diff --git a/libavcodec/alsdec.c b/libavcodec/alsdec.c index 2cafce8cb339818e83273a2705ee4cc2b27219bf..6fcee2a1b1437a1f63187834d3c4d3f18647e1c9 100644 --- a/libavcodec/alsdec.c +++ b/libavcodec/alsdec.c @@ -2118,8 +2118,8 @@ static av_cold int decode_init(AVCodecContext *avctx) ctx->nbits = av_malloc_array(ctx->cur_frame_length, sizeof(*ctx->nbits)); ctx->mlz = av_mallocz(sizeof(*ctx->mlz)); - if (!ctx->mlz || !ctx->acf || !ctx->shift_value || !ctx->last_shift_value - || !ctx->last_acf_mantissa || !ctx->raw_mantissa) { + if (!ctx->larray || !ctx->nbits || !ctx->mlz || !ctx->acf || !ctx->shift_value + || !ctx->last_shift_value || !ctx->last_acf_mantissa || !ctx->raw_mantissa) { av_log(avctx, AV_LOG_ERROR, "Allocating buffer memory failed.\n"); return AVERROR(ENOMEM); } @@ -2131,6 +2131,10 @@ static av_cold int decode_init(AVCodecContext *avctx) for (c = 0; c < channels; ++c) { ctx->raw_mantissa[c] = av_calloc(ctx->cur_frame_length, sizeof(**ctx->raw_mantissa)); + if (!ctx->raw_mantissa[c]) { + av_log(avctx, AV_LOG_ERROR, "Allocating buffer memory failed.\n"); + return AVERROR(ENOMEM); + } } } diff --git a/libavcodec/cfhd.c b/libavcodec/cfhd.c index 5adb0b2008f4e3f0f097e283528e005419753e30..44f6e595384668516e15e6ce4a7cc9ddd3ddebb0 100644 --- a/libavcodec/cfhd.c +++ b/libavcodec/cfhd.c @@ -27,6 +27,7 @@ #include "libavutil/buffer.h" #include "libavutil/common.h" #include "libavutil/imgutils.h" +#include "libavutil/imgutils.h" #include "libavutil/intreadwrite.h" #include "libavutil/opt.h" @@ -275,6 +276,9 @@ static int alloc_buffers(AVCodecContext *avctx) int height = (i || bayer) ? s->coded_height >> chroma_y_shift : s->coded_height; ptrdiff_t stride = (FFALIGN(width / 8, 8) + 64) * 8; + if ((ret = av_image_check_size2(stride, height, avctx->max_pixels, s->coded_format, 0, avctx)) < 0) + return ret; + if (chroma_y_shift && !bayer) height = FFALIGN(height / 8, 2) * 8; s->plane[i].width = width; diff --git a/libavcodec/dvbsubenc.c b/libavcodec/dvbsubenc.c index 06087b058d0d17b7d79d38b05b344591b78e23b7..d5cebf9506c18b470631101d99ab72e0043c100c 100644 --- a/libavcodec/dvbsubenc.c +++ b/libavcodec/dvbsubenc.c @@ -326,24 +326,23 @@ static int dvbsub_encode(AVCodecContext *avctx, uint8_t *outbuf, int buf_size, if (h->num_rects) { for (clut_id = 0; clut_id < h->num_rects; clut_id++) { - if (buf_size < 6 + h->rects[clut_id]->nb_colors * 6) - return AVERROR_BUFFER_TOO_SMALL; - /* CLUT segment */ - if (h->rects[clut_id]->nb_colors <= 4) { + if (h->rects[clut_id]->nb_colors <= 4U) { /* 2 bpp, some decoders do not support it correctly */ bpp_index = 0; - } else if (h->rects[clut_id]->nb_colors <= 16) { + } else if (h->rects[clut_id]->nb_colors <= 16U) { /* 4 bpp, standard encoding */ bpp_index = 1; - } else if (h->rects[clut_id]->nb_colors <= 256) { + } else if (h->rects[clut_id]->nb_colors <= 256U) { /* 8 bpp, standard encoding */ bpp_index = 2; } else { return AVERROR(EINVAL); } + if (buf_size < 6 + h->rects[clut_id]->nb_colors * 6) + return AVERROR_BUFFER_TOO_SMALL; /* CLUT segment */ *q++ = 0x0f; /* sync byte */ diff --git a/libavcodec/jfdctint_template.c b/libavcodec/jfdctint_template.c index 67fb77b5e12010f1c34d5c599c9d7e8c234e20a7..2f4e28b3a362875326f32b232ebad98acbdff94d 100644 --- a/libavcodec/jfdctint_template.c +++ b/libavcodec/jfdctint_template.c @@ -69,7 +69,7 @@ #define GLOBAL(x) x #define RIGHT_SHIFT(x, n) ((x) >> (n)) #define MULTIPLY16C16(var,const) ((var)*(const)) -#define DESCALE(x,n) RIGHT_SHIFT((x) + (1 << ((n) - 1)), n) +#define DESCALE(x,n) RIGHT_SHIFT((int)(x) + (1 << ((n) - 1)), n) /* @@ -175,7 +175,7 @@ #if BITS_IN_JSAMPLE == 8 && CONST_BITS<=13 && PASS1_BITS<=2 #define MULTIPLY(var,const) MULTIPLY16C16(var,const) #else -#define MULTIPLY(var,const) ((var) * (const)) +#define MULTIPLY(var,const) (int)((var) * (unsigned)(const)) #endif @@ -261,7 +261,7 @@ FUNC(ff_jpeg_fdct_islow)(int16_t *data) { int tmp0, tmp1, tmp2, tmp3, tmp4, tmp5, tmp6, tmp7; int tmp10, tmp11, tmp12, tmp13; - int z1, z2, z3, z4, z5; + unsigned z1, z2, z3, z4, z5; int16_t *dataptr; int ctr; diff --git a/libavcodec/pnmdec.c b/libavcodec/pnmdec.c index bb2ce53496352e6a648e617e931e09fe17ec55a8..8bd87ac1e3bbc5b15e87e82779c91c963f618ddf 100644 --- a/libavcodec/pnmdec.c +++ b/libavcodec/pnmdec.c @@ -260,7 +260,7 @@ static int pnm_decode_frame(AVCodecContext *avctx, AVFrame *p, break; case AV_PIX_FMT_GBRPF32: if (!s->half) { - if (avctx->width * avctx->height * 12 > s->bytestream_end - s->bytestream) + if (avctx->width * avctx->height * 12LL > s->bytestream_end - s->bytestream) return AVERROR_INVALIDDATA; scale = 1.f / s->scale; if (s->endian) { diff --git a/libavcodec/sanm.c b/libavcodec/sanm.c index 7f094c8bbfc2af5e0d9d7f60e58a3fc00fef2116..a76922d69c41a5f51ff0eb15f072f4dddf06a6f6 100644 --- a/libavcodec/sanm.c +++ b/libavcodec/sanm.c @@ -558,18 +558,18 @@ static int rle_decode(SANMVideoContext *ctx, uint8_t *dst, const int out_size) static int old_codec1(SANMVideoContext *ctx, int top, int left, int width, int height) { - uint8_t *dst = ((uint8_t *)ctx->frm0) + left + top * ctx->pitch; - int i, j, len, flag, code, val, pos, end; + int i, j, len, flag, code, val, end, pxoff; + const int maxpxo = ctx->height * ctx->pitch; + uint8_t *dst = (uint8_t *)ctx->frm0; for (i = 0; i < height; i++) { - pos = 0; - if (bytestream2_get_bytes_left(&ctx->gb) < 2) return AVERROR_INVALIDDATA; len = bytestream2_get_le16u(&ctx->gb); end = bytestream2_tell(&ctx->gb) + len; + pxoff = left + ((top + i) * ctx->pitch); while (bytestream2_tell(&ctx->gb) < end) { if (bytestream2_get_bytes_left(&ctx->gb) < 2) return AVERROR_INVALIDDATA; @@ -577,25 +577,28 @@ static int old_codec1(SANMVideoContext *ctx, int top, code = bytestream2_get_byteu(&ctx->gb); flag = code & 1; code = (code >> 1) + 1; - if (pos + code > width) - return AVERROR_INVALIDDATA; if (flag) { val = bytestream2_get_byteu(&ctx->gb); - if (val) - memset(dst + pos, val, code); - pos += code; + if (val) { + for (j = 0; j < code; j++) { + if (pxoff >= 0 && pxoff < maxpxo) + *(dst + pxoff) = val; + pxoff++; + } + } else { + pxoff += code; + } } else { if (bytestream2_get_bytes_left(&ctx->gb) < code) return AVERROR_INVALIDDATA; for (j = 0; j < code; j++) { val = bytestream2_get_byteu(&ctx->gb); - if (val) - dst[pos] = val; - pos++; + if ((pxoff >= 0) && (pxoff < maxpxo) && val) + *(dst + pxoff) = val; + pxoff++; } } } - dst += ctx->pitch; } ctx->rotate_code = 0; @@ -951,8 +954,8 @@ static int old_codec47(SANMVideoContext *ctx, int