summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* avcodec: add Gremlin DPCM decoderPaul B Mahol2017-06-116-8/+50
| | | | Signed-off-by: Paul B Mahol <onemda@gmail.com>
* avcodec/tiff: Fix leak of geotags[].valMichael Niedermayer2017-06-111-0/+2
| | | | | | | Fixes: 2176/clusterfuzz-testcase-minimized-5908197216878592 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/fft_template: Fix multiple runtime error: signed integer overflow: ↵Michael Niedermayer2017-06-111-25/+25
| | | | | | | | | | | | -1943918714 - 1935113003 cannot be represented in type 'int' Fixes: 1735/clusterfuzz-testcase-minimized-5350472347025408 This uses unsigned instead of SUINT because the later was rejected by multiple developers See: [FFmpeg-devel] [PATCH] avcodec/fft_template: Fix multiple runtime error: signed integer overflow: -1943918714 - 1935113003 cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ra144: Fix runtime error: signed integer overflow: -2200 * 1033073 ↵Michael Niedermayer2017-06-111-1/+1
| | | | | | | | | cannot be represented in type 'int' Fixes: 2175/clusterfuzz-testcase-minimized-5809657849315328 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/flicvideo: Fix runtime error: signed integer overflow: 4864 * 459296 ↵Michael Niedermayer2017-06-101-0/+14
| | | | | | | | | cannot be represented in type 'int' Fixes: 2174/clusterfuzz-testcase-minimized-5739234533048320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/cfhd: Check band parameters before storing themMichael Niedermayer2017-06-101-9/+9
| | | | | | | | Fixes out of array read Fixes: 2169/clusterfuzz-testcase-minimized-5688641642823680 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* fate: add test for -time_base optionMichael Bradshaw2017-06-102-0/+7
| | | | | Signed-off-by: Michael Bradshaw <mjbshaw@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/h264_parse: Check picture structure when initializing weight tableMichael Niedermayer2017-06-104-9/+14
| | | | | | | | Fixes: runtime error: index 49 out of bounds for type 'int [48][2][2]' Fixes: 2159/clusterfuzz-testcase-minimized-5267945972301824 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dvbsubdec: Check pixel buffer size constraint from ETSI EN 300 743 ↵Michael Niedermayer2017-06-101-0/+4
| | | | | | | | | | V1.3.1 Fixes: OOM Fixes: 2143/clusterfuzz-testcase-minimized-5482288060039168 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dvbsubdec: Use av_image_check_size2()Michael Niedermayer2017-06-101-1/+1
| | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* lavf/mov.c: offset index timestamps by the minimum pts to make first pts zeroSasi Inguva2017-06-092-47/+70
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If the videos starts with B frame, then the minimum composition time as computed by stts + ctts will be non-zero. Hence we need to shift the DTS, so that the first pts is zero. This was the intention of that code-block. However it was subtracting by the wrong amount. For example, for one of the videos in the bug nonFormatted.mp4 we have stts: sample_count duration 960 1001 ctts: sample_count duration 1 3003 2 0 1 3003 .... The resulting composition times are : 3003, 1001, 2002, 6006, ... The minimum composition time or PTS is 1001, which should be used to offset DTS. However the code block was wrongly using ctts[0] which is 3003. Hence the PTS was negative. This change computes the minimum pts encountered while fixing the index, and then subtracts it from all the timestamps after the edit list fixes are applied. Samples files available from: https://bugs.chromium.org/p/chromium/issues/detail?id=721451 https://bugs.chromium.org/p/chromium/issues/detail?id=723537 fate-suite/h264/twofields_packet.mp4 is a similar file starting with 2 B frames. Before this change the PTS of first two B-frames was -6006 and -3003, and I am guessing one of them got dropped when being decoded and remuxed to the framecrc before, and now it is not being dropped. Signed-off-by: Sasi Inguva <isasi@google.com>
* vf_colorspace: Add a pixdesc API alias name for bt2020nc color spaceVittorio Giovara2017-06-091-0/+1
|
* x86inc: Remove argument from WIN64_RESTORE_XMMAnton Mitrofanov2017-06-091-9/+10
| | | | | The use of rsp was pretty much hardcoded there and probably didn't work otherwise with stack_size > 0.
