FFmpeg

Commit Graph

Author	SHA1	Message	Date
Michael Niedermayer	ce5fb015ac	avcodec/dfa: Check the chunk header is not truncated Fixes: Timeout (11sec -> 3sec) Fixes: 13218/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DFA_fuzzer-5661074316066816 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f20760fadb`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	7 years ago
Michael Niedermayer	79cc326bab	avcodec/dfa: Check dimension against maximum The headers from where the dimensions are read in actual files are limited to 16bit per component. Fixes: Timeout Fixes: 6305/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DFA_fuzzer-4824270749302784 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9d5a4fcfbb`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	7 years ago
Michael Niedermayer	9e62e1cded	avcodec/dfa: Fix: runtime error: signed integer overflow: -14202 * 196877 cannot be represented in type 'int' Fixes: 1657/clusterfuzz-testcase-minimized-4710000079405056 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `58ac7fb9c3`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	8 years ago
Michael Niedermayer	1951a44d77	avcodec/dfa: Fix signed integer overflow: -2147483648 - 1 cannot be represented in type 'int' Fixes: 1368/clusterfuzz-testcase-minimized-4507293276176384 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `12936a4585`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	8 years ago
Michael Niedermayer	1e9fa7c69f	avcodec/dfa: Fix off by 1 error Fixes out of array access Fixes: 1345/clusterfuzz-testcase-minimized-6062963045695488 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `f52fbf4f3e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	8 years ago
Vittorio Giovara	def97856de	lavc: AV-prefix all codec capabilities Express bitfields more simply. Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>	10 years ago
Diego Biurrun	cc8163e1a3	avcodec: more correct printf specifiers	12 years ago
Diego Biurrun	b2bed9325d	cosmetics: Group .name and .long_name together in codec/format declarations	12 years ago
Michael Niedermayer	e9e207ece7	dfa: Put our pointer check back. The reimplementation by Libav does not prevent out of array writes, even though it looks like it does at a quick glance. No FFmpeg releases are affected by this See: `d1c95d2ce3` `3623589edc` `740ebe468c` Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	12 years ago
Michael Niedermayer	1557f34b10	dfa: support decoding version=1.0 Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	13 years ago
Kostya Shishkov	56c1b92576	dfa: implement missing TDLT coding method	13 years ago
Paul B Mahol	1adf54de56	dfa: implement tdlt chunk decoding Sample & pseudo code provided by Vladimir "VAG" Gneushev. Signed-off-by: Paul B Mahol <onemda@gmail.com>	13 years ago
Michael Niedermayer	740ebe468c	dfa: remove redundant check Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	13 years ago
Anton Khirnov	3623589edc	dfa: check for invalid access in decode_wdlt(). This can happen when the number of skipped lines is not consistent with the number of coded lines. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org	13 years ago
Clément Bœsch	1ec94b0f06	lavc: factorize ff_{thread_,re,}get_buffer error messages. Coccinelle profile used: @@ expression r, ctx, f, loglevel, str, flags; @@ -if ((r = ff_get_buffer(ctx, f, flags)) < 0) { - av_log(ctx, loglevel, str); - return r; -} +if ((r = ff_get_buffer(ctx, f, flags)) < 0) + return r; @@ expression r, ctx, f, loglevel, str; @@ -if ((r = ff_reget_buffer(ctx, f)) < 0) { - av_log(ctx, loglevel, str); - return r; -} +if ((r = ff_reget_buffer(ctx, f)) < 0) + return r; @@ expression r, ctx, f, loglevel, str, flags; @@ -if ((r = ff_thread_get_buffer(ctx, f, flags)) < 0) { - av_log(ctx, loglevel, str); - return r; -} +if ((r = ff_thread_get_buffer(ctx, f, flags)) < 0) + return r; ...along with some manual patches for the remaining ones.	13 years ago
