- 06 Jun, 2017 5 commits
-
-
Michael Niedermayer authored
avcodec/mpeg4videodec: Fix runtime error: signed integer overflow: 53098 * 40448 cannot be represented in type 'int' Fixes: 2106/clusterfuzz-testcase-minimized-6136503639998464 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: 2100/clusterfuzz-testcase-minimized-4522961547558912 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
avcodec/takdec: Fix multiple runtime error: signed integer overflow: 637072 * 4096 cannot be represented in type 'int' Fixes: 2079/clusterfuzz-testcase-minimized-5345861779324928 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Ilia Valiakhmetov authored
vp9_diag_downleft_32x32_8bpp_c: 580.2 vp9_diag_downleft_32x32_8bpp_sse2: 75.6 vp9_diag_downleft_32x32_8bpp_ssse3: 73.7 vp9_diag_downleft_32x32_8bpp_avx: 72.7 vp9_diag_downleft_32x32_10bpp_c: 1101.2 vp9_diag_downleft_32x32_10bpp_sse2: 145.4 vp9_diag_downleft_32x32_10bpp_ssse3: 137.5 vp9_diag_downleft_32x32_10bpp_avx: 134.8 vp9_diag_downleft_32x32_10bpp_avx2: 94.0 vp9_diag_downleft_32x32_12bpp_c: 1108.5 vp9_diag_downleft_32x32_12bpp_sse2: 145.5 vp9_diag_downleft_32x32_12bpp_ssse3: 137.3 vp9_diag_downleft_32x32_12bpp_avx: 135.2 vp9_diag_downleft_32x32_12bpp_avx2: 94.0 ~30% faster than avx implementation Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
-
Stefano Sabatini authored
Forcing low_delay can be useful, even if not officially supported.
-
- 05 Jun, 2017 15 commits
-
-
James Almer authored
This test the demuxer discarding non ADTS frames at the beginning and end of the input. As a side effect, this commit also enables fate-adts-demux, which was accidentally disabled in 324f0fbf. Tested-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: James Almer <jamrial@gmail.com>
-
Michael Niedermayer authored
Fixes: out of array read Fixes: 2097/clusterfuzz-testcase-minimized-5036861833609216 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes memleak Fixes: 2076/clusterfuzz-testcase-minimized-6542640243802112 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
avcodec/cavs: Fix runtime error: signed integer overflow: -12648062 * 256 cannot be represented in type 'int' Fixes: 2067/clusterfuzz-testcase-minimized-5578430902960128 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Vittorio Giovara authored
This API is more up-to-date, provides names compatible with filters and external encoders, and is consistent with the other color property variables. Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
-
Rostislav Pehlivanov authored
The encoder never actually signalled how many samples to skip. Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>
-
Tyler Jones authored
Switching the vorbis encoder to use a buffer queue for input frames allows saving lookahead samples more easily and safely for psychoacoustic systems, requiring less pointer arithmetic in the case of transient windows.
-
Tyler Jones authored
-
Tyler Jones authored
Using fdsp improves readability and allows using architecture-specific optimizations. Signed-off-by: Tyler Jones <tdjones879@gmail.com>
-
Tyler Jones authored
Signed-off-by: Tyler Jones <tdjones879@gmail.com>
-
Michael Niedermayer authored
This reduces the attack surface of local file-system information leaking. It prevents the existing exploit leading to an information leak. As well as similar hypothetical attacks. Leaks of information from files and symlinks ending in common multimedia extensions are still possible. But files with sensitive information like private keys and passwords generally do not use common multimedia filename extensions. It does not stop leaks via remote addresses in the LAN. The existing exploit depends on a specific decoder as well. It does appear though that the exploit should be possible with any decoder. The problem is that as long as sensitive information gets into the decoder, the output of the decoder becomes sensitive as well. The only obvious solution is to prevent access to sensitive information. Or to disable hls or possibly some of its feature. More complex solutions like checking the path to limit access to only subdirectories of the hls path may work as an alternative. But such solutions are fragile and tricky to implement portably and would not stop every possible attack nor would they work with all valid hls files. Developers have expressed their dislike / objected to disabling hls by default as well as disabling hls with local files. There also where objections against restricting remote url file extensions. This here is a less robust but also lower inconvenience solution. It can be applied stand alone or together with other solutions. limiting the check to local files was suggested by nevcairiel This recommits the security fix without the author name joke which was originally requested by Nicolas. Found-by: Emil Lerner and Pavel Cheremushkin Reported-by: Thierry Foucu <tfoucu@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Requested-by: Paul B Mahol <onemda@gmail.com> This reverts commit caf7d617.
-
Rostislav Pehlivanov authored
Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>
-
James Almer authored
~2% faster.
