Commit Graph

37107 Commits

Author SHA1 Message Date
Michael Niedermayer 63e400a880 avcodec/pictordec: Check plane value before doing value/mask computations
Fixes integer overflow
Fixes: 675/clusterfuzz-testcase-6722971232108544

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-02-28 01:13:52 +01:00
Michael Niedermayer 25e93aacc2 avcodec/mpeg4videodec: Fix runtime error: left shift of negative value -2650
Fixes: 674/clusterfuzz-testcase-6713275880308736

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-02-28 01:13:52 +01:00
Michael Niedermayer 4ea7744859 avcodec/h264idct_template: Fix multiple runtime error: signed integer overflow
Fixes: 677/clusterfuzz-testcase-6635120628858880

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Reviewed-by: Steven Liu <lingjiujianke@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-02-28 01:13:52 +01:00
Paul B Mahol 26a7d6a301 avcodec/qdrw: check bytes per scanline for 2bpp images
One byte less is read in case of small width.
Closes #6194.

Signed-off-by: Paul B Mahol <onemda@gmail.com>
2017-02-27 14:17:51 +01:00
Paul B Mahol 86ab6b6e08 avcodec/scpr: check if total_freq is 0 in decode0
Fixes SIGFPE, closes #6196.

Signed-off-by: Paul B Mahol <onemda@gmail.com>
2017-02-27 13:55:15 +01:00
James Darnley 33de0fee2c avcodec/h264: enable sse2 chroma deblock/loop filter functions
Between 1.00 and 1.16 times faster on Intel Yorkfield Core 2 Quad.
Between 1.11 and 1.39 times faster on Intel Kaby Lake Pentium.
2017-02-27 13:22:06 +01:00
James Darnley cd893b9307 avcodec/h264: add avx 8-bit 4:2:2 chroma h intra deblock/loop filter
~1.37x faster (147 vs. 108 cycles) compared to mmxext function
2017-02-27 13:22:06 +01:00
James Darnley 0e16b3e2be avcodec/h264: add avx 8-bit 4:2:0 chroma h intra deblock/loop filter
~1.10x faster (69 vs. 63 cycles) compared to mmxext function
2017-02-27 13:22:06 +01:00
James Darnley 987ffe4b8d avcodec/h264: add avx 8-bit chroma v intra deblock/loop filter
~1.14x faster (90 vs 78 cycles) compared with mmxext
2017-02-27 13:22:06 +01:00
James Darnley 88307b3eec avcodec/h264: add avx 8-bit 4:2:2 chroma h deblock/loop filter
~1.21x faster (68 vs. 56 cycles) compared with mmxext function
2017-02-27 13:22:06 +01:00
James Darnley ac096fc82d avcodec/h264: add avx 8-bit 4:2:0 chroma h deblock/loop filter
~1.14x faster (93 vs. 81 cycles) compared with mmxext function
2017-02-27 13:22:06 +01:00
James Darnley 5c56758843 avcodec/h264: add avx 8-bit chroma v deblock/loop filter
~1.24x faster (101 vs. 81 cycles) compared with mmxext function
2017-02-27 13:22:06 +01:00
Carl Eugen Hoyos 1e298e7724 lavc/svq3: Remove an unused function. 2017-02-27 13:10:41 +01:00
Paul B Mahol 3a7f8d2a1f avcodec/qdrw: consume bytes when end is reached for 8bpp case
This should really be part of previous commit.