top, static int process_frame_obj(SANMVideoContext *ctx) { uint16_t codec = bytestream2_get_le16u(&ctx->gb); - uint16_t left = bytestream2_get_le16u(&ctx->gb); - uint16_t top = bytestream2_get_le16u(&ctx->gb); + int16_t left = bytestream2_get_le16u(&ctx->gb); + int16_t top = bytestream2_get_le16u(&ctx->gb); uint16_t w = bytestream2_get_le16u(&ctx->gb); uint16_t h = bytestream2_get_le16u(&ctx->gb); diff --git a/libavcodec/sonic.c b/libavcodec/sonic.c index 2fc8a1f6f46a7c59d62d6a51b510f1a570279414..b94bd60575b47ab4690c9dee2cc9bc09c605a497 100644 --- a/libavcodec/sonic.c +++ b/libavcodec/sonic.c @@ -921,7 +921,10 @@ static av_cold int sonic_decode_init(AVCodecContext *avctx) s->num_taps = (get_bits(&gb, 5)+1)<<5; if (get_bits1(&gb)) // XXX FIXME - av_log(avctx, AV_LOG_INFO, "Custom quant table\n"); + + + if (s->num_taps > 128) + return AVERROR_INVALIDDATA; s->block_align = 2048LL*s->samplerate/(44100*s->downsampling); s->frame_size = s->channels*s->block_align*s->downsampling; diff --git a/libavcodec/sunrast.c b/libavcodec/sunrast.c index 9d0e91f604ff6c77dd7cd31257f0514869a7e9c9..29f656d2bd0e2091e3b668689799c37d38156a25 100644 --- a/libavcodec/sunrast.c +++ b/libavcodec/sunrast.c @@ -162,8 +162,10 @@ static int sunrast_decode_frame(AVCodecContext *avctx, AVFrame *p, x = 0; while (ptr != end && buf < buf_end) { run = 1; - if (buf_end - buf < 1) + if (buf_end - buf < 1) { + av_freep(&ptr2); return AVERROR_INVALIDDATA; + } if ((value = *buf++) == RLE_TRIGGER) { run = *buf++ + 1; diff --git a/libavcodec/takdec.c b/libavcodec/takdec.c index 47978fcd4beb5680c68502b9ac7deb295e32458c..35bd0024dc0ef80d3bf1d554b953083d69c04643 100644 --- a/libavcodec/takdec.c +++ b/libavcodec/takdec.c @@ -432,6 +432,9 @@ static int decode_subframe(TAKDecContext *s, int32_t *decoded, return AVERROR_INVALIDDATA; } + if (get_bits_left(gb) < 2*10 + 2*size) + return AVERROR_INVALIDDATA; + s->predictors[0] = get_sbits(gb, 10); s->predictors[1] = get_sbits(gb, 10); s->predictors[2] = get_sbits(gb, size) * (1 << (10 - size)); diff --git a/libavcodec/vc1_block.c b/libavcodec/vc1_block.c index 119df4081dda28c3e3eca232028fd42a08af5862..78a15dd0630533e2884afb8133f1b73efaeeddb4 100644 --- a/libavcodec/vc1_block.c +++ b/libavcodec/vc1_block.c @@ -1302,6 +1302,7 @@ static int vc1_decode_p_mb(VC1Context *v) int dst_idx, off; int skipped, fourmv; int block_cbp = 0, pat, block_tt = 0, block_intra = 0; + int ret; mquant = v->pq; /* lossy initialization */ @@ -1360,8 +1361,10 @@ static int vc1_decode_p_mb(VC1Context *v) if (i == 1 || i == 3 || s->mb_x) v->c_avail = v->mb_type[0][s->block_index[i] - 1]; - vc1_decode_intra_block(v, v->block[v->cur_blk_idx][block_map[i]], i, val, mquant, - (i & 4) ? v->codingset2 : v->codingset); + ret = vc1_decode_intra_block(v, v->block[v->cur_blk_idx][block_map[i]], i, val, mquant, + (i & 4) ? v->codingset2 : v->codingset); + if (ret < 0) + return ret; if (CONFIG_GRAY && (i > 3) && (s->avctx->flags & AV_CODEC_FLAG_GRAY)) continue; v->vc1dsp.vc1_inv_trans_8x8(v->block[v->cur_blk_idx][block_map[i]]); @@ -1463,8 +1466,10 @@ static int vc1_decode_p_mb(VC1Context *v) if (i == 1 || i == 3 || s->mb_x) v->c_avail = v->mb_type[0][s->block_index[i] - 