git.videolan.org Git - ffmpeg.git/rss log

FFmpeg git repo

http://git.videolan.org/?p=ffmpeg.git;a=summary

Les articles publiés sur le site

  • avcodec/rv60dec : Initialize slice gb with actually allocated size

    9 février, par Michael Niedermayer
    avcodec/rv60dec: Initialize slice gb with actually allocated size

Fixes: out of array access
Fixes: 385170375/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RV60_fuzzer-4710055187906560

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
    • [DH] libavcodec/rv60dec.c

  • avformat/iff : Check that we have a stream in read_dst_frame()

    9 février, par Michael Niedermayer
    avformat/iff: Check that we have a stream in read_dst_frame()

Fixes: null pointer dereference
Fixes: 385644864/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-4551049565765632

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
    • [DH] libavformat/iff.c

  • lavc/vvc : Set fc->ref to NULL at top of decode_nal_units

    8 février, par Frank Plowman
    lavc/vvc: Set fc->ref to NULL at top of decode_nal_units

In the fail: block of decode_nal_units, a check as to whether fc->ref is
nonzero is used.  Before this patch, fc->ref was set to NULL in
frame_context_setup.  The issue is that, by the time frame_context_setup
is called, falliable functions (namely slices_realloc and
ff_vvc_decode_frame_ps) have already been called.  Therefore, there
could arise a situation in which the fc->ref test of decode_nal_units'
fail: block is performed while fc->ref has an invalid value.  This seems
to be particularly prevalent in situations where the FrameContexts are
being reused.  The patch resolves the issue by moving the assignment of
fc->ref to NULL to the very top of decode_nal_units, before any falliable
functions are called.

Signed-off-by: Frank Plowman <post@frankplowman.com>
    • [DH] libavcodec/vvc/dec.c

  • avcodec/aac/aacdec_lpd : Limit get_unary()

    8 février, par Michael Niedermayer
    avcodec/aac/aacdec_lpd: Limit get_unary()

The limit is based on later code storing 32bits

Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 393164866/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_LATM_fuzzer-4606798354513920

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
    • [DH] libavcodec/aac/aacdec_lpd.c

  • checkasm/v210enc.c : Use checkasm_check()

    8 février, par Kieran Kunhya
    checkasm/v210enc.c: Use checkasm_check()

This gives more informative printouts if the tests fail,
if checkasm is run with "-v".

Signed-off-by: Martin Storsjö <martin@martin.st>
    • [DH] tests/checkasm/v210enc.c

Navigation

Sites Web