summaryrefslogtreecommitdiffstats
path: root/libavcodec/diracdec.c
Commit message (Collapse)AuthorAgeFilesLines
* avcodec/diracdec: Check that slices are fewer than pixelsMichael Niedermayer2019-08-131-1/+3
| | | | | | | | Fixes: Timeout (197sec ->144ms) Fixes: 15034/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5733549405110272 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/diracdec: Fix integer overflow in global_mv()Michael Niedermayer2019-06-051-2/+2
| | | | | | | | Fixes: signed integer overflow: 16384 * 196607 cannot be represented in type 'int' Fixes: 14810/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5091232683917312 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/diracdec: Check for arith decoder errors in ↵Michael Niedermayer2019-05-271-0/+5
| | | | | | | | | | dirac_unpack_block_motion_data() Fixes: Timeout (54sec -> 188ms) Fixes: 14585/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5649933052411904 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/diracdec: Use 64bit in intermediate of global motion vector field ↵Michael Niedermayer2019-04-191-1/+1
| | | | | | | | | | | generation It seems the specification does not limit the value to 32bit Fixes: signed integer overflow: -109611143 * 24 cannot be represented in type 'int' Fixes: 13477/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5648337460527104 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/diracdec: Count truncated parts as errors in decode_component()Michael Niedermayer2019-03-171-1/+4
| | | | | | | | Fixes: Timeout (29sec -> 4sec) Fixes: 13150/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5690185671507968 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/diracdec: Correct max pixels checkMichael Niedermayer2019-03-031-1/+1
| | | | | | | | | | | Dirac internally allocates 5 images per plane and frame currently. One being the actual image the other 4 being filtered for motion compensation. Fixes: Out of memory Fixes: 12870/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5684825871089664 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/diracdec: Propagate errors from dirac_get_arith_uint()Michael Niedermayer2019-01-161-0/+2
| | | | | | | Testcase: 11663/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5636791864918016 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/diracdec: Check component quantMichael Niedermayer2018-11-271-0/+5
| | | | | | | | Fixes: Timeout Fixes: 10708/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5730140957442048 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/diracdec: check that GetBitContext has not ended in codeblock()Michael Niedermayer2018-09-281-0/+2
| | | | | | | Fixes: Timeout (part 2 of 2) Fixes: 9774/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5748957085958144 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/diracdec: Propagate errors from codeblock()Michael Niedermayer2018-09-281-15/+32
| | | | | | | | | Consider a component to be damaged if more than 50% of its subbands are damaged Fixes: Timeout (part 1 of 2) Fixes: 9774/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5748957085958144 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/diracdec: Check bytes count in else branch in decode_lowdelay() tooMichael Niedermayer2018-07-281-0/+4
| | | | | | | | Fixes: signed integer overflow: 8 * 340018243 cannot be represented in type 'int' Fixes: 9441/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5194665207791616 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/diracdec: Check slice numbers for overflows in relation to picture ↵Michael Niedermayer2018-07-281-1/+4
| | | | | | | | | | dimensions Fixes: signed integer overflow: 88 * 33685506 cannot be represented in type 'int' Fixes: 9433/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5725943535501312 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/diracdec: Change frame_number to 64bit as its a 32bit from the ↵Michael Niedermayer2018-07-281-2/+2
| | | | | | | | | | bitstream and we also have a -1 special case Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 9291/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-6324345860259840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/diracdec: Prevent integer overflow in intermediate in global_mv()Michael Niedermayer2018-07-281-2/+2
| | | | | | | | Fixes: signed integer overflow: -393471 * 5460 cannot be represented in type 'int' Fixes: 8890/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-6299775379963904 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/diracdec: Fix integer overflow in mv computationMichael Niedermayer2018-02-201-2/+2