1]; - vc1_decode_intra_block(v, v->block[v->cur_blk_idx][block_map[i]], i, is_coded[i], mquant, - (i & 4) ? v->codingset2 : v->codingset); + ret = vc1_decode_intra_block(v, v->block[v->cur_blk_idx][block_map[i]], i, is_coded[i], mquant, + (i & 4) ? v->codingset2 : v->codingset); + if (ret < 0) + return ret; if (CONFIG_GRAY && (i > 3) && (s->avctx->flags & AV_CODEC_FLAG_GRAY)) continue; v->vc1dsp.vc1_inv_trans_8x8(v->block[v->cur_blk_idx][block_map[i]]); @@ -1535,6 +1540,7 @@ static int vc1_decode_p_mb_intfr(VC1Context *v) int block_cbp = 0, pat, block_tt = 0; int idx_mbmode = 0, mvbp; int fieldtx; + int ret; mquant = v->pq; /* Lossy initialization */ @@ -1607,8 +1613,10 @@ static int vc1_decode_p_mb_intfr(VC1Context *v) if (i == 1 || i == 3 || s->mb_x) v->c_avail = v->mb_type[0][s->block_index[i] - 1]; - vc1_decode_intra_block(v, v->block[v->cur_blk_idx][block_map[i]], i, val, mquant, - (i & 4) ? v->codingset2 : v->codingset); + ret = vc1_decode_intra_block(v, v->block[v->cur_blk_idx][block_map[i]], i, val, mquant, + (i & 4) ? v->codingset2 : v->codingset); + if (ret < 0) + return ret; if (CONFIG_GRAY && (i > 3) && (s->avctx->flags & AV_CODEC_FLAG_GRAY)) continue; v->vc1dsp.vc1_inv_trans_8x8(v->block[v->cur_blk_idx][block_map[i]]); @@ -1744,6 +1752,7 @@ static int vc1_decode_p_mb_intfi(VC1Context *v) int pred_flag = 0; int block_cbp = 0, pat, block_tt = 0; int idx_mbmode = 0; + int ret; mquant = v->pq; /* Lossy initialization */ @@ -1775,8 +1784,10 @@ static int vc1_decode_p_mb_intfi(VC1Context *v) if (i == 1 || i == 3 || s->mb_x) v->c_avail = v->mb_type[0][s->block_index[i] - 1]; - vc1_decode_intra_block(v, v->block[v->cur_blk_idx][block_map[i]], i, val, mquant, - (i & 4) ? v->codingset2 : v->codingset); + ret = vc1_decode_intra_block(v, v->block[v->cur_blk_idx][block_map[i]], i, val, mquant, + (i & 4) ? v->codingset2 : v->codingset); + if (ret < 0) + return ret; if (CONFIG_GRAY && (i > 3) && (s->avctx->flags & AV_CODEC_FLAG_GRAY)) continue; v->vc1dsp.vc1_inv_trans_8x8(v->block[v->cur_blk_idx][block_map[i]]); @@ -1867,6 +1878,7 @@ static int vc1_decode_b_mb(VC1Context *v) int skipped, direct; int dmv_x[2], dmv_y[2]; int bmvtype = BMV_TYPE_BACKWARD; + int ret; mquant = v->pq; /* lossy initialization */ s->mb_intra = 0; @@ -1979,8 +1991,10 @@ static int vc1_decode_b_mb(VC1Context *v) if (i == 1 || i == 3 || s->mb_x) v->c_avail = v->mb_type[0][s->block_index[i] - 1]; - vc1_decode_intra_block(v, s->block[i], i, val, mquant, - (i & 4) ? v->codingset2 : v->codingset); + ret = vc1_decode_intra_block(v, s->block[i], i, val, mquant, + (i & 4) ? v->codingset2 : v->codingset); + if (ret < 0) + return ret; if (CONFIG_GRAY && (i > 3) && (s->avctx->flags & AV_CODEC_FLAG_GRAY)) continue; v->vc1dsp.vc1_inv_trans_8x8(s->block[i]); @@ -2026,6 +2040,7 @@ static int vc1_decode_b_mb_intfi(VC1Context *v) int bmvtype = BMV_TYPE_BACKWARD; int block_cbp = 0, pat, block_tt = 0; int idx_mbmode; + int ret; mquant = v->pq; /* Lossy initialization */ s->mb_intra = 0; @@ -2058,8 +2073,10 @@ static int vc1_decode_b_mb_intfi(VC1Context *v) if (i == 1 || i == 3 || s->mb_x) v->c_avail = v->mb_type[0][s->block_index[i] - 1]; - vc1_decode_intra_block(v, s->block[i], i, val, mquant, - (i & 4) ? v->codingset2 : v->codingset); + ret = vc1_decode_intra_block(v, s->block[i], i, val, mquant, + (i & 4) ? v->codingset2 : v->codingset); + if (ret < 0) + return ret; if (CONFIG_GRAY && (i > 3) && (s->avctx->flags & AV_CODEC_FLAG_GRAY)) continue; v->vc1dsp.vc1_inv_trans_8x8(s->block[i]); @@ -2196,6 +2213,7 @@ static int vc1_decode_b_mb_intfr(VC1Context *v) int stride_y, fieldtx; int bmvtype = BMV_TYPE_BACKWARD; int dir, dir2; + int ret; mquant = v->pq; /* Lossy initialization */ s->mb_intra = 0; @@ -2252,8 +2270,10 @@ static int vc1_decode_b_mb_intfr(VC1Context *v) if (i == 1 || i == 3 || s->mb_x) v->c_avail = v->mb_type[0][s->block_index[i] - 1]; - vc1_decode_intra_block(v, s->block[i], i, val, mquant, - (i & 4) ? v->codingset2 : v->codingset); + ret = vc1_decode_intra_block(v, s->block[i], i, val, mquant, + (i & 4) ? v->codingset2 : v->codingset); + if (ret < 0) + return ret; if (CONFIG_GRAY && i > 3 && (s->avctx->flags & AV_CODEC_FLAG_GRAY)) continue; v->vc1dsp.vc1_inv_trans_8x8(s->block[i]); @@ -2797,6 +2817,7 @@ static void vc1_decode_p_blocks(VC1Context *v) { MpegEncContext *s = &v->s; int apply_loop_filter; + int ret; /* select coding mode used for VLC tables selection */ switch (v->c_ac_table_index) { @@ -2839,22 +2860,22 @@ static void vc1_decode_p_blocks(VC1Context *v) } if (v->fcm == ILACE_FIELD) { - vc1_decode_p_mb_intfi(v); + ret = vc1_decode_p_mb_intfi(v); if (apply_loop_filter) ff_vc1_p_loop_filter(v); } else if (v->fcm == ILACE_FRAME) { - vc1_decode_p_mb_intfr(v); + ret = vc1_decode_p_mb_intfr(v); if (apply_loop_filter) ff_vc1_p_intfr_loop_filter(v); } else { - vc1_decode_p_mb(v); + ret = vc1_decode_p_mb(v); if (apply_loop_filter) ff_vc1_p_loop_filter(v); } - if (get_bits_left(&s->gb) < 0 || get_bits_count(&s->gb) < 0) { + if (ret < 0 || get_bits_left(&s->gb) < 0 || get_bits_count(&s->gb) < 0) { // TODO: may need modification to handle slice coding ff_er_add_slice(&s->er, 0, s->start_mb_y, s->mb_x, s->mb_y, ER_MB_ERROR); - av_log(s->avctx, AV_LOG_ERROR, "Bits overconsumption: %i > %i at %ix%i\n", + av_log(s->avctx, AV_LOG_ERROR, "Error or Bits overconsumption: %i > %i at %ix%i\n", get_bits_count(&s->gb), s->gb.size_in_bits, s->mb_x, s->mb_y); return; } diff --git a/libavfilter/af_pan.c b/libavfilter/af_pan.c index 067f64680537b0e4b6d3017b4f34ab66cbbe42bc..11f52e76b5977f7af6abdbdcca182be8590146b0 100644 --- a/libavfilter/af_pan.c +++ b/libavfilter/af_pan.c @@ -165,7 +165,7 @@ static av_cold int init(AVFilterContext *ctx) sign = 1; while (1) { gain = 1; - if (sscanf(arg, "%lf%n *%n", &gain, &len, &len)) + if (sscanf(arg, "%lf%n *%n", &gain, &len, &len) >= 1) arg += len; if (parse_channel_name(&arg, &in_ch_id, &named)){ av_log(ctx, AV_LOG_ERROR, diff --git a/libavfilter/vf_avgblur_opencl.c b/libavfilter/vf_avgblur_opencl.c index 8fccd7bd0d5ead12d683bf60e9e22aad25f4872b..0075a314abe0f1c5aad15096e5c1194c8e073d4d 100644 --- a/libavfilter/vf_avgblur_opencl.c +++ b/libavfilter/vf_avgblur_opencl.c @@ -47,8 +47,8 @@ typedef struct AverageBlurOpenCLContext { FilterParam luma_param; FilterParam chroma_param; FilterParam alpha_param; - int radius[4]; - int power[4]; + int radius[AV_VIDEO_MAX_PLANES]; + int power[AV_VIDEO_MAX_PLANES]; } AverageBlurOpenCLContext; @@ -101,7 +101,7 @@ static int avgblur_opencl_make_filter_params(AVFilterLink *inlink) s->radiusV = s->radiusH; } - for (i = 0; i < 4; i++) { + for (i = 0; i < AV_VIDEO_MAX_PLANES; i++) { s->power[i] = 1; } return 0; @@ -133,7 +133,7 @@ static int boxblur_opencl_make_filter_params(AVFilterLink *inlink) s->power[U] = s->power[V] = s->chroma_param.power; s->power[A] = s->alpha_param.power; - for (i = 0; i < 4; i++) { + for (i = 0; i < AV_VIDEO_MAX_PLANES; i++) { if (s->power[i] == 0) { s->power[i] = 1; s->radius[i] = 0; @@ -191,7 +191,7 @@ static int avgblur_opencl_filter_frame(AVFilterLink *inlink, AVFrame *input) goto fail; } - for (p = 0; p < FF_MIN(FF_ARRAY_ELEMS(output->data), 4); p++) { + for (p = 0; p < FFMIN(FF_ARRAY_ELEMS(output->data), AV_VIDEO_MAX_PLANES); p++) { src = (cl_mem) input->data[p]; dst = (cl_mem) output->data[p]; inter = (cl_mem)intermediate->data[p]; diff --git a/libavfilter/vf_codecview.c b/libavfilter/vf_codecview.c index cddb3e53685193ff22e81875bbe82c94be082564..56a19dc47623f3ff94d7d88472af60d7ba9b731f 100644 --- a/libavfilter/vf_codecview.c +++ b/libavfilter/vf_codecview.c @@ -215,9 +215,6 @@ static void draw_block_rectangle(uint8_t *buf, int sx, int sy, int w, int h, int buf[sx + w - 1] = color; buf += stride; } - - for (int x = sx; x < sx + w; x++) - buf[x] = color; } static int filter_frame(AVFilterLink *inlink, AVFrame *frame) diff --git a/libavfilter/vf_tonemap_opencl.c b/libavfilter/vf_tonemap_opencl.c index f6ebb694a81a1c0123737a26a3f5ed2c753492de..33f8f07cefcdfc1089911f10a1810813554893a6 100644 --- a/libavfilter/vf_tonemap_opencl.c +++ b/libavfilter/vf_tonemap_opencl.c @@ -343,8 +343,7 @@ static int tonemap_opencl_filter_frame(AVFilterLink *inlink, AVFrame *input) int err; double peak = ctx->peak; - AVHWFramesContext *input_frames_ctx = - (AVHWFramesContext*)input->hw_frames_ctx->data; + AVHWFramesContext *input_frames_ctx; av_log(ctx, AV_LOG_DEBUG, "Filter input: %s, %ux%u (%"PRId64").\n", av_get_pix_fmt_name(input->format), @@ -352,6 +351,7 @@ static int tonemap_opencl_filter_frame(AVFilterLink *inlink, AVFrame *input) if (!input->hw_frames_ctx) return AVERROR(EINVAL); + input_frames_ctx = (AVHWFramesContext*)input->hw_frames_ctx->data; output = ff_get_video_buffer(outlink, outlink->w, outlink->h); if (!output) { diff --git a/libavformat/concatdec.c b/libavformat/concatdec.c index 806b570cdfefbb6f29aff26d332007eca8f02d35..841c0f35a247fc8c500021a6dad68e01ede49f53 100644 --- a/libavformat/concatdec.c +++ b/libavformat/concatdec.c @@ -324,7 +324,7 @@ static int64_t get_best_effort_duration(ConcatFile *file, AVFormatContext *avf) if (file->outpoint != AV_NOPTS_VALUE) return file->outpoint - file->file_inpoint; if (avf->duration > 0) - return avf->duration - (file->file_inpoint - file->file_start_time); + return av_sat_sub64(avf->duration, file->file_inpoint - file->file_start_time); if (file->next_dts != AV_NOPTS_VALUE) return file->next_dts - file->file_inpoint; return AV_NOPTS_VALUE; diff --git a/libavformat/dxa.c b/libavformat/dxa.c index 76ca51d750573aa8066ce331620974ef6f69e532..69d528b4c450fd57125488ff0956063b592244fa 100644 --- a/libavformat/dxa.c +++ b/libavformat/dxa.c @@ -124,7 +124,7 @@ static int dxa_read_header(AVFormatContext *s) if(ast->codecpar->block_align) { if (c->bpc > INT_MAX - ast->codecpar->block_align + 1) return AVERROR_INVALIDDATA; - c->bpc = ((c->bpc + ast->codecpar->block_align - 1) / ast->codecpar->block_align) * ast->codecpar->block_align; + c->bpc = ((c->bpc - 1 + ast->codecpar->block_align) / ast->codecpar->block_align) * ast->codecpar->block_align; } c->bytes_left = fsize; c->wavpos = avio_tell(pb); diff --git a/libavformat/mlvdec.c b/libavformat/mlvdec.c index db3b77bb9b83d82375e49f48d6127ae2e80749fa..6b3e8b727dedd9e544451d8c837e235007827a62 100644 --- a/libavformat/mlvdec.c +++ b/libavformat/mlvdec.c @@ -432,19 +432,25 @@ static int read_packet(AVFormatContext *avctx, AVPacket *pkt) if (size < 16) return AVERROR_INVALIDDATA; avio_skip(pb, 12); //timestamp, frameNumber - if (st->codecpar->codec_type == AVMEDIA_TYPE_VIDEO) + size -= 12; + if (st->codecpar->codec_type == AVMEDIA_TYPE_VIDEO) { + if (size < 8) + return AVERROR_INVALIDDATA; avio_skip(pb, 8); // cropPosX, cropPosY, panPosX, panPosY + size -= 8; + } space = avio_rl32(pb); + if (size < space + 4LL) + return AVERROR_INVALIDDATA; avio_skip(pb, space); + size -= space; if ((mlv->class[st->id] & (MLV_CLASS_FLAG_DELTA|MLV_CLASS_FLAG_LZMA))) { ret = AVERROR_PATCHWELCOME; } else if (st->codecpar->codec_type == AVMEDIA_TYPE_VIDEO) { ret = av_get_packet(pb, pkt, (st->codecpar->width * st->codecpar->height * st->codecpar->bits_per_coded_sample + 7) >> 3); } else { // AVMEDIA_TYPE_AUDIO - if (space > UINT_MAX - 24 || size < (24 + space)) - return AVERROR_INVALIDDATA; - ret = av_get_packet(pb, pkt, size - (24 + space)); + ret = av_get_packet(pb, pkt, size - 4); } if (ret < 0) diff --git a/libavformat/movenc.c b/libavformat/movenc.c index b9617a1ea42cbedd9b767d62c3ca093686062244..5281bb52fac0c64b32e1acc371c49620450ed845 100644 --- a/libavformat/movenc.c +++ b/libavformat/movenc.c @@ -6461,9 +6461,9 @@ static int mov_flush_fragment(AVFormatContext *s, int force) int buf_size, write_moof = 1, moof_tracks = -1; uint8_t *buf; + if (!track->entry) + continue; if (mov->flags & FF_MOV_FLAG_SEPARATE_MOOF) { - if (!track->entry) - continue; mdat_size = avio_tell(track->mdat_buf); moof_tracks = i; } else { diff --git a/libavformat/qcp.c b/libavformat/qcp.c index 8d80b726a53698cca7c375212ab1d17d157d0563..cbc5d0a065621411a0a0c84643d77e9d458402af 100644 --- a/libavformat/qcp.c +++ b/libavformat/qcp.c @@ -104,7 +104,8 @@ static int qcp_read_header(AVFormatContext *s) st->codecpar->codec_type = AVMEDIA_TYPE_AUDIO; st->codecpar->ch_layout = (AVChannelLayout)AV_CHANNEL_LAYOUT_MONO; - avio_read(pb, buf, 16); + if (avio_read(pb, buf, 16) != 16) + return AVERROR_INVALIDDATA; if (is_qcelp_13k_guid(buf)) { st->codecpar->codec_id = AV_CODEC_ID_QCELP; } else if (!memcmp(buf, guid_evrc, 16)) { diff --git a/libavformat/rtpdec_asf.c b/libavformat/rtpdec_asf.c index 72ead6975a0f75b6f9b7dc92bd03bdd2a30d11b8..4a32b7ac12c25fb438aa2e6e96f9c4a095136086 100644 --- a/libavformat/rtpdec_asf.c +++ b/libavformat/rtpdec_asf.c @@ -119,8 +119,10 @@ int ff_wms_parse_sdp_a_line(AVFormatContext *s, const char *p) avformat_close_input(&rt->asf_ctx); } - if (!(iformat = av_find_input_format("asf"))) + if (!