summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* avcodec/g723_1dec: Fix LCG typeMichael Niedermayer2017-05-141-1/+1
| | | | | | | Fixes: 1567/clusterfuzz-testcase-minimized-5693653555085312 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avfilter/af_compand: fix default companding to avoid clippingPaul B Mahol2017-05-142-2/+2
| | | | Signed-off-by: Paul B Mahol <onemda@gmail.com>
* avcodec/ffv1dec: Fix runtime error: signed integer overflow: 1550964438 + ↵Michael Niedermayer2017-05-131-1/+2
| | | | | | | | | | 1550964438 cannot be represented in type 'int' Fixes: 1559/clusterfuzz-testcase-minimized-5048096079740928 Fixes: 1560/clusterfuzz-testcase-minimized-6011037813833728 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/webp: Fix signedness in prefix_code checkMichael Niedermayer2017-05-131-1/+1
| | | | | | | | Fixes: out of array read Fixes: 1557/clusterfuzz-testcase-minimized-6535013757616128 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/svq3: Fix runtime error: signed integer overflow: 169 * 12717677 ↵Michael Niedermayer2017-05-131-1/+1
| | | | | | | | | cannot be represented in type 'int' Fixes: 1556/clusterfuzz-testcase-minimized-5027865978470400 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mlpdec: Check that there is enough data for headersMichael Niedermayer2017-05-131-0/+5
| | | | | | | | Fixes: out of array access Fixes: 1541/clusterfuzz-testcase-minimized-6403410590957568 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ac3dec: Keep track of band structureMichael Niedermayer2017-05-132-12/+17
| | | | | | | | | It is needed in some corner cases that seem not to be forbidden Fixes: out of array index Fixes: 1538/clusterfuzz-testcase-minimized-4696904925446144 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/webp: Add missing input paddingMichael Niedermayer2017-05-131-1/+1
| | | | | | | Fixes: 1536/clusterfuzz-testcase-minimized-5973925404082176 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/aacdec_fixed: Fix runtime error: left shift of negative value -1Michael Niedermayer2017-05-131-5/+5
| | | | | | | Fixes: 1535/clusterfuzz-testcase-minimized-5826695535788032 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/aacsbr_template: Do not change bs_num_env before its checkedMichael Niedermayer2017-05-131-13/+15
| | | | | | | | Fixes: 1489/clusterfuzz-testcase-minimized-5075102901207040 Fixes: out of array access Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wavpack: Fix runtime error: signed integer overflow: 2147483642 + ↵Michael Niedermayer2017-05-131-2/+2
| | | | | | | | | 512 cannot be represented in type 'int' Fixed: 1453/clusterfuzz-testcase-minimized-5024976874766336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/scpr: Fix multiple runtime error: index 256 out of bounds for type ↵Michael Niedermayer2017-05-131-0/+3
| | | | | | | | | 'unsigned int [256]' Fixes: 1519/clusterfuzz-testcase-minimized-5286680976162816 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/h264_cavlc: Fix runtime error: index -1 out of bounds for type 'VLC [15]Michael Niedermayer2017-05-131-15/+15
| | | | | | | Fixes: 1513/clusterfuzz-testcase-minimized-6246484833992704 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mlp: Fix multiple runtime error: left shift of negative value -1Michael Niedermayer2017-05-132-5/+5
| | | | | | | Fixes: 1512/clusterfuzz-testcase-minimized-4713846423945216 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avfilter: don't anonymously typedef structsPaul B Mahol2017-05-1392-116/+116
| | | | Signed-off-by: Paul B Mahol <onemda@gmail.com>
* x86/float_dsp: remove usage of integer instructionsJames Almer2017-05-121-7/+7
|
* avcodec/rangecoder: Fix range coder corner case handlingMichael Niedermayer2017-05-131-1/+1
| | | | | | | Fixes: 1511/clusterfuzz-testcase-minimized-5906663800307712 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dds: Fix runtime error: left shift of 210 by 24 places cannot be ↵Michael Niedermayer2017-05-131-1/+1
