Fixes: use of uninitialized memory
Fixes: 428969823/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFV1_DEC_fuzzer-5909681623334912
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: use of uninitialized meory
Fixes: 428034093/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_UTVIDEO_DEC_fuzzer-6195630160805888
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Simple parser that only parses frame information.
This helps avoid requiring the software decoder on init to decode a
single frame, since the decoder can be quite slow.
Fixes: out of array access
Fixes: BIGSLEEP-436510316/dwa_uncompress_write.exr
Found-by: Google Big Sleep
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: out of array read
Fixes: BIGSLEEP-436510153/dwa_uncompress_read.exr
Found-by: Google Big Sleep
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Add av_free() to free s.temp_dwt_buffer and s.temp_idwt_buffer at the end of the function to avoid memory leak.
Fixes: 5d48e4eafa ("Merge commit 'a6a750c7ef240b72ce01e9653343a0ddf247d196'")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Move av_malloc() after the check for subsampling to avoid memory leak if subsampling < 0 and av_malloc() succeeds.
Fixes: a41a2efc85 ("lavc/videotoolbox: add VP9 hardware acceleration")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
In general, a provider code corresponds to a company/organization, and
the name should be that of the company, not of a given feature.
The feature is signalled in the "provider oriented code".
The exception is HDR Vivid, where the code 0x0004 indicates the HDR Vivid
feature itself rather than CUVA (China UHD Video Industry Alliance),
according to the UHD World Associations 'HDR Video Technology Part 2-1
Application Guide to System Integration' document.
ITU_T_T35_PROVIDER_CODE_CUVA -> ITU_T_T35_PROVIDER_CODE_HDR_VIVID
ITU_T_T35_PROVIDER_CODE_LCEVC-> ITU_T_T35_PROVIDER_CODE_VNOVA
ITU_T_T35_PROVIDER_CODE_SMTPE -> ITU_T_T35_PROVIDER_CODE_SAMSUNG
Signed-off-by: Maryla Ustarroz-Calonge <maryla@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
ITU-T T.35 provider codes are attributed by national bodies and it's
possible to have collisions across countries. This is why the country code
must always be checked as well.
Use if statements rather than nested switches which would be unreadable.
Signed-off-by: Maryla Ustarroz-Calonge <maryla@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This is in preparation to change the switch statement to if/else.
Signed-off-by: Maryla Ustarroz-Calonge <maryla@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
current->num_tile_columns is not updated in the loop, so the existing
check was not working. Check current index instead and break. This also
simplifies duplicated log.
Fixes: 435225531/clusterfuzz-testcase-minimized-ffmpeg_BSF_VVC_METADATA_fuzzer-6639684232216576
Found-by: OSS-Fuzz
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
ff_vvc_palette_escape_val() can return AVERROR in which case the
coeff*scale will overflow.
Fixes: runtime error: signed integer overflow: -1094995529 * 6528 cannot
be represented in type 'int'
Fixes: 435225406/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VVC_fuzzer-5118570024730624
Found-by: OSS-Fuzz
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
Commit f566032bfd added frame validation.
Since then this decoder has been failing validation of sample rate
value.
Found by OSS-Fuzz.
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
Commit f566032bfd added frame validation.
Since then this decoder has been failing validation of sample rate
value.
Found by OSS-Fuzz.
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
Commit f566032bfd added frame validation.
Since then this decoder has been failing validation of sample rate
value.
Found by OSS-Fuzz.
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
Commit f566032bfd added frame validation.
Since then this decoder has been failing validation of sample rate
value.
Found by OSS-Fuzz.
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
As noted in the code in several places, some DVB subtitle decoders
don't handle 2bpp color. This patch adds a min_bpp option which
sets a lower bound on the number of bits-per-pixel in the color
tables. It defaults to 4 to avoid the problematic 2bpp decoders.
Signed-off-by: Ronan Waide <waider@waider.ie>
If a supported tag has a class, e.g "<i.bold>" it is ignored entirely;
so for example "<i.bold>Hello</i>" would be converted to "Hello{\i0}"
instead of the intended "{\i1}Hello{\i0}".
Signed-off-by: Leon Grutters <gruttersleonbot2@gmail.com>
Add check for the return value of avcodec_alloc_context3() to avoid potential NULL pointer dereference.
Fixes: 5d48e4eafa ("Merge commit 'a6a750c7ef240b72ce01e9653343a0ddf247d196'")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Add av_packet_free() to free avpkt_clone and avpkt in the error paths to avoid potential memory leak.
Fixes: da3c69a5a9 ("Added test for libavcodec/avpacket.c")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Add av_free() to free extra_data if av_packet_add_side_data() fails.
Fixes: da3c69a5a9 ("Added test for libavcodec/avpacket.c")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The end of 8-bit/pixel_code_string() is signalled with two zero bytes, so we
should read those from the buffer instead of one. We keep supporting though our
own buggy encoder which only put one zero byte there.
Signed-off-by: Marton Balint <cus@passwd.hu>
Initially, avcodec/srtenc.c was outputting CRLF [1]. Later, a real SRT
muxer was added [2], which outputs LF. The original srtenc.c was
converted to use the muxer [3], changing its output to LF, except for
newline characters within subtitle text.
Fix this to avoid producing SRT files with mixed line endings.
[1] 8e43b6fed9
[2] 9e63c30daa
[3] 55180b3299
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
Fixes: use of uninintilaized memory
Fixes: 423673969/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VQA_fuzzer-6235973619351552
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: use of uninitialized memory
Fixes: 423673969/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-6651797156724736
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: use of uninitialized memory
Fixes: 423673969/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IAC_fuzzer-6685890556788736
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: use of uninintialized memory
Fixes: 423673969/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CRI_fuzzer-5910856640823296
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: use of uninitialized memory
Fixes: 423673969/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_NOTCHLC_fuzzer-5597015691296768
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: Use of uninitialized memory
Fixes: 423673969/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FITS_DEC_fuzzer-5602250833854464
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Consider the following sequence of NALUs (with some PPSs etc. omitted
for brevity):
1. SPS (ID=0, content=A)
2. IDR (SPS=0)
3. IDR (SPS=0)
4. SPS (ID=0, content=B)
5. TRAIL (SPS=0)
When decode_sps is called for NALU 3., ps->sps_id_used is cleared as
IDRs are one way of forming a CLVSS. Then, old_sps is non-NULL
containing the result of calling decode_sps for NALU 2. We haven't
received any SPSs between NALUs 2. and 3., therefore old_sps and rsps
are identical and the function returns. The issue is that, at this
point, ps->sps_id_used is still zero despite the SPS being used for IDR
3. This results in the check for conflicting SPSs not working properly
when decode_sps is called for NALU 5., allowing prediction between
pictures with different SPSs and probably all sorts of other
shenanigans.
Patch addresses the problem outlined above by also setting
ps->sps_id_used in the early return case.
