[FFmpeg-devel] [PATCH 1/2] avcodec/pictordec: Check that the image fits in the input

[FFmpeg-devel] [PATCH 1/2] avcodec/pictordec: Check that the image fits in the input

[Michael Niedermayer]

Fixes: Timeout
Fixes: 53438/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PICTOR_fuzzer-5458939919859712

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpe
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/pictordec.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavcodec/pictordec.c b/libavcodec/pictordec.c
index 71bad40a0a..09229b94fd 100644
--- a/libavcodec/pictordec.c
+++ b/libavcodec/pictordec.c
@@ -162,6 +162,9 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *frame,
 
     if (av_image_check_size(s->width, s->height, 0, avctx) < 0)
         return -1;
+    if (bytestream2_get_bytes_left(&s->g) < s->width * s->height / 65536 * 5)
+        return AVERROR_INVALIDDATA;
+
     if (s->width != avctx->width || s->height != avctx->height) {
         ret = ff_set_dimensions(avctx, s->width, s->height);
         if (ret < 0)
-- 
2.17.1

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH 2/2] avcodec/ffv1dec: restructure slice coordinate reading a bit

[Michael Niedermayer]

Fixes: signed integer overflow: -1094995528 * 8224 cannot be represented in type 'int'
Fixes: 53508/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFV1_fuzzer-474551033462784

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/ffv1dec.c | 63 +++++++++++++++++++++++++-------------------
 1 file changed, 36 insertions(+), 27 deletions(-)

diff --git a/libavcodec/ffv1dec.c b/libavcodec/ffv1dec.c
index b1cfc4bf57..e489030d3b 100644
--- a/libavcodec/ffv1dec.c
+++ b/libavcodec/ffv1dec.c
@@ -169,23 +169,28 @@ static int decode_slice_header(const FFV1Context *f, FFV1Context *fs)
     uint8_t state[CONTEXT_SIZE];
     unsigned ps, i, context_count;
     memset(state, 128, sizeof(state));
+    int sx = get_symbol(c, state, 0);
+    int sy = get_symbol(c, state, 0);
+    int sw = get_symbol(c, state, 0) + 1U;
+    int sh = get_symbol(c, state, 0) + 1U;
 
     av_assert0(f->version > 2);
 
-    fs->slice_x      =  get_symbol(c, state, 0)      * f->width ;
-    fs->slice_y      =  get_symbol(c, state, 0)      * f->height;
-    fs->slice_width  = (get_symbol(c, state, 0) + 1) * f->width  + fs->slice_x;
-    fs->slice_height = (get_symbol(c, state, 0) + 1) * f->height + fs->slice_y;
-
-    fs->slice_x /= f->num_h_slices;
-    fs->slice_y /= f->num_v_slices;
-    fs->slice_width  = fs->slice_width /f->num_h_slices - fs->slice_x;
-    fs->slice_height = fs->slice_height/f->num_v_slices - fs->slice_y;
-    if ((unsigned)fs->slice_width > f->width || (unsigned)fs->slice_height > f->height)
-        return -1;
-    if (    (unsigned)fs->slice_x + (uint64_t)fs->slice_width  > f->width
-         || (unsigned)fs->slice_y + (uint64_t)fs->slice_height > f->height)
-        return -1;
+
+    if (sx < 0 || sy < 0 || sw <= 0 || sh <= 0)
+        return AVERROR_INVALIDDATA;
+    if (sx > f->num_h_slices - sw || sy > f->num_v_slices - sh)
+        return AVERROR_INVALIDDATA;
+
+    fs->slice_x      =  sx       * (int64_t)f->width  / f->num_h_slices;
+    fs->slice_y      =  sy       * (int64_t)f->height / f->num_v_slices;
+    fs->slice_width  = (sx + sw) * (int64_t)f->width  / f->num_h_slices - fs->slice_x;
+    fs->slice_height = (sy + sh) * (int64_t)f->height / f->num_v_slices - fs->slice_y;
+
+    av_assert0((unsigned)fs->slice_width  <= f->width &&
+                (unsigned)fs->slice_height <= f->height);
+    av_assert0 (   (unsigned)fs->slice_x + (uint64_t)fs->slice_width  <= f->width
+                && (unsigned)fs->slice_y + (uint64_t)fs->slice_height <= f->height);
 
