From patchwork Fri Jan 10 22:03:51 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 17284 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id D4BDA44BD72 for ; Sat, 11 Jan 2020 00:13:37 +0200 (EET) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id B292D68AE27; Sat, 11 Jan 2020 00:13:37 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from vie01a-dmta-pe05-3.mx.upcmail.net (vie01a-dmta-pe05-3.mx.upcmail.net [84.116.36.13]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 1781368ADD9 for ; Sat, 11 Jan 2020 00:13:31 +0200 (EET) Received: from [172.31.216.235] (helo=vie01a-pemc-psmtp-pe12.mail.upcmail.net) by vie01a-dmta-pe05.mx.upcmail.net with esmtp (Exim 4.92) (envelope-from ) id 1iq2RJ-000ATz-08 for ffmpeg-devel@ffmpeg.org; Fri, 10 Jan 2020 23:07:33 +0100 Received: from localhost ([213.47.68.29]) by vie01a-pemc-psmtp-pe12.mail.upcmail.net with ESMTP id q2QKiXhccwlysq2QKi4qYv; Fri, 10 Jan 2020 23:06:33 +0100 X-Env-Mailfrom: michael@niedermayer.cc X-Env-Rcptto: ffmpeg-devel@ffmpeg.org X-SourceIP: 213.47.68.29 X-CNFS-Analysis: v=2.3 cv=E5OzWpVl c=1 sm=1 tr=0 a=2hcxjKEKjp0CzLx6oWAm4g==:117 a=2hcxjKEKjp0CzLx6oWAm4g==:17 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10 a=GEAsPZ9sns4A:10 a=ZZnuYtJkoWoA:10 a=nZOtpAppAAAA:20 a=HfGZjlTjAfgXMthcxxYA:9 a=1fhp2MxaeJtTNGEnv6mo:22 a=Z5ABNNGmrOfJ6cZ5bIyy:22 a=jd6J4Gguk5HxikPWLKER:22 From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Fri, 10 Jan 2020 23:03:51 +0100 Message-Id: <20200110220353.3043-1-michael@niedermayer.cc> X-Mailer: git-send-email 2.24.0 MIME-Version: 1.0 X-CMAE-Envelope: MS4wfMgqS+O7yZtgKsi4gO8tkkHpnMhigrl4bwDOJxpvXj0cFPm9+eAQM3b0W6GWeBKF5geMyreHl7NCmHt5PbC8k1cwluWPBRWOf3zt2VlJEaqTY5OtFBbg c38c5PAFef6L6knL2LDMMH9FyJBvgnc1JSWao8SrLCtm7Kf1BCXIooph Subject: [FFmpeg-devel] [PATCH 1/3] avcodec/ralf: Fix integer overflow in apply_lpc() X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Fixes: signed integer overflow: 2147482897 + 2048 cannot be represented in type 'int' Fixes: 19240/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5743240326414336 Fixes: 19869/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5150136636538880 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavcodec/ralf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/ralf.c b/libavcodec/ralf.c index d8f1803086..15be19b526 100644 --- a/libavcodec/ralf.c +++ b/libavcodec/ralf.c @@ -330,7 +330,7 @@ static void apply_lpc(RALFContext *ctx, int ch, int length, int bits) acc = (acc + bias - 1) >> ctx->filter_bits; acc = FFMAX(acc, min_clip); } else { - acc = (acc + bias) >> ctx->filter_bits; + acc = ((unsigned)acc + bias) >> ctx->filter_bits; acc = FFMIN(acc, max_clip); } audio[i] += acc; From patchwork Fri Jan 10 22:03:52 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 17285 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id F382A44BD72 for ; Sat, 11 Jan 2020 00:13:53 +0200 (EET) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id DFAF068AE63; Sat, 11 Jan 2020 00:13:53 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from vie01a-dmta-pe05-3.mx.upcmail.net (vie01a-dmta-pe05-3.mx.upcmail.net [84.116.36.13]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 745F668AE26 for ; Sat, 11 Jan 2020 00:13:47 +0200 (EET) Received: from [172.31.216.235] (helo=vie01a-pemc-psmtp-pe12.mail.upcmail.net) by vie01a-dmta-pe05.mx.upcmail.net with esmtp (Exim 4.92) (envelope-from ) id 1iq2RJ-000ATx-08 for ffmpeg-devel@ffmpeg.org; Fri, 10 Jan 2020 23:07:33 +0100 Received: from localhost ([213.47.68.29]) by vie01a-pemc-psmtp-pe12.mail.upcmail.net with ESMTP id q2QLiXhe7wlysq2QLi4qZB; Fri, 10 Jan 2020 23:06:33 +0100 X-Env-Mailfrom: michael@niedermayer.cc X-Env-Rcptto: ffmpeg-devel@ffmpeg.org X-SourceIP: 213.47.68.29 X-CNFS-Analysis: v=2.3 cv=E5OzWpVl c=1 sm=1 tr=0 a=2hcxjKEKjp0CzLx6oWAm4g==:117 a=2hcxjKEKjp0CzLx6oWAm4g==:17 a=jpOVt7BSZ2e4Z31A5e1TngXxSK0=:19 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10 a=GEAsPZ9sns4A:10 a=ZZnuYtJkoWoA:10 a=nZOtpAppAAAA:20 a=nNQE21XxxYARO-XrC2cA:9 a=1fhp2MxaeJtTNGEnv6mo:22 a=Z5ABNNGmrOfJ6cZ5bIyy:22 a=SsAZrZ5W_gNWK9tOzrEV:22 From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Fri, 10 Jan 2020 23:03:52 +0100 Message-Id: <20200110220353.3043-2-michael@niedermayer.cc> X-Mailer: git-send-email 2.24.0 In-Reply-To: <20200110220353.3043-1-michael@niedermayer.cc> References: <20200110220353.3043-1-michael@niedermayer.cc> MIME-Version: 1.0 X-CMAE-Envelope: MS4wfMgqS+O7yZtgKsi4gO8tkkHpnMhigrl4bwDOJxpvXj0cFPm9+eAQM3b0W6GWeBKF5geMyreHl7NCmHt5PbC8k1cwluWPBRWOf3zt2VlJEaqTY5OtFBbg c38c5PAFef6L6knL2LDMMH9FyJBvgnc1JSWao8SrLCtm7Kf1BCXIooph Subject: [FFmpeg-devel] [PATCH 2/3] avcodec/agm: YUV420 without DCT needs even dimensions X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Fixes: out of array access Fixes: 19892/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AGM_fuzzer-5707525924323328 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavcodec/agm.