Michael Niedermayer
87ddf9f1ef
avcodec/4xm: Check index in decode_i_block() also in the path where its not used.
...
Fixes: Infinite loop
Fixes: signed integer overflow: 2147483644 + 16 cannot be represented in type 'int'
Fixes: 16169/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5662570416963584
Fixes: 16782/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5743163859271680
Fixes: 17641/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5711603562971136
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 years ago
Michael Niedermayer
8f92eb05e0
avcodec/4xm: Check for end of input in decode_p_block()
...
Fixes: Timeout (81sec -> 0.2sec)
Fixes: 16169/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5662570416963584
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 years ago
Michael Niedermayer
2bbea155bf
avcodec/4xm: Fix signed integer overflows in idct()
...
Fixes: signed integer overflow: 20242 * 121095 cannot be represented in type 'int'
Fixes: 15310/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5737051745419264
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 years ago
Michael Niedermayer
55557c6124
avcodec/4xm: Fix vlc memleak
...
Fixes: memleak
Fixes: 15297/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5746203548975104
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 years ago
Michael Niedermayer
07607a1db8
avcodec/4xm: Fix returned error codes
...
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 years ago
Ramiro Polla
4d34205bec
avcodec/4xm: fix block alignment
...
blockdsp requires 32 byte alignment.
Signed-off-by: James Almer <jamrial@gmail.com>
6 years ago
Luca Barbato
73fc82f343
vlc: Add header #include when the types are used
...
Do not rely on indirectly including it from bitstream.h.
Signed-off-by: Diego Biurrun <diego@biurrun.de>
8 years ago
Diego Biurrun
dcc39ee10e
lavc: Remove deprecated XvMC support hacks
...
Deprecated in 11/2013.
8 years ago
Diego Biurrun
a25dac976a
Use bitstream_init8() where appropriate
8 years ago
Alexandra Hájková
ed006ae4e2
4xm: Convert to the new bitstream reader
...
Signed-off-by: Anton Khirnov <anton@khirnov.net>
8 years ago
Andreas Cadhalpun
1e660fe88d
doc: fix spelling errors
...
Reviewed-by: Lou Logan <lou@lrcd.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
8 years ago
Vittorio Giovara
059a934806
lavc: Consistently prefix input buffer defines
...
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
10 years ago
Vittorio Giovara
def97856de
lavc: AV-prefix all codec capabilities
...
Express bitfields more simply.
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
10 years ago
Vittorio Giovara
7c6eb0a1b7
lavc: AV-prefix all codec flags
...
Convert doxygen to multiline and express bitfields more simply.
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
10 years ago
Michael Niedermayer
4001fc4267
avcodec/4xm: remove duplicate assert
...
Found-by: carl
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
10 years ago
Vittorio Giovara
68a35473ed
4xm: more thorought check for negative index and negative shift
...
CC: libav-stable@libav.org
Bug-Id: CID 1087094
10 years ago
Vittorio Giovara
0e1ebfebc8
4xm: drop unnecessary check
...
data_size is always >= 0 in this case.
CC: libav-stable@libav.org
Bug-Id: CID 1238788
10 years ago
Michael Niedermayer
544380aaf0
avcodec/4xm: Make src of decode_p_block() const
...
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
10 years ago
Diego Biurrun
c67b449beb
dsputil: Split bswap*_buf() off into a separate context
11 years ago
Diego Biurrun
e74433a8e6
dsputil: Split clear_block*/fill_block* off into a separate context
11 years ago
Diego Biurrun
cc8163e1a3
avcodec: more correct printf specifiers
11 years ago
Anton Khirnov
fe80fa53bc
4xm: replace forcing EMU_EDGE by a copy
...
The decoder currently sets CODEC_FLAG_EMU_EDGE and relies on
get_buffer2() to always provide buffers with linesize == 2 * width.
This is wrong, since we place no such restriction on get_buffer2()
implementations.
Fix this by decoding into internal buffers and copying them to output
frames. Since this is a very obscure decoder, the performance hit should
not be an issue.
11 years ago
Anton Khirnov
fffca3d278
4xm: return a proper error code.
11 years ago
Paul B Mahol
2820562935
avcodec/4xm: use av_fast_padded_malloc()
...