* x86inc: Prefer r14/r15 over r12/r13 on x86-64Henrik Gramner2017-06-091-8/+8
| | | | | | | Due to a peculiarity in the ModR/M addressing encoding, the r12 and r13 registers sometimes requires an additional byte when used as a base register. r14 and r15 doesn't have that issue, so prefer using them.
* x86inc: Make REP_RET identical to RET in SSSE3+ functionsHenrik Gramner2017-06-091-1/+1
| | | | There's no point in emitting a rep prefix before ret on modern CPUs.
* x86inc: Fix call with memory operandsHenrik Gramner2017-06-091-2/+6
| | | | | | We overload the `call` instruction with a macro, but it would misbehave when the macro argument wasn't a valid identifier. Fix it by explicitly checking if the argument is an identifier.
* libavformat/http: return EIO when ffurl_read return 0, but s->off < target_endraymondzheng2017-06-091-1/+1
| | | | | Approved-by: "Ronald S. Bultje" <rsbultje@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avfilter/af_sofalizer: switch to libmysofaPaul B Mahol2017-06-084-516/+195
| | | | Signed-off-by: Paul B Mahol <onemda@gmail.com>
* lavc: add mpeg2 mediacodec decoderAman Gupta2017-06-085-1/+51
| | | | | | | Android TV and FireOS hardware supports mpeg2 hardware decoding via MediaCodec. Signed-off-by: Matthieu Bouron <matthieu.bouron@gmail.com>
* avcodec/indeo4: Check remaining data in Pic hdr extension parsing codeMichael Niedermayer2017-06-081-0/+2
| | | | | | | | Fixes: Timeout Fixes: 2115/clusterfuzz-testcase-minimized-6594111748440064 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ac3dec_fixed: Fix multiple runtime error: signed integer overflow: ↵Michael Niedermayer2017-06-081-1/+1
| | | | | | | | | -39271008 * 59 cannot be represented in type 'int' Fixes: 2113/clusterfuzz-testcase-minimized-6510704959946752 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* vf_colorspace: Add support for jedec p22 primariesVittorio Giovara2017-06-072-0/+5
| | | | Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
* vf_colorspace: Add support for smpte248 color primariesVittorio Giovara2017-06-071-0/+4
|
* MAINTAINERS: Add Manojkumar Bhosale for MIPS, remove myself.Nedeljko Babic2017-06-081-1/+1
| | | | | | | Manojkumar is taking over MIPS maintenance. Signed-off-by: Nedeljko Babic <nedeljko.babic@imgtec.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* x86/aacpsdsp: fix output of ff_ps_stereo_interpolate_ipdopd_sse3James Almer2017-06-071-1/+1
| | | | The fate-aac-al_sbr_ps_04_ur test did not detect this mistake.
* lavf: consider codec framerate for framerate detectionwm42017-06-073-0/+17
| | | | | | | Fixes detection of some TV sample as 24.5 FPS. With the patch applied, it's detected as 25 FPS. This is enabled for mpegts only.