| | | | | | | | Fixes: signed integer overflow: -2072 + -2147483646 cannot be represented in type 'int' Fixes: 6097/clusterfuzz-testcase-minimized-5034145253163008 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/diracdec: Use int64 in global mv to prevent overflowMichael Niedermayer2018-02-201-2/+2
| | | | | | | | Fixes: runtime error: signed integer overflow: 361 * -6295541 cannot be represented in type 'int' Fixes: 5911/clusterfuzz-testcase-minimized-6450382197751808 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/diracdec: Fix integer overflow with quantMichael Niedermayer2018-01-081-5/+5
| | | | | | | | | Fixes: signed integer overflow: 2 + 2147483646 cannot be represented in type 'int' Fixes: 4792/clusterfuzz-testcase-minimized-6322450775146496 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* diracdec: fix deprecated API usageNicolas Frattaroli2017-11-031-2/+10
| | | | | | | | avcodec_get_chroma_sub_sample is deprecated and generates a warning during build, so av_pix_fmt_get_chroma_sub_sample is used Signed-off-by: Nicolas Frattaroli <ffmpeg@fratti.ch> Signed-off-by: James Almer <jamrial@gmail.com>
* avcodec/diracdec: Fix overflow in DC computationMichael Niedermayer2017-09-111-1/+1
| | | | | | | | Fixes: runtime error: signed integer overflow: 11896 + 2147483646 cannot be represented in type 'int' Fixes: 3053/clusterfuzz-testcase-minimized-6355082062856192 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/diracdec: Fix integer overflow in INTRA_DC_PRED()Michael Niedermayer2017-09-021-1/+1
| | | | | | | | | Fixes: runtime error: signed integer overflow: 1168175789 + 1168178473 cannot be represented in type 'int' Fixes: 3081/clusterfuzz-testcase-minimized-4807564879462400 Fixes: 2844/clusterfuzz-testcase-minimized-5561715838156800 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/diracdec: Fixes integer overflowMichael Niedermayer2017-08-171-1/+1
| | | | | | | | Fixes: runtime error: signed integer overflow: 340018243 * 27 cannot be represented in type 'int' Fixes: 2861/clusterfuzz-testcase-minimized-5361070510178304 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/diracdec: Check perspective_exp and zrs_exp.Michael Niedermayer2017-08-171-0/+4
| | | | | | | | | Fixes: undefined shift Fixes: runtime error: shift exponent 264 is too large for 32-bit type 'int' Fixes: 2860/clusterfuzz-testcase-minimized-4672811689836544 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/diracdec: Check weight_log2denomMichael Niedermayer2017-08-011-0/+5
| | | | | | | | | | Fixes: runtime error: shift exponent -1 is negative Fixes: 2742/clusterfuzz-testcase-minimized-5724322402402304 Fixes: 2744/clusterfuzz-testcase-minimized-4672435653705728 Fixes: 2749/clusterfuzz-testcase-minimized-5298741273690112 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/diracdec: Fix integer overflow in divide3()Michael Niedermayer2017-07-291-1/+1
| | | | | | | | Fixes: runtime error: signed integer overflow: -1073746548 * 21845 cannot be represented in type 'int' Fixes: 2729/clusterfuzz-testcase-minimized-5902915464069120 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/diracdec: Fix integer overflow in signed multiplication in ↵Michael Niedermayer2017-07-281-1/+2
| | | | | | | | | | UNPACK_ARITH() Fixes: runtime error: signed integer overflow: 1073741823 * 4 cannot be represented in type 'int' Fixes: 2729/clusterfuzz-testcase-minimized-5902915464069120 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/diracdec: Check dimensions which are closer to what is allocated in ↵Michael Niedermayer2017-07-211-1/+4
| | | | | | | | | | alloc_sequence_buffers() Fixes OOM Fixes: 2674/clusterfuzz-testcase-minimized-4999700518273024 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/diracdec: Fix off by 1 error in quant checkMichael Niedermayer2017-05-251-1/+1
| | | | | | | | Fixes: out of array read Fixes: 1781/clusterfuzz-testcase-minimized-4617176877105152 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/diracdec: Factor quant matrix readsMichael Niedermayer2017-05-251-4/+3
| | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/diracdec: Fix Assertion frame->buf[0] failed at libavcodec/decode.c:610Michael Niedermayer2017-05-111-1/+1
| | | | | | | Fixes: 1487/clusterfuzz-testcase-minimized-6288036495097856 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* dirac: make initialization of arithmetic coder tables threadsafe.Ronald S. Bultje2017-03-281-1/+8
|
* diracdec: check return code of get_buffer_with_edgeAndreas Cadhalpun2016-11-041-1/+3
| | | | | | | If it fails, buffers aren't allocated, causing NULL pointer dereferencing. Reviewed-by: Rostislav Pehlivanov <atomnuker@gmail.com> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