Signed-off-by: Paul B Mahol <onemda@gmail.com>
2017-02-27 12:04:15 +01:00
Paul B Mahol 1dcf91f2d3 avcodec/qdrw: fix decoding of odd sized images for 8bpp
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2017-02-27 11:49:59 +01:00
Paul B Mahol dc78696ea4 avcodec/qdrw: fix decoding odd size images for 2bpp and 4bpp
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2017-02-27 11:39:36 +01:00
Paul B Mahol 05aa53dc55 avcodec/qdrw: fix decoding odd size images for 16bit case
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2017-02-27 11:24:43 +01:00
Paul B Mahol 6d856b2579 avcodec/scpr: add support for older version
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2017-02-26 22:09:54 +01:00
Michael Niedermayer 7e9ba78f6b avcodec/flacdsp: Fix: runtime error: signed integer overflow: -1027555328 + -1226681270 cannot be represented in type 'int'
Fixes: 673/clusterfuzz-testcase-5948736536576000

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-02-26 17:16:22 +01:00
Michael Niedermayer 87eb374970 avcodec/eac3dec: Fix runtime error: left shift of negative value -3
Fixes: 672/clusterfuzz-testcase-5595018867769344

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-02-26 17:16:22 +01:00
Michael Niedermayer aff8cf18cb avcodec/mpeg12dec: Fix runtime error: left shift of negative value -2
671/clusterfuzz-testcase-4990381827555328

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-02-26 17:16:22 +01:00
Michael Niedermayer 0716bcce5b avcodec/ituh263dec: Check for the bitstream end in ff_h263_decode_mb()
Fixes invalid shift

Fixes: 670/clusterfuzz-testcase-4852021066727424

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-02-26 17:16:22 +01:00
Michael Niedermayer 58f3469cc6 avcodec/wavpack: Fix 280:22: runtime error: left shift of negative value -1
Fixes: 653/clusterfuzz-testcase-5773837415219200
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-02-25 22:02:23 +01:00
Michael Niedermayer 5eb04570f6 avcodec/wavpack: Check post_shift
Fixes: runtime error: shift exponent 34 is too large for 32-bit type 'int'

Fixes: 653/clusterfuzz-testcase-5773837415219200

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-02-25 22:02:23 +01:00
Michael Niedermayer d34bf886e9 avcodec/vp56: Implement very basic error concealment
This should fix the fate failure due to a truncated last frame.
Alternatively the frame could be dropped.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-02-25 13:09:50 +01:00
Michael Niedermayer 6bd79ba59f avcodec/amrwbdec: Fix 2 runtime errors: left shift of negative value -1
Fixes: 669/clusterfuzz-testcase-4847965409640448

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-02-25 02:20:35 +01:00
Michael Niedermayer 310d2af319 avcodec/pngdec: Fix runtime error: left shift of 152 by 24 places cannot be represented in type 'int'
Fixes: 666/clusterfuzz-testcase-6581447227867136

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-02-25 01:43:53 +01:00
Michael Niedermayer 513a349439 avcodec/vp56: Fix sign typo
Fixes: 664/clusterfuzz-testcase-4917047475568640

The change to fate is due to a truncated last frames which is now detected as damaged.

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-02-24 22:23:53 +01:00
Michael Niedermayer 5d81616be3 avcodec/mpegaudiodec_template: Correct return code on id3 tag discarding
Fixes: 665/clusterfuzz-testcase-4863789881098240

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-02-24 22:23:53 +01:00
Rostislav Pehlivanov 70259737cb opus_pvq: prevent division by 0
res was 0 and divided K which made it infinity which caused K to
overflow.

Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>
2017-02-24 19:14:55 +00:00
Paul B Mahol e01c32f260 avcodec/scpr: remove 4 dead store
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2017-02-24 19:49:39 +01:00
Paul B Mahol c583e701bd avcodec/fmvc: initialize opcode to 0
It shouldn't really matter but it doesn't hurt.

Signed-off-by: Paul B Mahol <onemda@gmail.com>
2017-02-24 15:50:16 +01:00
Paul B Mahol 0a28c50506 avcodec/scpr: improve motion vectors checking for out of buffer write
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2017-02-24 15:27:19 +01:00
Michael Niedermayer 2b8b7921c5 avcodec/vp3dsp: Fix multiple signed integer overflow: 46341 * 47523 cannot be represented in type 'int'
Fixes: 664/clusterfuzz-testcase-4917047475568640

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-02-24 14:12:13 +01:00
Michael Niedermayer 8696f25444 avcodec/rv34: Simplify and factor get_slice_offset() code
This also fixes several integer overflows by checking each value before
use.
Fixes: 662/clusterfuzz-testcase-4898131432964096