     if (fs->ac == AC_GOLOMB_RICE && fs->slice_width >= (1<<23))
         return AVERROR_INVALIDDATA;
@@ -770,21 +775,25 @@ static int read_header(FFV1Context *f)
         fs->slice_damaged = 0;
 
         if (f->version == 2) {
-            fs->slice_x      =  get_symbol(c, state, 0)      * f->width ;
-            fs->slice_y      =  get_symbol(c, state, 0)      * f->height;
-            fs->slice_width  = (get_symbol(c, state, 0) + 1) * f->width  + fs->slice_x;
-            fs->slice_height = (get_symbol(c, state, 0) + 1) * f->height + fs->slice_y;
-
-            fs->slice_x     /= f->num_h_slices;
-            fs->slice_y     /= f->num_v_slices;
-            fs->slice_width  = fs->slice_width  / f->num_h_slices - fs->slice_x;
-            fs->slice_height = fs->slice_height / f->num_v_slices - fs->slice_y;
-            if ((unsigned)fs->slice_width  > f->width ||
-                (unsigned)fs->slice_height > f->height)
+            int sx = get_symbol(c, state, 0);
+            int sy = get_symbol(c, state, 0);
+            int sw = get_symbol(c, state, 0) + 1U;
+            int sh = get_symbol(c, state, 0) + 1U;
+
+            if (sx < 0 || sy < 0 || sw <= 0 || sh <= 0)
                 return AVERROR_INVALIDDATA;
-            if (   (unsigned)fs->slice_x + (uint64_t)fs->slice_width  > f->width
-                || (unsigned)fs->slice_y + (uint64_t)fs->slice_height > f->height)
+            if (sx > f->num_h_slices - sw || sy > f->num_v_slices - sh)
                 return AVERROR_INVALIDDATA;
+
+            fs->slice_x      =  sx       * (int64_t)f->width  / f->num_h_slices;
+            fs->slice_y      =  sy       * (int64_t)f->height / f->num_v_slices;
+            fs->slice_width  = (sx + sw) * (int64_t)f->width  / f->num_h_slices - fs->slice_x;
+            fs->slice_height = (sy + sh) * (int64_t)f->height / f->num_v_slices - fs->slice_y;
+
+            av_assert0((unsigned)fs->slice_width  <= f->width &&
+                       (unsigned)fs->slice_height <= f->height);
+            av_assert0 (   (unsigned)fs->slice_x + (uint64_t)fs->slice_width  <= f->width
+                        && (unsigned)fs->slice_y + (uint64_t)fs->slice_height <= f->height);
         }
 
         for (i = 0; i < f->plane_count; i++) {
-- 
2.17.1

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 1/2] avcodec/pictordec: Check that the image fits in the input

[Peter Ross]

[-- Attachment #1.1: Type: text/plain, Size: 1011 bytes --]

On Tue, Nov 22, 2022 at 11:56:51PM +0100, Michael Niedermayer wrote:
> Fixes: Timeout
> Fixes: 53438/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PICTOR_fuzzer-5458939919859712
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpe
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/pictordec.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/libavcodec/pictordec.c b/libavcodec/pictordec.c
> index 71bad40a0a..09229b94fd 100644
> --- a/libavcodec/pictordec.c
> +++ b/libavcodec/pictordec.c
> @@ -162,6 +162,9 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *frame,
>  
>      if (av_image_check_size(s->width, s->height, 0, avctx) < 0)
>          return -1;
> +    if (bytestream2_get_bytes_left(&s->g) < s->width * s->height / 65536 * 5)
> +        return AVERROR_INVALIDDATA;

how did you arrive at this formula?