* diracdec: clear slice_params_num_buf on allocation failureAndreas Cadhalpun2016-11-041-0/+1
| | | | | | | | | | | Otherwise it can be non-zero next time decode_lowdelay is called, causing slice_params_buf not to be allocated, leading to a NULL pointer dereference. The problem was introduced in commit dcad4677d637cd2f701917e38361fa96b8c9a418. Reviewed-by: Rostislav Pehlivanov <atomnuker@gmail.com> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
* diracdec: use correct buffer for slice_params_buf reallocAndreas Cadhalpun2016-11-041-1/+1
| | | | | | | | | | This fixes a double-free detected by AddressSanitizer. The problem was introduced in commit dcad4677d637cd2f701917e38361fa96b8c9a418. Reviewed-by: Rostislav Pehlivanov <atomnuker@gmail.com> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
* avcodec/diracdec: Check numx/yMichael Niedermayer2016-08-201-0/+5
| | | | | | | | Fixes division by 0 Fixes: 60261c4469ba3e11059890fb2832a515/asan_generic_135e694_2790_beb94eaa0aeb7d11c0437375a8964a99.drc Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* diracdec: fix unchecked byte lengthRostislav Pehlivanov2016-07-131-3/+2
| | | | | | | Also drops the start variable since it's redundant. Found by Coverity, fixes CID1363964 Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>
* diracdec: fix maximum quantization index checksRostislav Pehlivanov2016-07-131-2/+2
| | | | | | Found by Coverity, fixes CID1363961 and CID1363962 Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>
* diracdec: fix #coeffs -> byte conversionRostislav Pehlivanov2016-07-121-2/+2
| | | | Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>
* diracdec: do not memset the entire coefficient buffer for HQ picturesRostislav Pehlivanov2016-07-111-3/+5
| | | | | | This is now handled by the slice decoding function. Signed-off-by: Rostislav Pehlivanov <rpehlivanov@obe.tv>
* diracdec: do not allocate and free slice parameters every frameRostislav Pehlivanov2016-07-111-14/+22
| | | | Signed-off-by: Rostislav Pehlivanov <rpehlivanov@obe.tv>
* diracdec: implement a LUT-based Golomb code parserRostislav Pehlivanov2016-07-111-12/+13
| | | | | | | | Still much left to optimize, but it provides a significant performance improvement - 10% for 300Mbps (1080p30), 25% for 1.5Gbps (4k 60fps) in comparison with the default implementation. Signed-off-by: Rostislav Pehlivanov <rpehlivanov@obe.tv>
* diracdec: rewrite HQ slice decodingRostislav Pehlivanov2016-07-111-15/+111
| | | | | | | | | | | | Now coefficients are written to a buffer and are then dequantized by the new SIMD dequantization functions. For the lower bands without enough coefficients to fill a register (and hence they overwrite) the C version of the dequantization function is used. The buffer is per-thread and will be realloc'd if anything changes. This prevents regressions and having to limit slice size. Signed-off-by: Rostislav Pehlivanov <rpehlivanov@obe.tv>
* diractab: expose the maximum quantization index as a macroRostislav Pehlivanov2016-07-111-4/+4
| | | | | | | Prevents having to have random magic values in the decoder and a separate macro in the encoder. Signed-off-by: Rostislav Pehlivanov <rpehlivanov@obe.tv>
* diracdec: decode HQ profile slices in rowsRostislav Pehlivanov2016-07-111-2/+11
| | | | | | Siginificantly improves the performance. Signed-off-by: Rostislav Pehlivanov <rpehlivanov@obe.tv>
* diracdec: simplify golomb parsing and dequantizationRostislav Pehlivanov2016-07-111-47/+6
| | | | | | | | In preparation for the following commits, this commit simplifies the coefficient parsing and dequantization function. It was needlessly inlined without much performance gain. Signed-off-by: Rostislav Pehlivanov <rpehlivanov@obe.tv>
* Merge commit '4024b566d664a4b161d677554be52f32e7ad4236'Hendrik Leppkes2016-06-261-28/+28
| | | | | | | * commit '4024b566d664a4b161d677554be52f32e7ad4236': golomb: Give svq3_get_se_golomb()/svq3_get_ue_golomb() better names Merged-by: Hendrik Leppkes <h.leppkes@gmail.com>
* avcodec/diracdec: Fix potential integer overflowMichael Niedermayer2016-05-191-2/+2
| | | | | | Fixes CID1361948 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/diracdec: check bitstream size related fields for overflowsMichael Niedermayer2016-03-281-5/+21
| | | | | | | | Fixes segfault Fixes Ticket5333 Regression since bfc8a4dabe5a0154b31128b59dca575010176441 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* diracdec: Pass DWTPlane to dwt initTimothy Gu2016-02-071-2/+2
|
* diracdec: Split DWTPlane struct from PlaneTimothy Gu2016-02-071-26/+21
|
* dirac_dwt: Rename init2 to initTimothy Gu2016-02-071-2/+2
| | | | The functions are all private.
OpenPOWER on IntegriCloud