Commits · c70d547751cb3b536f9bca8b060d94f527695b71 · Linshizhi / ffmpeg.wasm-core

16 Oct, 2019 31 commits

avcodec/sbcdec: Fix integer overflows in sbc_synthesize_eight() · c70d5477

Michael Niedermayer authored Sep 27, 2019

Fixes: signed integer overflow: 518484152 + 1868182638 cannot be represented in type 'int'
Fixes: 17732/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SBC_fuzzer-5663738132168704

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>

c70d5477

avcodec/adpcm: Check initial predictor for ADPCM_IMA_EA_EACS · 2f66e843

Michael Niedermayer authored Sep 27, 2019

Fixes: signed integer overflow: -2147483360 - 631 cannot be represented in type 'int'
Fixes: 17701/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_IMA_EA_EACS_fuzzer-5711517319692288

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>

2f66e843

avcodec/g723_1dec: Fix overflow in shift · 07732f12

Michael Niedermayer authored Sep 27, 2019

Fixes: shift exponent 1008 is too large for 32-bit type 'int'
Fixes: 17700/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G723_1_fuzzer-5707633436131328

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>

07732f12

avcodec/apedec: Fix integer overflow in predictor_update_3930() · 5c072c9e

Michael Niedermayer authored Sep 27, 2019

Fixes: signed integer overflow: -69555262 * 31 cannot be represented in type 'int'
Fixes: 17698/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5728970447781888

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>

5c072c9e

avcodec/g729postfilter: Fix undefined intermediate pointers · 0c61661a

Michael Niedermayer authored Sep 27, 2019

Fixes: index -49 out of bounds for type 'int16_t [192]'
Fixes: 17689/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ACELP_KELVIN_fuzzer-5756275014500352

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>

0c61661a

avcodec/g729postfilter: Fix undefined shifts · 6a4fdbf1

Michael Niedermayer authored Sep 27, 2019

Fixes: left shift of negative value -12
Fixes: 17689/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ACELP_KELVIN_fuzzer-5756275014500352

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>

6a4fdbf1

avcodec/lsp: Fix undefined shifts in lsp2poly() · 2b93f52c

Michael Niedermayer authored Sep 27, 2019

Fixes: left shift of negative value -30635
Fixes: 17689/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ACELP_KELVIN_fuzzer-5756275014500352

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>

2b93f52c

avcodec/aacdec_template: Check decode_extension_payload() for failure · ca3d8b47
Michael Niedermayer authored Sep 27, 2019
```
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
```
ca3d8b47

avcodec/adpcm: Fix left shifts in AV_CODEC_ID_ADPCM_EA · 8695fbec

Michael Niedermayer authored Sep 27, 2019

Fixes: left shift of negative value -1
Fixes: 17683/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_EA_R2_fuzzer-5111690013704192

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>

8695fbec

avcodec/smacker: cleanup on errors in smka_decode_frame() · 5ce3c9ea

Michael Niedermayer authored Sep 26, 2019

Fixes: multiple memleaks
Fixes: 17660/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMACKAUD_fuzzer-5689769928949760
Fixes: 18064/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMACKAUD_fuzzer-5631086809317376

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>

5ce3c9ea

tools/target_dec_fuzzer: Adjust threshold for EATGV · 1d3f7e6a

Michael Niedermayer authored Sep 26, 2019

Fixes: Timeout (26sec -> 9sec)
Fixes: 17645/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EATGV_fuzzer-5717065922510848

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>

1d3f7e6a

tools/target_dec_fuzzer: Adjust threshold for SCPR · 9e32c471

Michael Niedermayer authored Sep 26, 2019

Fixes: Timeout (46sec -> 7sec)
Fixes: 17644/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-5715704283660288

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>

9e32c471

avcodec/cavsdec: Check remaining bitstream in the main loop in decode_pic() · e7113704

Michael Niedermayer authored Sep 24, 2019

Fixes: Timeout (149sec ->1sec)
Fixes: 17311/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CAVS_fuzzer-5679368642232320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>

e7113704

avformat/shortendec: Check k in probe · ea770eb5

Michael Niedermayer authored Sep 24, 2019

Fixes: Assertion failure
Fixes: 17640/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5708767475269632

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>

ea770eb5

tools/target_dec_fuzzer: Adjust threshold for MSZH · cf7f35ac

Michael Niedermayer authored Sep 25, 2019

Fixes: Timeout (250sec -> 6sec)
Fixes: 17627/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSZH_fuzzer-5643017129558016

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>

cf7f35ac

swscale/output: Avoid 64bit in Alpha in yuv2ya16_X_c_template() · d2606210
Michael Niedermayer authored Sep 26, 2019
```
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
```
d2606210
swscale/output: Correct Alpha in yuv2ya16_X_c_template() · 3e668293
Michael Niedermayer authored Sep 26, 2019
```
Untested, no testcase
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
```
3e668293

swscale/output: Implement Luma computation from yuv2ya16_X_c_template() without 64bit · 4f4ca675

