Fixes: signed integer overflow: 1871429831 + 343006811 cannot be represented in type 'int'
Fixes: 61784/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AIC_fuzzer-5372151001120768
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b12444fe72)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
by making gain unsigned we have 1 bit more available
alternatively we can clip twice as in the g729 reference
Fixes: left shift of 23404 by 17 places cannot be represented in type 'int'
Fixes: 61728/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ACELP_KELVIN_fuzzer-6280412547383296
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6580a7b2b2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
jpeg2000 overrides the global lowres variable with a lowres field called reduction_factor
ffmpeg -lowres X causes the reduction_factor to be set
ffplay -lowres X causes both lowres and the reduction_factor to be set
ossfuss sets only lowres
only the ffmpeg variant works. This patch tries to make the other 2 work.
Alternative we could just error out if things are inconsistent.
More complex restructuring should be limited to the master branch
to keep this reasonably easy to backport
Fixes: out of array access
Fixes: 59672/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c012d1f2bb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: left shift of negative value -1
Fixes: 59889/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HUFFYUV_fuzzer-5472742275940352
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 90647a9249)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: tickets/10241/cscd_1_0_306_306_gzip.avi
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ab7d38f970)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Alternatively the check could be simply made more tolerant
Fixes: Ticket10227
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d2a0464fc2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: out of array access
Fixes: 59999/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5767982157266944
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d48476183f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
There is likely a better way to fix this, this is mainly to show the problem
Fixes: MC within same frame resulting in overlapping memcpy()
Fixes: 60189/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-4992746590175232
Fixes: 61753/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5022150806077440
Fixes: 58062/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-4717458841010176
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 94bd1796ff)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: -2147483648 + -1048576 cannot be represented in type 'int'
Fixes: 59365/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-642654923954585
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0adaa90d89)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 2079654542 - -139267653 cannot be represented in type 'int'
Fixes: 60811/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5915858409750528
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 283bf5c35b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes CRC for vlc.ape and APE_48K_24bit_2CH_02_01.ape
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 696e161919)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: -1403461578 + -843974775 cannot be represented in type 'int'
Fixes: 60868/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG1VIDEO_fuzzer-4599793035378688
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0ce322a51e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
SDR needs this for switching between mono and stereo stations
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 94d44dbe21)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This combination is not working (it writes out of array)
Reviewed-by: Tomas Härdin <git@haerdin.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9b6d191a66)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 256 * 668003712 cannot be represented in type 'int'
Fixes: 59819/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-4674636538052608
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a4bf559683)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: runtime error: pointer index expression with base 0x000000000000 overflowed to 0xfffffffffffffff8
Fixes: 58440/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5956015530311680
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a0f4d4e650)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: avcodec/takdsp.c:44:23: runtime error: signed integer overflow: -2097158 - 2147012608 cannot be represented in type 'int'
Fixes: 58417/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TAK_fuzzer-5268919664640000
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ff8a496d41)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: out of array read
Fixes: Ticket 10308
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fead656a7b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Wrapped frames contain pointers so they need specific code to
noise them, the generic code would lead to segfaults
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0889ebc577)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: index 4294967295 out of bounds for type 'uint16_t [65536]'
Fixes: 45982/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5950405086674944
Fixes: 45982/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-6666195176914944
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6e98cf0280)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: out of array access
Fixes: 45982/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TAK_fuzzer-6682195323650048
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 19b66b89da)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 2147483372 - -148624 cannot be represented in type 'int'
Fixes: 45982/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5477177805373440
Fixes: 45982/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-6681622236233728
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2632e90493)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: out of array access
Fixes: 45982/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5124452659888128
Fixes: 45982/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-6362836707442688
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 34056a94ea)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The global header should not contain a frame, and decoding it
would result in leaks
Fixes: memleak
Fixes: 45982/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APNG_fuzzer-6603443149340672
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d31d4f3228)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7117b380a7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
framebuf is only allocated when the new width/height are larger than the old
but nothing sets the old so its always allocated.
Use av_fast_mallocz() instead.
Fixes: Timeout
Fixes: 55094/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G2M_fuzzer-5116909932904448
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 38adbc6eeb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Computations like col < width - 3 will not work with unsigned width=1
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3eb4e28c26)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: left shift of negative value -1
Fixes: 57554/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFVHUFF_fuzzer-4853603839115264
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 27e7857bd1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This fixes RGB48 with libavcodec as decoder
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ad4d647591)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
BGR48 is not supported and this was probably meant to be RGB48 so this fixes
RGB48 a bit
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7fb70d27a2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 644d15716d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 816676085e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This field is only checked for being 0 or not and not zero means 5/3
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0adb375377)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f6955b6df4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: shift exponent 34 is too large for 32-bit type 'int'
Fixes: 57389/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ACELP_KELVIN_fuzzer-6229522659016704
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6d1d8609ac)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Generally if maxrate is set, the calculation should be maxrate over
bufsize. This additionally enables CRF + maxrate & bufsize usage.
In order to keep negative values from enabling zero to be treated
as larger and causing a division by zero, check that one of the
variables is larger than zero.
maximum_buffer_size_ms should only be set if both are specified or if
the user sets it through -svtav1-params buf-sz=val
Signed-off-by: Christopher Degawa <ccom@randomderp.com>
compressed_ten_bit_format has been deprecated upstream and has no effect
and can be removed. Plus, technically it was never used in the first place
since it would require the app (ffmpeg) to set it and do additional
processing of the input frames.
Also simplify alloc_buffer by removing calculations relating to the
non-existant processing.
Signed-off-by: Christopher Degawa <christopher.degawa@intel.com>
svt-av1 v1.2.0 has deprecated vbv_bufsize in favor of using
- maximum_buffer_size_ms (--buf-sz)
- starting_buffer_level_ms (--buf-initial-sz)
- optimal_buffer_level_ms (--buf-optimal-sz)
and vbv_bufsize has not been in use since svt-av1 v0.8.6
Signed-off-by: Christopher Degawa <christopher.degawa@intel.com>