Michael Niedermayer
b3c25263d1
avcodec/scpr: Check minimum size of type 17
...
Improves: Timeout (85sec -> 46sec)
Improves: 17644/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-5715704283660288
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 years ago
James Almer
9ea6d2149e
avcodec/decode: add a flags parameter to ff_reget_buffer()
...
Some decoders may not need a writable buffer in some specific cases, but only
a reference to the existing buffer with updated frame properties instead, for
the purpose of returning duplicate frames. For this, the
FF_REGET_BUFFER_FLAG_READONLY flag is added, which will prevent potential
allocations and buffer copies when they are not needed.
Signed-off-by: James Almer <jamrial@gmail.com>
5 years ago
Michael Niedermayer
950a21e83c
avcodec/scpr: Use av_memcpy_backptr() in type 17 and 33
...
This makes the changed code-path faster.
Change not tested except with the fuzzer testcase as I found no other testcase.
Improves: Timeout (136sec -> 74sec)
Improves: 16040/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-5705876062601216
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
6 years ago
Marton Balint
1b4f74ffe2
avcodec/scpr: fix checking ret value of decode_run_i
...
Fixes Coverity CID 1441460.
Signed-off-by: Marton Balint <cus@passwd.hu>
6 years ago
Michael Niedermayer
6dd8420290
avcodec/scpr: check remaining data after decode
...
Fixes Timeout (29sec -> 14sec)
Fixes: 13713/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-5756778069884928
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 years ago
Paul B Mahol
ea80af659c
avcodec/scpr: avoid using uninitialized value
...
Fixes #7872 .
6 years ago
Michael Niedermayer
8f63fa4c2e
avcodec/scpr: Perform frame copy later
...
Optimization found while looking at 13442/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-5758293933293568
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 years ago
Michael Niedermayer
53248acfb3
avcodec/scpr: Fix use of uninitialized variable
...
Fixes: Undefined shift
Fixes: 12911/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-5677102915911680
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 years ago
Paul B Mahol
a064530da8
avcodec/scpr: add version 3 support
...
Signed-off-by: Paul B Mahol <onemda@gmail.com>
6 years ago
Michael Niedermayer
d702769213
avcodec/scpr: Skip frames which change nothing
...
Fixes: Timeout
Fixes: 10292/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-5687943864254464
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 years ago
Paul B Mahol
4b1b47e81b
avcodec/scpr: stop checking for overread twice
6 years ago
Paul B Mahol
cc24665f44
avcodec/scpr: make sure count and min are valid
6 years ago
Paul B Mahol
ce8807c290
avcodec/scpr: refactor repeated code into decode_units()
6 years ago
Paul B Mahol
d71dfc087b
avcodec/scpr: error out if run length is <= 0
6 years ago
Michael Niedermayer
3378194ce8
avcodec/scpr: Check for min > max in decompress_p()
...
Fixes: Timeout
Fixes: 9342/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-4795990841229312
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 years ago
Paul B Mahol
324954cf96
avcodec/scpr: fix decoding of prev+top-topleft prediction in keyframes
...
Signed-off-by: Paul B Mahol <onemda@gmail.com>
7 years ago
Paul B Mahol
22a878ecd1
avcodec/scpr: check for possible out of array access
...
Signed-off-by: Paul B Mahol <onemda@gmail.com>
7 years ago
Michael Niedermayer
0fb33a8289
avcodec/scpr: Fix reading a pixel before the first
...
Fixes: 5540/clusterfuzz-testcase-minimized-6122458273808384
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 years ago
Michael Niedermayer
981f04b2ae
avcodec/scpr: optimize shift loop.
...
Speeds code up from 50sec to 15sec
Fixes Timeout
Fixes: 3242/clusterfuzz-testcase-5811951672229888
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 years ago
Derek Buitenhuis
f7daed8545
scpr: Added missing error check
...
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
8 years ago
Michael Niedermayer
5666b95c9f
avcodec/scpr: mask bits to prevent out of array read
...
Fixes: 1615/clusterfuzz-testcase-minimized-6625214647500800
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
Michael Niedermayer
2171dfae8c
avcodec/scpr: Fix multiple runtime error: index 256 out of bounds for type 'unsigned int [256]'
...
Fixes: 1519/clusterfuzz-testcase-minimized-5286680976162816
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
Michael Niedermayer
7ac5067146
avcodec/scpr: Check y in first line loop in decompress_i()
...
Fixes: out of array access
Fixes: 1478/clusterfuzz-testcase-minimized-5285486908145664
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
Michael Niedermayer
f1a4dd5e48
avcodec/scpr: Fix multiple runtime error: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
...
Fixes: 1422/clusterfuzz-testcase-minimized-5030993939398656
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 years ago
Paul B Mahol
807d5dcde9
avcodec/scpr: use correct linesize for prev frame
...
Signed-off-by: Paul B Mahol <onemda@gmail.com>
8 years ago
Paul B Mahol
6d93e7d1a3
avcodec/scpr: fix top left prediction for special case when x is 0 for keyframes
...
Signed-off-by: Paul B Mahol <onemda@gmail.com>
8 years ago
Paul B Mahol
86ab6b6e08
avcodec/scpr: check if total_freq is 0 in decode0
...
Fixes SIGFPE, closes #6196 .
Signed-off-by: Paul B Mahol <onemda@gmail.com>
8 years ago
Paul B Mahol
6d856b2579
avcodec/scpr: add support for older version
...
Signed-off-by: Paul B Mahol <onemda@gmail.com>
8 years ago
Paul B Mahol
e01c32f260
avcodec/scpr: remove 4 dead store
...
Signed-off-by: Paul B Mahol <onemda@gmail.com>
8 years ago
Paul B Mahol
0a28c50506
avcodec/scpr: improve motion vectors checking for out of buffer write
...
Signed-off-by: Paul B Mahol <onemda@gmail.com>
8 years ago
Paul B Mahol
178cd50c47
avcodec/scpr: make sure that component value is <= 0x1F for 16 bpc
...
Signed-off-by: Paul B Mahol <onemda@gmail.com>
8 years ago
Paul B Mahol
45ed942e7e
avcodec/scpr: improve check for out of range motion vectors
...
Signed-off-by: Paul B Mahol <onemda@gmail.com>
8 years ago
Paul B Mahol
95a5af446b
avcodec/scpr: check that current row is in valid range
...
Stops writing out of dst array.
Signed-off-by: Paul B Mahol <onemda@gmail.com>
8 years ago
Paul B Mahol
fd7af82c53
avcodec/scpr: do not allow out of array access for 16bit case
...
Signed-off-by: Paul B Mahol <onemda@gmail.com>
8 years ago
Paul B Mahol
039011b6b0
avcodec: add ScreenPressor decoder
...
Signed-off-by: Paul B Mahol <onemda@gmail.com>
8 years ago