta.c
libavcodec/utils.c
libavcodec/v210dec.c
libavcodec/vp6.c
libavcodec/vp9.c
libavcodec/wavpack.c
libavcodec/yop.c
Merged-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
Express bitfields more simply.
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
|
|
|
|
Signed-off-by: Donny Yang <work@kota.moe>
|
|
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
|
Previously these chunks where parsed again for each frame with threads
but not without leading to a different path and the potential for
inconsistencies
This also removes a related special case from decode_ihdr_chunk()
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
|
This is required by the APNG spec
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
|
Multiple IHDR chunks are forbidden in PNG
Fixes inconsistency and out of array accesses
Fixes: asan_heap-oob_4d5c5a_1738_cov_2638287726_c-m2-8f2b481b7fd9bd745e620b7c01a18df2.png
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
|
Currently restricted to blending pixels that only contain either
0 or 255 in their alpha components
Signed-off-by: Donny Yang <work@kota.moe>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
|
Signed-off-by: Donny Yang <work@kota.moe>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
|
Signed-off-by: Donny Yang <work@kota.moe>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
|
The spec specifies the dispose operation as how the current (i.e., currently
being rendered) frame should be disposed when the next frame is blended onto it
This is contrary to ffmpeg's current behaviour of interpreting the dispose
operation as how the previous (i.e., already rendered) frame should be disposed
This patch fixes ffmpeg's behaviour to match those of the spec, which involved
a rewrite of the blending function
Signed-off-by: Donny Yang <work@kota.moe>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
|
ARGB is not a supported PNG pixel format
Signed-off-by: Donny Yang <work@kota.moe>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
|
* commit 'b9f7a677083647d85e583d6d7384938766a293d7':
png: Set the color range as full range
Conflicts:
libavcodec/pngdec.c
See: 72e7553125e61847d9cab77fb7de62440dca746b
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
|
The format uses full range for the gray formats.
CC: libav-stable@libav.org
|
|
AV_PIX_FMT_GRAY8/16 are considered YUV formats, and the color_range is
not set - so the API user will have to assume limitted range. (Unless
the API user adds a special-case for the PNG decoder.)
Just export the correct range - full range.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
|
AV_PIX_FMT_MONOBLACK has the AV_PIX_FMT_FLAG_BITSTREAM flag, i.e.
linesize can be smaller than width.
Since x_offset is only check against the width, this can lead to
x_offset * bpp >= image_linesize.
In this case ptr could be set to a position outside the image_buf in
png_handle_row, leading to memory corruption and thus crashes.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
|
During the loop ret can get changed. Since it is not set on all failure
paths, decode_frame_common can return 0 even though an error occurred.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
|
This check was removed in commit 08aec6f6, but
s->last_picture.f->data[0] is still used in handle_p_frame_apng
unconditionally.
This fixes a segmentation fault.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
|
* commit '6a85dfc830f51f1f5c2d36d4182d265c1ea3ba25':
lavc: Replace av_dlog and tprintf with internal macros
Conflicts:
libavcodec/aacdec.c
libavcodec/audio_frame_queue.c
libavcodec/bitstream.c
libavcodec/dcadec.c
libavcodec/dnxhddec.c
libavcodec/dvbsubdec.c
libavcodec/dvdec.c
libavcodec/dvdsubdec.c
libavcodec/get_bits.h
libavcodec/gifdec.c
libavcodec/h264.h
libavcodec/h264_cabac.c
libavcodec/h264_cavlc.c
libavcodec/h264_loopfilter.c
libavcodec/h264_refs.c
libavcodec/imc.c
libavcodec/interplayvideo.c
libavcodec/jpeglsdec.c
libavcodec/libopencore-amr.c
libavcodec/mjpegdec.c
libavcodec/mpeg12dec.c
libavcodec/mpegvideo_enc.c
libavcodec/mpegvideo_parser.c
libavcodec/pngdec.c
libavcodec/ratecontrol.c
libavcodec/rv10.c
libavcodec/svq1dec.c
libavcodec/vqavideo.c
libavcodec/wmadec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
|
|
|
* commit '1e763454322f7fbc7799f6009bf2e11d7a3b9821':
png: improve signature check
Conflicts:
libavcodec/pngdec.c
See: 8a08503b78f59d61cf98b9deb99363e3e07d8599
See: 0a3589bf2f0a23b0eb68664fbb00078abe882a88
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
|
Return proper error code, print an error message and add missing
parentheses.
|
|
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
|
This fixes artifacts in the last pixel of rows with some widths and pixel formats
Found-by: Dominique Leroux <Dominique.Leroux@autodesk.com>
Tested-by: Dominique Leroux <Dominique.Leroux@autodesk.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
|
Fixes CID 1257012
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|