* vorbisenc: Fix memory leak on errorsTyler Jones2017-06-061-37/+12
| | | | | | | | | | Switches temporary samples for processing to be stored in the encoder's context, avoids memory leaks if any errors occur while encoding a frame. Fixes CID1412026 Signed-off-by: Tyler Jones <tdjones879@gmail.com> Reviewed-by: Rostislav Pehlivanov <atomnuker@gmail.com>
* libavutil/eval: Add round function to expression parserKevin Mark2017-06-062-1/+7
| | | | | | | We have floor, ceil, and trunc. Let's add round. Signed-off-by: Kevin Mark <kmark937@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/utils: Slightly un-clutter code in determinable_frame_size() by ↵Michael Niedermayer2017-06-061-5/+6
| | | | | | using a switch Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* vf_colorspace: Add support for gbr color spaceVittorio Giovara2017-06-061-0/+12
| | | | Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
* avcodec/mpeg4videodec: Fix runtime error: signed integer overflow: 53098 * ↵Michael Niedermayer2017-06-061-2/+2
| | | | | | | | | 40448 cannot be represented in type 'int' Fixes: 2106/clusterfuzz-testcase-minimized-6136503639998464 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/pafvideo: Fix assertion failureMichael Niedermayer2017-06-061-1/+1
| | | | | | | Fixes: 2100/clusterfuzz-testcase-minimized-4522961547558912 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/takdec: Fix multiple runtime error: signed integer overflow: 637072 ↵Michael Niedermayer2017-06-061-2/+2
| | | | | | | | | * 4096 cannot be represented in type 'int' Fixes: 2079/clusterfuzz-testcase-minimized-5345861779324928 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* libavcodec/vp9: ipred_dl_32x32_16 avx2 implementationIlia Valiakhmetov2017-06-062-0/+65
| | | | | | | | | | | | | | | | | | | | | vp9_diag_downleft_32x32_8bpp_c: 580.2 vp9_diag_downleft_32x32_8bpp_sse2: 75.6 vp9_diag_downleft_32x32_8bpp_ssse3: 73.7 vp9_diag_downleft_32x32_8bpp_avx: 72.7 vp9_diag_downleft_32x32_10bpp_c: 1101.2 vp9_diag_downleft_32x32_10bpp_sse2: 145.4 vp9_diag_downleft_32x32_10bpp_ssse3: 137.5 vp9_diag_downleft_32x32_10bpp_avx: 134.8 vp9_diag_downleft_32x32_10bpp_avx2: 94.0 vp9_diag_downleft_32x32_12bpp_c: 1108.5 vp9_diag_downleft_32x32_12bpp_sse2: 145.5 vp9_diag_downleft_32x32_12bpp_ssse3: 137.3 vp9_diag_downleft_32x32_12bpp_avx: 135.2 vp9_diag_downleft_32x32_12bpp_avx2: 94.0 ~30% faster than avx implementation Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
* lavc/mpegvideo_enc: allow low_delay for non MPEG2 codecs depending on ↵Stefano Sabatini2017-06-061-2/+4
| | | | | | strict_std_compliance Forcing low_delay can be useful, even if not officially supported.
* fate: add fate-adts-id3v1-demuxJames Almer2017-06-052-1/+13
| | | | | | | | | | | This test the demuxer discarding non ADTS frames at the beginning and end of the input. As a side effect, this commit also enables fate-adts-demux, which was accidentally disabled in 324f0fbff1245f9e9e1dda29ecb03138a2de287d. Tested-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: James Almer <jamrial@gmail.com>
* avcodec/mjpegdec: Check that reference frame matches the current frameMichael Niedermayer2017-06-051-0/+9
| | | | | | | | Fixes: out of array read Fixes: 2097/clusterfuzz-testcase-minimized-5036861833609216 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/tiff: Avoid loosing allocated geotag valuesMichael Niedermayer2017-06-051-0/+2
| | | | | | | | Fixes memleak Fixes: 2076/clusterfuzz-testcase-minimized-6542640243802112 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/cavs: Fix runtime error: signed integer overflow: -12648062 * 256 ↵Michael Niedermayer2017-06-051-2/+1
| | | | | | | | | cannot be represented in type 'int' Fixes: 2067/clusterfuzz-testcase-minimized-5578430902960128 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* ffprobe: Use pixdesc API to provide color space namesVittorio Giovara2017-06-051-3/+4
| | | | | | | | This API is more up-to-date, provides names compatible with filters and external encoders, and is consistent with the other color property variables. Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
* vorbisenc: signal samples to skipRostislav Pehlivanov2017-06-051-0/+8
| | | | | | The encoder never actually signalled how many samples to skip. Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>
* avcodec/vorbisenc: Use a bufqueue in encoding with smaller lengthsTyler Jones2017-06-051-14/+106
| | | | | | Switching the vorbis encoder to use a buffer queue for input frames allows saving lookahead samples more easily and safely for psychoacoustic systems, requiring less pointer arithmetic in the case of transient windows.