(iformat = av_find_input_format("asf"))) { + av_free(buf); return AVERROR_DEMUXER_NOT_FOUND; + } rt->asf_ctx = avformat_alloc_context(); if (!rt->asf_ctx) { diff --git a/libavformat/sbgdec.c b/libavformat/sbgdec.c index fdcee0b45238e2fcfc060a6bf8fe76d5b3fb9426..eb986029272da0b2ad24b142f86cf697fda360a7 100644 --- a/libavformat/sbgdec.c +++ b/libavformat/sbgdec.c @@ -1446,8 +1446,10 @@ static av_cold int sbg_read_header(AVFormatContext *avf) } st = avformat_new_stream(avf, NULL); - if (!st) - return AVERROR(ENOMEM); + if (!st) { + r = AVERROR(ENOMEM); + goto fail; + } sti = ffstream(st); st->codecpar->codec_type = AVMEDIA_TYPE_AUDIO; st->codecpar->codec_id = AV_CODEC_ID_FFWAVESYNTH; diff --git a/libavformat/subfile.c b/libavformat/subfile.c index 2936c79e06c6fd85331fcfe4b5cf9562e4c15f68..ac12f042609e3da01fecf21d82bf270318691ca8 100644 --- a/libavformat/subfile.c +++ b/libavformat/subfile.c @@ -128,13 +128,13 @@ static int64_t subfile_seek(URLContext *h, int64_t pos, int whence) return end - c->start; switch (whence) { case SEEK_SET: - new_pos = c->start + pos; + new_pos = c->start + av_clip(pos, 0, end - c->start); break; case SEEK_CUR: - new_pos = c->pos + pos; + new_pos = c->pos + av_clip(pos, -(c->pos - c->start), end - c->pos); break; case SEEK_END: - new_pos = end + pos; + new_pos = end + av_clip(pos, -(end - c->start), 0); break; } if (new_pos < c->start) diff --git a/libpostproc/postprocess.c b/libpostproc/postprocess.c index 383c691cb4b55e9c6e608772d52932c4041123cf..f18513168934194ba8f2fc5fc6c28b1a2f52ff08 100644 --- a/libpostproc/postprocess.c +++ b/libpostproc/postprocess.c @@ -926,6 +926,11 @@ void pp_postprocess(const uint8_t * src[3], const int srcStride[3], int minStride= FFMAX(FFABS(srcStride[0]), FFABS(dstStride[0])); int absQPStride = FFABS(QPStride); + if (width < 16 || height < 16) { + av_log(c, AV_LOG_ERROR, "Postproc is designed to filter 16x16 macroblock based formats, the minimum size is 1 macroblock\n"); + return; + } + // c->stride and c->QPStride are always positive if(c->stride < minStride || c->qpStride < absQPStride) reallocBuffers(c, width, height, diff --git a/tests/fate/mov.mak b/tests/fate/mov.mak index 8a7218a215801297546b0e6bb53aa737bea4e2b6..008c0896d0e03f49267e1ffc9f5a540e60c081c6 100644 --- a/tests/fate/mov.mak +++ b/tests/fate/mov.mak @@ -86,6 +86,11 @@ fate-mov-ibi-elst-starts-b: CMD = framemd5 -flags +bitexact -i $(TARGET_SAMPLES) # Makes sure that we handle overlapping framgments fate-mov-frag-overlap: CMD = framemd5 -i $(TARGET_SAMPLES)/mov/frag_overlap.mp4 +fate-mov-mp4-frag-flush: CMD = md5 -f lavfi -i color=blue,format=rgb24,trim=duration=0.04 -f lavfi -i anullsrc,aformat=s16,atrim=duration=2 -c:v png -c:a pcm_s16le -movflags +empty_moov+hybrid_fragmented -frag_duration 1000000 -frag_interleave 1 -f mp4 +fate-mov-mp4-frag-flush: CMP = oneline +fate-mov-mp4-frag-flush: REF = a10c0e2e2dfc120f31ca5e59e0e4392a +FATE_MOV-$(call ALLYES, LAVFI_INDEV, COLOR_FILTER, FORMAT_FILTER, TRIM_FILTER, ANULL_FILTER, AFORMAT_FILTER, ATRIM_FILTER, PNG_ENCODER, PCM_S16LE_ENCODER, MOV_MUXER) += fate-mov-mp4-frag-flush + # Makes sure that we pick the right frames according to edit list when there is no keyframe with PTS < edit list start. # For example, when video starts on a B-frame, and edit list starts on that B-frame too. # GOP structure : B B I in presentation order.