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/agm.c b/libavcodec/agm.c index 80f4697ee5..a874226c28 100644 --- a/libavcodec/agm.c +++ b/libavcodec/agm.c @@ -1239,6 +1239,11 @@ static av_cold int decode_init(AVCodecContext *avctx) s->dct = avctx->codec_tag != MKTAG('A', 'G', 'M', '4') && avctx->codec_tag != MKTAG('A', 'G', 'M', '5'); + if (!s->rgb && !s->dct) { + if ((avctx->width & 1) || (avctx->height & 1)) + return AVERROR_INVALIDDATA; + } + avctx->idct_algo = FF_IDCT_SIMPLE; ff_idctdsp_init(&s->idsp, avctx); ff_init_scantable(s->idsp.idct_permutation, &s->scantable, ff_zigzag_direct); From patchwork Fri Jan 10 22:03:53 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 17283 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 5FA08449E90 for ; Sat, 11 Jan 2020 00:07:40 +0200 (EET) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 48BDC68ADF1; Sat, 11 Jan 2020 00:07:40 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from vie01a-dmta-pe01-2.mx.upcmail.net (vie01a-dmta-pe01-2.mx.upcmail.net [62.179.121.155]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 8D29F68A2B6 for ; Sat, 11 Jan 2020 00:07:33 +0200 (EET) Received: from [172.31.216.235] (helo=vie01a-pemc-psmtp-pe12.mail.upcmail.net) by vie01a-dmta-pe01.mx.upcmail.net with esmtp (Exim 4.92) (envelope-from ) id 1iq2RJ-0005D6-08 for ffmpeg-devel@ffmpeg.org; Fri, 10 Jan 2020 23:07:33 +0100 Received: from localhost ([213.47.68.29]) by vie01a-pemc-psmtp-pe12.mail.upcmail.net with ESMTP id q2QLiXheRwlysq2QLi4qZG; Fri, 10 Jan 2020 23:06:33 +0100 X-Env-Mailfrom: michael@niedermayer.cc X-Env-Rcptto: ffmpeg-devel@ffmpeg.org X-SourceIP: 213.47.68.29 X-CNFS-Analysis: v=2.3 cv=E5OzWpVl c=1 sm=1 tr=0 a=2hcxjKEKjp0CzLx6oWAm4g==:117 a=2hcxjKEKjp0CzLx6oWAm4g==:17 a=jpOVt7BSZ2e4Z31A5e1TngXxSK0=:19 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10 a=GEAsPZ9sns4A:10 a=ZZnuYtJkoWoA:10 a=vng-CwfLZFs5tVajGyQA:9 a=pHzHmUro8NiASowvMSCR:22 a=Ew2E2A-JSTLzCXPT_086:22 From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Fri, 10 Jan 2020 23:03:53 +0100 Message-Id: <20200110220353.3043-3-michael@niedermayer.cc> X-Mailer: git-send-email 2.24.0 In-Reply-To: <20200110220353.3043-1-michael@niedermayer.cc> References: <20200110220353.3043-1-michael@niedermayer.cc> MIME-Version: 1.0 X-CMAE-Envelope: MS4wfMgqS+O7yZtgKsi4gO8tkkHpnMhigrl4bwDOJxpvXj0cFPm9+eAQM3b0W6GWeBKF5geMyreHl7NCmHt5PbC8k1cwluWPBRWOf3zt2VlJEaqTY5OtFBbg c38c5PAFef6L6knL2LDMMH9FyJBvgnc1JSWao8SrLCtm7Kf1BCXIooph Subject: [FFmpeg-devel] [PATCH 3/3] tools/target_dec_fuzzer: limit per frame samples for APE X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" APE in its highest compression mode is really slow so even one frame of millions of samples takes a long time Fixes: Timeout (too long -> 3sec) Fixes: 19937/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5751668818051072 Signed-off-by: Michael Niedermayer --- tools/target_dec_fuzzer.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c index 2d9d28b46d..ccbb949b29 100644 --- a/tools/target_dec_fuzzer.c +++ b/tools/target_dec_fuzzer.c @@ -93,7 +93,7 @@ const uint32_t maxiteration = 8096; const uint64_t maxpixels_per_frame = 4096 * 4096; uint64_t maxpixels; -const uint64_t maxsamples_per_frame = 256*1024*32; +uint64_t maxsamples_per_frame = 256*1024*32; uint64_t maxsamples; static const uint64_t FUZZ_TAG = 0x4741542D5A5A5546ULL; @@ -133,6 +133,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { case AVMEDIA_TYPE_VIDEO : decode_handler = avcodec_decode_video2; break; case AVMEDIA_TYPE_SUBTITLE: decode_handler = subtitle_handler ; break; } + switch (c->id) { + case AV_CODEC_ID_APE: maxsamples_per_frame /= 256; break; + } maxpixels = maxpixels_per_frame * maxiteration; maxsamples = maxsamples_per_frame * maxiteration; switch (c->id) {