Michael Niedermayer
5ce3c9eadc
avcodec/smacker: cleanup on errors in smka_decode_frame()
...
Fixes: multiple memleaks
Fixes: 17660/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMACKAUD_fuzzer-5689769928949760
Fixes: 18064/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMACKAUD_fuzzer-5631086809317376
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 years ago
Michael Niedermayer
033d2c4884
avcodec/smacker: Fix integer overflow in signed int multiply in SMK_BLK_FILL
...
Fixes: signed integer overflow: 238 * 16843009 cannot be represented in type 'int'
Fixes: 16958/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMACKER_fuzzer-5193905355620352
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 years ago
James Almer
9ea6d2149e
avcodec/decode: add a flags parameter to ff_reget_buffer()
...
Some decoders may not need a writable buffer in some specific cases, but only
a reference to the existing buffer with updated frame properties instead, for
the purpose of returning duplicate frames. For this, the
FF_REGET_BUFFER_FLAG_READONLY flag is added, which will prevent potential
allocations and buffer copies when they are not needed.
Signed-off-by: James Almer <jamrial@gmail.com>
5 years ago
Michael Niedermayer
1c9a56b139
avcodec/smacker: Check that not all tables are skiped
...
If all tables are skipped it would be impossible to encode any
"non black" video.
Fixes: Timeout (78sec -> 1ms)
Fixes: 15821/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMACKER_fuzzer-5652598838788096
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 years ago
Andreas Cadhalpun
0ccddbad20
smacker: limit recursion depth of smacker_decode_bigtree
...
This fixes segmentation faults due to stack-overflow caused by too deep
recursion.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Sean McGovern <gseanmcg@gmail.com>
7 years ago
Michael Niedermayer
cd4663dc80
smacker: add sanity check for length in smacker_decode_tree()
...
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Bug-Id: 1098
Cc: libav-stable@libav.org
Signed-off-by: Sean McGovern <gseanmcg@gmail.com>
7 years ago
Diego Biurrun
5edded9df3
smacker: Improve error handling
...
Return sensible error values and forward error codes.
8 years ago
Michael Niedermayer
b98f082d8d
smacker: Check that the data size is a multiple of a sample vector
...
Fixes out of array access
Fixes: ce19e41f0ef1e52a23edc488faecdb58/asan_heap-oob_2504e97_4202_ffa0df1baed14022b9bfd4f8ac23d0cb.smk
Bug-Id: CVE-2015-8365
CC: libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4a9af07a49
)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
8 years ago
Luca Barbato
73fc82f343
vlc: Add header #include when the types are used
...
Do not rely on indirectly including it from bitstream.h.
Signed-off-by: Diego Biurrun <diego@biurrun.de>
8 years ago
Diego Biurrun
a25dac976a
Use bitstream_init8() where appropriate
8 years ago
Alexandra Hájková
6efbc88a5c
smacker: Convert to the new bitstream reader
8 years ago
Andreas Cadhalpun
946ecd19ea
smacker: limit recursion depth of smacker_decode_bigtree
...
This fixes segmentation faults due to stack-overflow caused by too deep
recursion.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
8 years ago
Diego Biurrun
b668662939
get_bits: Move BITSTREAM_READER_LE definition before all relevant #includes
...
This avoids the danger that get_bits.h might get indirectly #included before
BITSTREAM_READER_LE is defined.
Also sort headers into canonical order where appropriate.
9 years ago
Diego Biurrun
6b96d2dcda
cosmetics: Drop particularly redundant silly comments
9 years ago
Michael Niedermayer
4a9af07a49
avcodec/smacker: Check that the data size is a multiple of a sample vector
...
Fixes out of array access
Fixes: ce19e41f0ef1e52a23edc488faecdb58/asan_heap-oob_2504e97_4202_ffa0df1baed14022b9bfd4f8ac23d0cb.smk
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
9 years ago
Michael Niedermayer
21d8c6612f
avcodec/smacker: Check init_get_bits8() for failure
...
Fixes: CID1322314
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
9 years ago
Vittorio Giovara
def97856de
lavc: AV-prefix all codec capabilities
...
Express bitfields more simply.
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
10 years ago
Lukasz Marek
969382162f
lavc/smacker: fix mem leak in case of init failure
...
Signed-off-by: Lukasz Marek <lukasz.m.luki2@gmail.com>
10 years ago
Timothy Gu
0035783488
smacker: remove dead code
...
Signed-off-by: Timothy Gu <timothygu99@gmail.com>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
11 years ago
Michael Niedermayer
683b6e3183
avcodec/smacker: use av_mallocz_array()
...
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
11 years ago
Michael Niedermayer
b07a5e9b6b
avformat/smacker: check for format mismatch more completely
...
Fixes use of uninitialized memory
Fixes: msan_uninit-mem_7f6e83322950_9769_wetlogo.smk
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
11 years ago
Anton Khirnov
84099f51f3
smacker: use the AVFrame API properly.