Anton Khirnov	759001c534	lavc decoders: work with refcounted frames.	13 years ago
Anton Khirnov	df9b956751	lavc: fix decode_frame() third parameter semantics for video decoders It's got_frame, not data size	13 years ago
Anton Khirnov	594d4d5df3	lavc: add a wrapper for AVCodecContext.get_buffer(). It will be useful in the upcoming transition to refcounted AVFrames.	13 years ago
Diego Biurrun	5bac2d0c30	avutil: Move memcpy_backptr() to mem.c The function is used elsewhere and does not belong with the LZO code.	13 years ago
Mans Rullgard	a153e45b95	dfa: use av_memcpy_backptr() where previously impossible Since the requirement for output padding has been lifted, we can use av_memcpy_backptr() here as well. Signed-off-by: Mans Rullgard <mans@mansr.com>	13 years ago
Diego Biurrun	e831b3b852	av_memcpy_backptr: Drop no longer necessary malloc padding Signed-off-by: Mans Rullgard <mans@mansr.com>	13 years ago
Michael Niedermayer	b12d92efd6	avoid "0xFF << 24" as it is considered a integer overflow in C99 Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	13 years ago
Anton Khirnov	716d413c13	Replace PIX_FMT_* -> AV_PIX_FMT_*, PixelFormat -> AVPixelFormat	13 years ago
Anton Khirnov	d05f72c754	dfa: improve boundary checks in decode_dds1() Fixes CVE-2012-2798 CC:libav-stable@libav.org	13 years ago
Michael Niedermayer	6fcd4f3c72	dfa: replace redundant check by assert The values are checked in the wraper function used to call this code. This was introduced by: `ee715f49a0` Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	13 years ago
Anton Khirnov	ee715f49a0	dfa: check that the caller set width/height properly. Fixes CVE-2012-2786.	13 years ago
Anton Khirnov	36ef5369ee	Replace all CODEC_ID_* with AV_CODEC_ID_*	13 years ago
Kostya Shishkov	fb5c1aaea6	dfa: use more meaningful return codes	13 years ago
Kostya Shishkov	8099187e89	dfa: add some checks to ensure that decoder won't write past frame end	13 years ago
Michael Niedermayer	72b9537d88	dfa: Fix out of array write in decode_dds1() Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Michael Niedermayer	d1c95d2ce3	dfa: fix out of array write in decode_wdlt() Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Martin Storsjö	00c3b67b8a	cosmetics: Align codec declarations Also break some long lines, remove codec function placeholder comments and add spaces in sample/pixel format lists. Signed-off-by: Martin Storsjö <martin@martin.st>	14 years ago
Paul B Mahol	29b0d94b43	dfa: convert to bytestream2 API Protects from overreads. Signed-off-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>	14 years ago
Reimar Döffinger	0b378e8aa9	DFA: fix "skip frame" TSW1 encoding. Previously the decoder would raise an error. The end result is the same, the time stamps only change because regression tests create time stamps incorrectly. Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>	14 years ago
Carl Eugen Hoyos	e18f70c2d1	Set Chronomaster DFA palette opaque.	14 years ago
Carl Eugen Hoyos	320f0f04a1	Fix Chronomaster DFA palette. The palette had a blue cast.	14 years ago
Anton Khirnov	ec6402b7c5	lavc: use designated initialisers for all codecs. It's more readable and less prone to breakage.	14 years ago
Diego Biurrun	b1bb3b8d87	dfa: Remove unused variable. This fixes the warning: libavcodec/dfa.c:189: warning: unused variable ‘frame_end’	14 years ago
Reimar Döffinger	2c9a5172d3	dfa: fix buffer overflow checks to avoid integer overflows. Signed-off-by: Anton Khirnov <anton@khirnov.net>	15 years ago
Michael Niedermayer	334187ade7	Fix "libavcodec/dfa.c:189: warning: unused variable ‘frame_end’" Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Reimar Döffinger	65daa942eb	Fix buffer overflow checks to avoid integer overflows.	15 years ago
Ronald S. Bultje	d38345878c	dfa: protect pointer range checks against overflows.	15 years ago
Kostya Shishkov	42315dabce	Chronomaster DFA decoder Signed-off-by: Anton Khirnov <anton@khirnov.net>	15 years ago

1 2

63 Commits (ce5fb015aceefc1c8dcfd1aff53a5ceade2a47b1)