Michael Niedermayer authored Sep 26, 2019

This also reverts 21838cad
The revert is in this commit to avoid 2 fate updates
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

4f4ca675

fate/source: add libavfilter/af_arnndn.c · e831f601
Paul B Mahol authored Oct 16, 2019

e831f601
vafilter/af_replaygain: fix undefined behaviour · 98ae6b0a
Paul B Mahol authored Oct 16, 2019
```
Fixes #8291
```
98ae6b0a
avfilter/avf_abitscope: fix undefined behaviour · 71bceb06
Paul B Mahol authored Oct 16, 2019
```
Fixes #8289
```
71bceb06
avfilter/vf_colorchannelmixer: do not use pointer if there is no alpha · 4fe4772a
Paul B Mahol authored Oct 16, 2019
```
Fixes #8288
```
4fe4772a
avfilter/vf_edgedetect: fix undefined behaviour · 932913f0
Paul B Mahol authored Oct 16, 2019
```
Fixes #8287
```
932913f0

avcodec/apedec: Check remaining space in decode_array_0000() · 7b94b222

Michael Niedermayer authored Oct 05, 2019

Fixes: Timeout (? -> 2sec)
Fixes: 17886/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5728165124636672
Fixes: 18131/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5710803432374272

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>

7b94b222

avcodec/apedec: Check error flag after entropy_decode* · 926221ef

Michael Niedermayer authored Oct 05, 2019

Fixes: 17886/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5728165124636672
Fixes: 18131/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5710803432374272

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>

926221ef

avfilter/f_reverse: fix memory leaks · 1a0c584a
Paul B Mahol authored Oct 16, 2019
```
Fixes #8283
```
1a0c584a
avfilter: add arnndn filter · b0bfa369
Paul B Mahol authored Jul 26, 2019

b0bfa369
avfilter/vf_atadenoise: compensate for small overall brightness loss · c3985c0e
Paul B Mahol authored Oct 16, 2019
```
This is very hard to spot.
```
c3985c0e
avfilter/vsrc_testsrc: rgbtestsrc: fix undefined behaviour · b20dee81
Paul B Mahol authored Oct 16, 2019
```
Fixes #8238
```
b20dee81
avfilter/vf_gblur: fix heap-buffer overflow · 64a80588
Paul B Mahol authored Oct 16, 2019
```
Fixes #8282
```
64a80588

avformat/chromaprint: Fix writing raw fingerprint · e14f5fd0

Andriy Gelman authored Oct 06, 2019

The pointer fp after the call to chromaprint_get_raw_fingerpoint() points to an array
of uint32_t whereas the current code assumed just a char stream. Thus when writing the
raw fingerprint, the output would be truncated by a factor of 4.

For reference the declaration of the function from chromaprint.h is:
int chromaprint_get_raw_fingerprint(ChromaprintContext *ctx, uint32_t **fingerprint, int *size);

e14f5fd0

15 Oct, 2019 9 commits
- avfilter/af_afade: make sure that in is available · 29dac292
  Paul B Mahol authored Oct 15, 2019
  
  29dac292
- avfilter/dnn: unify the layer load function in native mode · 2558e627
  Guo, Yejun authored Oct 09, 2019
```
Signed-off-by: Guo, Yejun <yejun.guo@intel.com>
Signed-off-by: Pedro Arthur <bygrandao@gmail.com>
```
  2558e627
- avfilter/dnn: unify the layer execution function in native mode · 3fd5ac7e
  Guo, Yejun authored Oct 09, 2019
```
Signed-off-by: Guo, Yejun <yejun.guo@intel.com>
Signed-off-by: Pedro Arthur <bygrandao@gmail.com>
```
  3fd5ac7e
- avfilter/dnn: add DLT prefix for enum DNNLayerType to avoid potential conflicts · b78dc27b
  Guo, Yejun authored Oct 09, 2019
```
and also change CONV to DLT_CONV2D for better description
Signed-off-by: Guo, Yejun <yejun.guo@intel.com>
Signed-off-by: Pedro Arthur <bygrandao@gmail.com>
```
  b78dc27b
- avformat/latmenc: abort if no extradata is available · dd019473
  James Almer authored Oct 15, 2019
```
Fixes ticket #8273.
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
```
  dd019473
- avfilter/vf_bm3d: make sure nb_jobs is at least 1 · f2598484
  Paul B Mahol authored Oct 15, 2019
  
  f2598484
- tools/target_dec_fuzzer: Also fuzz keyframe & disposal flags · ec9d48da
  Michael Niedermayer authored Oct 12, 2019
```
This should improve coverage
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
```
  ec9d48da
- lavc/libxavs2: fix parameter setting result determination · e71c241b
  hwren authored Oct 14, 2019
```
Signed-off-by: hwren <hwrenx@126.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
```
  e71c241b
- avfilter/af_afade: fix heap-buffer overflow · e1b89c76
  Paul B Mahol authored Oct 15, 2019
```
Fixes #8276
```
  e1b89c76