11 years ago
Diego Biurrun
b2bed9325d
cosmetics: Group .name and .long_name together in codec/format declarations
11 years ago
Paul B Mahol
1b99514dfd
avcodec/smacker: use init_get_bits8()
...
Signed-off-by: Paul B Mahol <onemda@gmail.com>
12 years ago
Michael Niedermayer
f144168d9b
avcodec/smacker: fix some memleaks
...
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
12 years ago
Michael Niedermayer
fbab9a7c22
avcodec/smacker: remove check that has become redundant
...
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
12 years ago
Michael Niedermayer
59a08d1939
avcodec/smacker: use the correct field instead of a hardcoded value for the index check in smacker_decode_tree()
...
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
12 years ago
Martin Storsjö
f3d57dc691
smacker: Free memory properly if the init function fails
...
Signed-off-by: Martin Storsjö <martin@martin.st>
12 years ago
Martin Storsjö
0679cec6e8
smacker: Make sure we don't fill in huffman codes out of range
...
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
12 years ago
Martin Storsjö
d002fce24a
smacker: Check malloc return values
...
Also try to free local allocations on errors.
Signed-off-by: Martin Storsjö <martin@martin.st>
12 years ago
Paul B Mahol
76e27b1d05
smacker: make code independent of sizeof(AVFrame)
...
Signed-off-by: Paul B Mahol <onemda@gmail.com>
12 years ago
Carl Eugen Hoyos
90bd75e6eb
Avoid a null pointer dereference on oom when decoding smacker.
...
Fixes ticket #2728 .
12 years ago
Carl Eugen Hoyos
a1dbe49d02
Propagate error return values from the smacker decoder.
12 years ago
Kostya Shishkov
bbb2945f2d
smacker: check the return value of smacker_decode_tree
...
Also prevent a memory leak.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
12 years ago
Kostya Shishkov
f52edef301
smacker: fix an off by one in huff.length computation
...
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
12 years ago
Kostya Shishkov
268bb88544
smacker: add a clarification notice about audio decoding
12 years ago
Kostya Shishkov
5f30c6c8ed
Revert "smackaud: clip output samples"
...
Smacker audio uses overflows instead of clipping.
This reverts commit 375ca0aca8
.
12 years ago
Michael Niedermayer
2211c76287
smacker: remove av_clip_int16()
...
Fixes Ticket2425
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
12 years ago
Clément Bœsch
1ec94b0f06
lavc: factorize ff_{thread_,re,}get_buffer error messages.
...
Coccinelle profile used:
@@
expression r, ctx, f, loglevel, str, flags;
@@
-if ((r = ff_get_buffer(ctx, f, flags)) < 0) {
- av_log(ctx, loglevel, str);
- return r;
-}
+if ((r = ff_get_buffer(ctx, f, flags)) < 0)
+ return r;
@@
expression r, ctx, f, loglevel, str;
@@
-if ((r = ff_reget_buffer(ctx, f)) < 0) {
- av_log(ctx, loglevel, str);
- return r;
-}
+if ((r = ff_reget_buffer(ctx, f)) < 0)
+ return r;
@@
expression r, ctx, f, loglevel, str, flags;
@@
-if ((r = ff_thread_get_buffer(ctx, f, flags)) < 0) {
- av_log(ctx, loglevel, str);
- return r;
-}
+if ((r = ff_thread_get_buffer(ctx, f, flags)) < 0)
+ return r;
...along with some manual patches for the remaining ones.
12 years ago
Anton Khirnov
3b199d29cd
lavc decoders: properly initialize AVFrame.
12 years ago
Anton Khirnov
759001c534
lavc decoders: work with refcounted frames.
12 years ago
Justin Ruggles
903b62cc0b
smackaud: decode directly to the user-provided AVFrame
12 years ago
Anton Khirnov
df9b956751
lavc: fix decode_frame() third parameter semantics for video decoders
...
It's got_frame, not data size
12 years ago
Anton Khirnov
594d4d5df3
lavc: add a wrapper for AVCodecContext.get_buffer().
...
It will be useful in the upcoming transition to refcounted AVFrames.
12 years ago
Michael Niedermayer
2c69fcc2ff
smacker: more complete vlc length check, fixes out of array read
...
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
12 years ago
Michael Niedermayer
50cbe09d8c
smacker: check smacker_decode_tree() return value
...
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
12 years ago
Michael Niedermayer
48cbdaea15
smacker: fix smacker_decode_header_tree() empty vlc table init
...
Fixes Ticket1858
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
12 years ago
Michael Niedermayer
57c0da6fe4
smacker: sanity check audio size.
...
Fixes, excessive memory allocation
Fixes Ticket1892
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
12 years ago
Justin Ruggles
a903f8f087
Include libavutil/channel_layout.h instead of libavutil/audioconvert.h
...
Also reorder some other #include when applicable.
12 years ago
Paul B Mahol
c1947015b2
smackaud: return meaningful error codes
...
Signed-off-by: Paul B Mahol <onemda@gmail.com>
12 years ago