-
Sysiphus authored
This reduces the attack surface of local file-system information leaking. It prevents the existing exploit leading to an information leak. As well as similar hypothetical attacks. Leaks of information from files and symlinks ending in common multimedia extensions are still possible. But files with sensitive information like private keys and passwords generally do not use common multimedia filename extensions. It does not stop leaks via remote addresses in the LAN. The existing exploit depends on a specific decoder as well. It does appear though that the exploit should be possible with any decoder. The problem is that as long as sensitive information gets into the decoder, the output of the decoder becomes sensitive as well. The only obvious solution is to prevent access to sensitive information. Or to disable hls or possibly some of its feature. More complex solutions like checking the path to limit access to only subdirectories of the hls path may work as an alternative. But such solutions are fragile and tricky to implement portably and would not stop every possible attack nor would they work with all valid hls files. Developers have expressed their dislike / objected to disabling hls by default as well as disabling hls with local files. There also where objections against restricting remote url file extensions. This here is a less robust but also lower inconvenience solution. It can be applied stand alone or together with other solutions. limiting the check to local files was suggested by nevcairiel Found-by: Emil Lerner and Pavel Cheremushkin Reported-by: Thierry Foucu <tfoucu@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
- 04 Jun, 2017 14 commits
-
-
Kevin Mark authored
This new FATE test for the scale2ref filter makes use of the recently added scale2ref-specific variables to maintain the aspect ratio of a test input. Filtergraph explanation: [main] has an AR of 4:3. [ref] has an AR of 16:9. 640 / 4 = 160. So the new width for [main] is 160. 160 / ((320 / 240) * (1 / 1)) = 160 / (4 / 3) = 120. So the new height for [main] is 120. 160 / 120 = 4 / 3 so [main]'s aspect ratio has been maintained while using [ref]'s width as a reference point. [ref] is nullsink'd since it is left unchanged by scale2ref (and so shouldn't need to be tested). If we were to use "iw/4:-1" in place of "iw/4:ow/mdar": 640 / 4 = 160. So the new width for [main] would be 160. 360 / 4 = 90. So the new height for [main] would be 90. 160 / 90 = 16 / 9 so [main] now has the same aspect ratio as [ref] which is probably what you do not want. This is currently the only test for scale2ref. Signed-off-by: Kevin Mark <kmark937@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
The RGB555 PACKBITSRGN case tries to read a palette, if such palette is actually stored then it accesses a null pointer. All 16bit samples i could find use DIRECTBITSRGN. Fixes: 2065/clusterfuzz-testcase-minimized-6298930457346048 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
This also increases the range of input values supported as well as decreasing the operation dependencies in the main loop, improving speed on modern CPUs. Fixes part of: 2045/clusterfuzz-testcase-minimized-6751255865065472 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Paul B Mahol authored
Signed-off-by: Paul B Mahol <onemda@gmail.com>
-
Michael Niedermayer authored
avcodec/wavpack: Fix runtime error: signed integer overflow: 2081021665 - -130689706 cannot be represented in type 'int' Fixes: 2038/clusterfuzz-testcase-minimized-4521466148159488 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: 2010/clusterfuzz-testcase-minimized-6209288450080768 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: Timeout Fixes: 2006/clusterfuzz-testcase-minimized-5766515037044736 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
James Almer authored
Atempt to read and propagate only full ADTS frames and not other data, like id3v1 or APETags at the end of the file. Fixes ticket #6437. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: James Almer <jamrial@gmail.com>
-
Paul B Mahol authored
Signed-off-by: Paul B Mahol <onemda@gmail.com>
-
Marton Balint authored
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Marton Balint <cus@passwd.hu>
-
Marton Balint authored
Fixes ticket #6397. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Marton Balint <cus@passwd.hu>
-
Michael Niedermayer authored
Fixes 1745/clusterfuzz-testcase-minimized-6160693365571584 Fixes: Timeout Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
avcodec/ac3dec_fixed: Fix runtime error: left shift of 419 by 23 places cannot be represented in type 'int' Fixes: 1352/clusterfuzz-testcase-minimized-5757565017260032 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
- 03 Jun, 2017 6 commits
-
-
Michael Niedermayer authored
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: Timeout Fixes: 1213/clusterfuzz-testcase-minimized-6022987469815808 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
This reorders the operations so as to avoid computations with the above arguments before they have been initialized. Fixes part of 1708/clusterfuzz-testcase-minimized-5035111957397504 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
The loglevel is choosen so that the main filename and any images of multi image sequences are shown only at debug level to avoid clutter. This makes exploits in playlists more visible. As they would show accesses to private/sensitive files Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Kevin Mark authored
ff_scale_eval_dimensions blindly assumes that two inputs are always available as of 3385989b. This is notably not the case when the function is called for the scale filter. With the scale filter inputs[1] does not exist. ff_scale_eval_dimensions now has an updated scale2ref check that makes certain two inputs are actually available before attempting to access the second one. Thanks to James Almer for reporting this bug. This should fix the 820 Valgrind tests I single-handedly managed to break. Signed-off-by: Kevin Mark <kmark937@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
James Almer authored
Move the unpacking outside of the loop. 5% to 10% faster. Suggested-by: ubitux Signed-off-by: James Almer <jamrial@gmail.com>
-