Signed-off-by: Paul B Mahol <onemda@gmail.com>
11 years ago
Diego Biurrun
b2bed9325d
cosmetics: Group .name and .long_name together in codec/format declarations
11 years ago
Luca Barbato
2f034f255c
4xm: Reject not a multiple of 16 dimension
...
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
12 years ago
Michael Niedermayer
68efb1d60a
4xm: Dont ignore dc run errors
...
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
12 years ago
Michael Niedermayer
13c56e9a9c
4xm: check for invalid zero ac coeffs
...
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
12 years ago
Luca Barbato
59d7bb99b6
4xm: check bitstream_size boundary before using it
...
Prevent buffer overread.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
12 years ago
Luca Barbato
fbd0dacc8d
4xm: refactor decode_p_block
...
Directly return from code 1, 2 and 6 codepaths and simplify the
remaining one to have a single overflow check and a single call to
mcdc.
12 years ago
Luca Barbato
94aefb1932
4xm: do not overread the source buffer in decode_p_block
...
Check for out of picture macroblocks before calling mcdc.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
12 years ago
Luca Barbato
be373cb50d
4xm: do not overread the prestream buffer
...
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
12 years ago
Luca Barbato
de2e5777e2
4xm: validate the buffer size before parsing it
...
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
12 years ago
Luca Barbato
145023f572
4xm: reject frames not compatible with the declared version
...
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
12 years ago
Luca Barbato
1f0c607560
4xm: drop pointless assert
...
Make sure the value of wlog2 is always between 0 and 3.
12 years ago
Luca Barbato
b8b809908e
4xm: forward errors from decode_p_block
...
Partially mitigate out of memory writes.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
12 years ago
Luca Barbato
50ec1db62d
4xm: fold last_picture lazy allocation in decode_p_frame
12 years ago
Luca Barbato
e7a44f87d0
4xm: refactor fourxm_read_header
...
Split sound and video tag parsing in separate functions.
12 years ago
Luca Barbato
08859d19b4
4xm: use the correct logging context
12 years ago
Diego Biurrun
2832ea26f3
Remove commented-out debug #define cruft
12 years ago
Clément Bœsch
1ec94b0f06
lavc: factorize ff_{thread_,re,}get_buffer error messages.
...
Coccinelle profile used:
@@
expression r, ctx, f, loglevel, str, flags;
@@
-if ((r = ff_get_buffer(ctx, f, flags)) < 0) {
- av_log(ctx, loglevel, str);
- return r;
-}
+if ((r = ff_get_buffer(ctx, f, flags)) < 0)
+ return r;
@@
expression r, ctx, f, loglevel, str;
@@
-if ((r = ff_reget_buffer(ctx, f)) < 0) {
- av_log(ctx, loglevel, str);
- return r;
-}
+if ((r = ff_reget_buffer(ctx, f)) < 0)
+ return r;
@@
expression r, ctx, f, loglevel, str, flags;
@@
-if ((r = ff_thread_get_buffer(ctx, f, flags)) < 0) {
- av_log(ctx, loglevel, str);
- return r;
-}
+if ((r = ff_thread_get_buffer(ctx, f, flags)) < 0)
+ return r;
...along with some manual patches for the remaining ones.
12 years ago
Anton Khirnov
759001c534
lavc decoders: work with refcounted frames.
12 years ago
Anton Khirnov
8097fc9a2d
4xm: check the return value of read_huffman_tables().
...
CC:libav-stable@libav.org
12 years ago
Michael Niedermayer
cfc7b9cfff
4xm: remove avcodec_get_frame_defaults() calls
...
They are not needed anymore
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
12 years ago
Michael Niedermayer
d73b65ed0e
4xm: add assert to check that the pointer from read_huffman_tables is within the array
...
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
12 years ago
Michael Niedermayer
53a3fdbfc5
4xm: Check available space in read_huffman_tables()
...
Fixes integer overflow and out of array accesses
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
12 years ago
Diego Biurrun
88bd7fdc82
Drop DCTELEM typedef
...
It does not help as an abstraction and adds dsputil dependencies.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
12 years ago
Anton Khirnov
aa15afb7ce
4xm: simplify code with FFSWAP
12 years ago
Anton Khirnov
10c26e928a
4xm: return meaningful error codes
12 years ago
Anton Khirnov
f7d15d2f42
4xm: operate with pointers to AVFrames instead of whole structs.
...
This is more correct and avoids breaking extended_data.
12 years ago