These arrays are used by the Musepack decoders, the MPEG audio decoders
as well as qdm2 and up until now, these arrays might be initialized more
than once, leading to potential data races as well as unnecessary
initializations. Therefore this commit ensures that each array will only
be initialized once.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Fixes: out of array access
Fixes: 20660/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDM2_fuzzer-5658290216501248
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: index 2304 out of bounds for type 'float [2304]'
Fixes: 16332/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDM2_fuzzer-5679142481166336
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 2147483646 + 2 cannot be represented in type 'int'
Fixes: infinite loop
Fixes: 15396/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDM2_fuzzer-5116605501014016
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Instead we ask for a sample, its unclear what to do in this case.
Fixes: index 30 out of bounds for type 'int8_t [30][64]'
Fixes: 15339/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDM2_fuzzer-5749441484554240
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This avoids undefined computations with unchecked values
Fixes: shift exponent -21 is negative
Fixes: 15262/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDM2_fuzzer-5651261753393152
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This avoids the danger that get_bits.h might get indirectly #included before
BITSTREAM_READER_LE is defined.
Also sort headers into canonical order where appropriate.
Also adds a lot of infrastructure necessary for it.
Some of it is a bit ugly though.
Increases binary size for hardcoded tables by about 12 kB,
which is about 15 kB from qdm2_table minus data and code
saved that was only used for creating it.
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
Checking per subband would have the index exceed the
dithering noise table size.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
The value of coeff_per_sb_select depends on the bit rate, not on
sub_sampling.
Also remove the calculation of tmp, no longer needed.
Fixes tickets #1868 and #742 (only audio part)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The code is untested and contained bugs, we need a sample if any files
use this branch.
Suggested-by: Roberto Togni
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The read value is not used when its outside the array.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Rheinhardt
Michael Niedermayer
Luca Barbato
Diego Biurrun
Paul B Mahol
Alexandra Hájková
Adriano Pallavicino
Anton Khirnov
Vittorio Giovara
Himangi Saraogi
Reimar Döffinger
Gabriel Dume
Michael Niedermayer
Roberto Togni
Clément Bœsch
Justin Ruggles