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-02-24 14:12:12 +01:00
Paul B Mahol 178cd50c47 avcodec/scpr: make sure that component value is <= 0x1F for 16 bpc
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2017-02-24 12:02:48 +01:00
Paul B Mahol fa3e49568d avcodec/aic: unbreak decoding of files with slice_width != 16
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2017-02-24 11:35:02 +01:00
Carl Eugen Hoyos 560f5188c6 lavc/utils: Make second parameter to apply_param_change() const.
Fixes a compilation warning:
passing argument 2 of ‘apply_param_change’ discards ‘const’ qualifier from pointer target type
2017-02-24 11:04:37 +01:00
Rostislav Pehlivanov f19442c069 opus_pvq: remove unneeded assert
Since the PVQ search has been well fuzzed and is guaranteed to never
break SUM(abs(y[])) == K, the assert is no longer needed.
Also the assert only prevented coding the wrong vector index but didn't
prevent crashes during searching for it, which made the assert rather
informational than practical.

Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>
2017-02-24 07:06:59 +00:00
Rostislav Pehlivanov 22b8ada7b5 opus_pvq: improve PVQ search for low Ks
Since the probelm mentioned only happened when the phase was negative
(e.g. the sum had to be decreased), only discarding dimensions with a
zero pulse in that case restored the search's previously low distortion
at low Ks when the phase is never negative.

Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>
2017-02-24 07:03:12 +00:00
Michael Niedermayer 0d85c7bb5a avcodec/ituh263dec: Fix runtime error: left shift of 1342177279 by 1 places cannot be represented in type 'int'
Fixes: 659/clusterfuzz-testcase-5866673603084288

Huge DMV could be created by an encoder ignoring the spec

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-02-24 00:38:45 +01:00
Michael Niedermayer e98dfeb27c avcodec/jpeglsdec: check shift for values that cause overflow later
Fixes: 657/clusterfuzz-testcase-6674741433729024
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-02-24 00:38:45 +01:00
Michael Niedermayer 76ba09d182 avcodec/mpeg4videodec: Check the other 3 sprite points for intermediate overflows
This is not necessarily specific to fuzzed files

Fixes: Multiple integer overflows
Fixes: 656/clusterfuzz-testcase-6463814516080640
Fixes: 658/clusterfuzz-testcase-6691260146384896

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-02-24 00:38:45 +01:00
Paul B Mahol 20789372da avcodec/shorten: support decoding AIFF-C variant
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2017-02-23 23:03:27 +01:00
Paul B Mahol 45ed942e7e avcodec/scpr: improve check for out of range motion vectors
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2017-02-23 19:45:12 +01:00
Paul B Mahol 95a5af446b avcodec/scpr: check that current row is in valid range
Stops writing out of dst array.

Signed-off-by: Paul B Mahol <onemda@gmail.com>
2017-02-23 18:46:24 +01:00
Paul B Mahol fd7af82c53 avcodec/scpr: do not allow out of array access for 16bit case
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2017-02-23 17:22:01 +01:00
Paul B Mahol f062947261 avcodec/qdrw: do better w/h parsing for direct bit packing
Apparently using 0x0001 opcode solely is not correct.
Try this instead.

Signed-off-by: Paul B Mahol <onemda@gmail.com>
2017-02-23 15:20:24 +01:00
Rick Kern dcd3418a35 lavc/videotoolboxenc: check for dictionary key symbols
Fixes #6081. Some dictionary keys are not present on OS X 10.8.
This loads the symbols and uses a default value if not present.

Signed-off-by: Rick Kern <kernrj@gmail.com>
2017-02-23 00:05:01 -05:00
Michael Niedermayer 9568b2e425 avcodec/h264_ps: Check chroma_qp_index_offset
Fixes: 647/clusterfuzz-testcase-5195745823031296

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Reviewed-by: BBB
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-02-23 02:37:55 +01:00