| | | | | | | | | represented in type 'int' Fixes: 1510/clusterfuzz-testcase-minimized-5826231746428928 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/rscc: Check pixel_size for overflowMichael Niedermayer2017-05-131-0/+6
| | | | | | | Fixes: 1509/clusterfuzz-testcase-minimized-5129419876204544 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/fmvc: Check nb_blocksMichael Niedermayer2017-05-131-0/+3
| | | | | | | | Fixes: out of array read Fixes: 1508/clusterfuzz-testcase-minimized-5011336327069696 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hq_hqadsp: Fix runtime error: signed integer overflow: 80359 * 30274 ↵Michael Niedermayer2017-05-131-1/+1
| | | | | | | | | cannot be represented in type 'int' Fixes: 1507/clusterfuzz-testcase-minimized-4955228300378112 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/cavsdec: Fix runtime error: signed integer overflow: 31 + 2147483640 ↵Michael Niedermayer2017-05-131-1/+1
| | | | | | | | | cannot be represented in type 'int' Fixes: 1506/clusterfuzz-testcase-minimized-5401272918212608 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/xpmdec: Fix multiple pointer/memory issuesMichael Niedermayer2017-05-121-7/+30
| | | | | | | | | Most of these were found through code review in response to fixing 1466/clusterfuzz-testcase-minimized-5961584419536896 There is thus no testcase for most of this. The initial issue was Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* libavcodec/exr : cosmetics variable nameMartin Vignali2017-05-121-10/+10
| | | | | | rename tile variable to better follow ffmpeg coding style Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/avpacket: allow only one element per type in packet side dataJames Almer2017-05-121-1/+12
| | | | | | | | | | It was never meant to do otherwise, as av_packet_get_side_data() returns the first entry it finds of a given type. Based on code from libavformat's av_stream_add_side_data(). Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: James Almer <jamrial@gmail.com>
* avfilter/aeval: remove comment that was left from some other filePaul B Mahol2017-05-121-1/+0
| | | | Signed-off-by: Paul B Mahol <onemda@gmail.com>
* avfilter/aeval: free input frame on errorPaul B Mahol2017-05-121-1/+3
| | | | Signed-off-by: Paul B Mahol <onemda@gmail.com>
* avfilter/af_astats: add RMS difference tooPaul B Mahol2017-05-122-2/+18
| | | | Signed-off-by: Paul B Mahol <onemda@gmail.com>
* avfilter/vf_pad: revert part of 57c3670896c69714caPaul B Mahol2017-05-121-1/+4
| | | | Signed-off-by: Paul B Mahol <onemda@gmail.com>
* avcodec/vp8dsp: vp7_luma_dc_wht_c: Fix multiple runtime error: signed ↵Michael Niedermayer2017-05-121-9/+10
| | | | | | | | | integer overflow: -1366381240 + -1262413604 cannot be represented in type 'int' Fixes: 1440/clusterfuzz-testcase-minimized-5785716111966208 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/avcodec: Limit the number of side data elements per packetMichael Niedermayer2017-05-122-1/+14
| | | | | | | | | Fixes: 1293/clusterfuzz-testcase-minimized-6054752074858496 See: [FFmpeg-devel] [PATCH] avcodec/avcodec: Limit the number of side data elements per packet Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/texturedsp: Fix runtime error: left shift of 255 by 24 places cannot ↵Michael Niedermayer2017-05-121-1/+1
| | | | | | | | | be represented in type 'int' Fixes: 1505/clusterfuzz-testcase-minimized-4561688818876416 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/g723_1dec: Fix runtime error: left shift of negative value -1Michael Niedermayer2017-05-121-2/+2
| | | | | | | Fixes: 1504/clusterfuzz-testcase-minimized-6249212138225664 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wmv2dsp: Fix runtime error: signed integer overflow: 181 * -17047030 ↵Michael Niedermayer2017-05-121-2/+2
| | | | | | | | | cannot be represented in type 'int' Fixes: 1503/clusterfuzz-testcase-minimized-5369271855087616 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avfilter: add acopy filterPaul B Mahol2017-05-124-1/+68
| | | | Signed-off-by: Paul B Mahol <onemda@gmail.com>