* avcodec/vorbisenc: Include bufqueue and afqueueTyler Jones2017-06-051-0/+10
|
* avcodec/vorbisenc: Use fdsp for applying windowsTyler Jones2017-06-051-7/+9
| | | | | | | Using fdsp improves readability and allows using architecture-specific optimizations. Signed-off-by: Tyler Jones <tdjones879@gmail.com>
* avcodec/vorbisenc: Include fdspTyler Jones2017-06-051-6/+25
| | | | Signed-off-by: Tyler Jones <tdjones879@gmail.com>
* avformat/hls: Check local file extensionsMichael Niedermayer2017-06-051-1/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reduces the attack surface of local file-system information leaking. It prevents the existing exploit leading to an information leak. As well as similar hypothetical attacks. Leaks of information from files and symlinks ending in common multimedia extensions are still possible. But files with sensitive information like private keys and passwords generally do not use common multimedia filename extensions. It does not stop leaks via remote addresses in the LAN. The existing exploit depends on a specific decoder as well. It does appear though that the exploit should be possible with any decoder. The problem is that as long as sensitive information gets into the decoder, the output of the decoder becomes sensitive as well. The only obvious solution is to prevent access to sensitive information. Or to disable hls or possibly some of its feature. More complex solutions like checking the path to limit access to only subdirectories of the hls path may work as an alternative. But such solutions are fragile and tricky to implement portably and would not stop every possible attack nor would they work with all valid hls files. Developers have expressed their dislike / objected to disabling hls by default as well as disabling hls with local files. There also where objections against restricting remote url file extensions. This here is a less robust but also lower inconvenience solution. It can be applied stand alone or together with other solutions. limiting the check to local files was suggested by nevcairiel This recommits the security fix without the author name joke which was originally requested by Nicolas. Found-by: Emil Lerner and Pavel Cheremushkin Reported-by: Thierry Foucu <tfoucu@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* Revert "avformat/hls: Check local file extensions"Michael Niedermayer2017-06-051-17/+1
| | | | | Requested-by: Paul B Mahol <onemda@gmail.com> This reverts commit caf7d6178a4d5f24c915da48410a9790b21703aa.
* fate: add test for the Dirac low delay profileRostislav Pehlivanov2017-06-052-0/+10
| | | | Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>
* x86/aacpsdsp: optimize ff_ps_mul_pair_single_sseJames Almer2017-06-041-9/+12
| | | | ~2% faster.
* avformat/hls: Check local file extensionsSysiphus2017-06-051-1/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reduces the attack surface of local file-system information leaking. It prevents the existing exploit leading to an information leak. As well as similar hypothetical attacks. Leaks of information from files and symlinks ending in common multimedia extensions are still possible. But files with sensitive information like private keys and passwords generally do not use common multimedia filename extensions. It does not stop leaks via remote addresses in the LAN. The existing exploit depends on a specific decoder as well. It does appear though that the exploit should be possible with any decoder. The problem is that as long as sensitive information gets into the decoder, the output of the decoder becomes sensitive as well. The only obvious solution is to prevent access to sensitive information. Or to disable hls or possibly some of its feature. More complex solutions like checking the path to limit access to only subdirectories of the hls path may work as an alternative. But such solutions are fragile and tricky to implement portably and would not stop every possible attack nor would they work with all valid hls files. Developers have expressed their dislike / objected to disabling hls by default as well as disabling hls with local files. There also where objections against restricting remote url file extensions. This here is a less robust but also lower inconvenience solution. It can be applied stand alone or together with other solutions. limiting the check to local files was suggested by nevcairiel Found-by: Emil Lerner and Pavel Cheremushkin Reported-by: Thierry Foucu <tfoucu@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
OpenPOWER on IntegriCloud