* avcodec/diracdec: Fix Assertion frame->buf[0] failed at libavcodec/decode.c:610Michael Niedermayer2017-05-111-1/+1
| | | | | | | Fixes: 1487/clusterfuzz-testcase-minimized-6288036495097856 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mss3: Fix runtime error: signed integer overflow: -2146318336 - ↵Michael Niedermayer2017-05-111-1/+2
| | | | | | | | | | | 2139696256 cannot be represented in type 'int' Fix is similar to rac_get_model_sym() Fixes: 1483/clusterfuzz-testcase-minimized-6386507814273024 Fixes: 1485/clusterfuzz-testcase-minimized-6639880215986176 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/golomb: Fix runtime error: left shift of 1 by 31 places cannot be ↵Michael Niedermayer2017-05-111-1/+1
| | | | | | | | | represented in type 'int' Fixes: 1481/clusterfuzz-testcase-minimized-5264379509473280 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/msmpeg4dec: Check for cbpy VLC errorsMichael Niedermayer2017-05-111-2/+13
| | | | | | | | Fixes: runtime error: left shift of negative value -1 Fixes: 1480/clusterfuzz-testcase-minimized-5188321007370240 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/cllc: Check num_bitsMichael Niedermayer2017-05-111-0/+7
| | | | | | | | Fixes: runtime error: shift exponent -2 is negative Fixes: 1479/clusterfuzz-testcase-minimized-6638493360979968 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/cllc: Factor VLC_BITS/DEPTH out, do not use repeated literal numbersMichael Niedermayer2017-05-111-7/+11
| | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* doc/libav-merge: mention the skipped AVFrame crop fields usage commitsJames Almer2017-05-111-0/+5
|
* Merge commit '1202b712690c14f0efb06e4ad8b06c5b3df6822a'James Almer2017-05-110-0/+0
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * commit '1202b712690c14f0efb06e4ad8b06c5b3df6822a': theora: export cropping information instead of handling it internally h264dec: export cropping information instead of handling it internally h264dec: be more explicit in handling container cropping hevcdec: export cropping information instead of handling it internally This commit is a noop. This changes the cropping behavior, when it's supposedly only meant to move it outside of the decoder. See https://ffmpeg.org/pipermail/ffmpeg-devel/2017-May/211239.html for the discussion about it. Merged-by: James Almer <jamrial@gmail.com>
| * theora: export cropping information instead of handling it internallyAnton Khirnov2017-01-121-14/+9
| |
| * h264dec: export cropping information instead of handling it internallyAnton Khirnov2017-01-124-34/+27
| |
| * h264dec: be more explicit in handling container croppingAnton Khirnov2017-01-123-4/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | The current condition can trigger in cases where it shouldn't, with unexpected results. Make sure that: - container cropping is really based on the original dimensions from the caller - those dimenions are discarded on size change The code is still quite hacky and eventually should be deprecated and removed, with the decision about which cropping is used delegated to the caller.
| * hevcdec: export cropping information instead of handling it internallyAnton Khirnov2017-01-126-45/+24
| |
* | avcodec/scpr: Check y in first line loop in decompress_i()Michael Niedermayer2017-05-111-0/+3
| | | | | | | | | | | | | | | | Fixes: out of array access Fixes: 1478/clusterfuzz-testcase-minimized-5285486908145664 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* | avcodec/dvbsubdec: Check entry_idMichael Niedermayer2017-05-111-2/+2
| | | | | | | | | | | | | | | | Fixes: randomly writing over the array end Fixes: 1473/clusterfuzz-testcase-minimized-5768907824562176 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* | avcodec/aacdec_fixed: Fix multiple shift exponent 33 is too large for 32-bit ↵Michael Niedermayer2017-05-111-1/+5
| | | | | | | | | | | | | | | | | | type 'int' Fixes: 1471/clusterfuzz-testcase-minimized-6376460543590400 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
OpenPOWER on IntegriCloud