-- Peter
(A907 E02F A6E5 0CD2 34CD 20D2 6760 79C5 AC40 DD6B)

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

[-- Attachment #2: Type: text/plain, Size: 251 bytes --]

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 1/2] avcodec/pictordec: Check that the image fits in the input

[Michael Niedermayer]

[-- Attachment #1.1: Type: text/plain, Size: 2273 bytes --]

t   On Fri, Nov 25, 2022 at 05:45:29PM +1100, Peter Ross wrote:
> On Tue, Nov 22, 2022 at 11:56:51PM +0100, Michael Niedermayer wrote:
> > Fixes: Timeout
> > Fixes: 53438/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PICTOR_fuzzer-5458939919859712
> > 
> > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpe
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> >  libavcodec/pictordec.c | 3 +++
> >  1 file changed, 3 insertions(+)
> > 
> > diff --git a/libavcodec/pictordec.c b/libavcodec/pictordec.c
> > index 71bad40a0a..09229b94fd 100644
> > --- a/libavcodec/pictordec.c
> > +++ b/libavcodec/pictordec.c
> > @@ -162,6 +162,9 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *frame,
> >  
> >      if (av_image_check_size(s->width, s->height, 0, avctx) < 0)
> >          return -1;
> > +    if (bytestream2_get_bytes_left(&s->g) < s->width * s->height / 65536 * 5)
> > +        return AVERROR_INVALIDDATA;
> 
> how did you arrive at this formula?

There are 2 coding modes, RLE and RAW
I assume usable raw images will need around W*H and thus more than RLE
RLE codes the most compressed runs by
1 byte for val (=marker)
1 byte run (=0)
2 bytes run 
1 byte val
thats 5 bytes and the maximum run we can code is 65535

The RLE decoder loop exits before applying the last RLE run and then
there is a seperate piece of code after it that fills the last color to
the end. Iam not sure why its done like that way but if i remove that
mid exit the seperate code piece becomes unused for all images i have
so it seems all RLE images are always fully coded with no special case
at the end.
Based on this iam guesing that my formula is correct for undamaged images
but of course i could find one tomorrow that exploits the special end
handling and breaks this formula
and of course its very possible that i missed some other thing that changes
this limit

thx

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Many that live deserve death. And some that die deserve life. Can you give
it to them? Then do not be too eager to deal out death in judgement. For
even the very wise cannot see all ends. -- Gandalf

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

[-- Attachment #2: Type: text/plain, Size: 251 bytes --]

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 1/2] avcodec/pictordec: Check that the image fits in the input

[Anton Khirnov]

Quoting Michael Niedermayer (2022-11-25 14:38:46)
> t   On Fri, Nov 25, 2022 at 05:45:29PM +1100, Peter Ross wrote:
> > On Tue, Nov 22, 2022 at 11:56:51PM +0100, Michael Niedermayer wrote:
> > > Fixes: Timeout
> > > Fixes: 53438/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PICTOR_fuzzer-5458939919859712
> > > 
> > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpe
> > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > > ---
> > >  libavcodec/pictordec.c | 3 +++
> > >  1 file changed, 3 insertions(+)
> > > 
> > > diff --git a/libavcodec/pictordec.c b/libavcodec/pictordec.c
> > > index 71bad40a0a..09229b94fd 100644
> > > --- a/libavcodec/pictordec.c
> > > +++ b/libavcodec/pictordec.c
> > > @@ -162,6 +162,9 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *frame,
> > >  
> > >      if (av_image_check_size(s->width, s->height, 0, avctx) < 0)
> > >          return -1;
> > > +    if (bytestream2_get_bytes_left(&s->g) < s->width * s->height / 65536 * 5)
> > > +        return AVERROR_INVALIDDATA;
> > 
> > how did you arrive at this formula?
> 
> There are 2 coding modes, RLE and RAW
> I assume usable raw images will need around W*H and thus more than RLE
> RLE codes the most compressed runs by
> 1 byte for val (=marker)
> 1 byte run (=0)
> 2 bytes run 
> 1 byte val
> thats 5 bytes and the maximum run we can code is 65535
> 
> The RLE decoder loop exits before applying the last RLE run and then
> there is a seperate piece of code after it that fills the last color to
> the end. Iam not sure why its done like that way but if i remove that
> mid exit the seperate code piece becomes unused for all images i have
> so it seems all RLE images are always fully coded with no special case
> at the end.
> Based on this iam guesing that my formula is correct for undamaged images
> but of course i could find one tomorrow that exploits the special end
> handling and breaks this formula
> and of course its very possible that i missed some other thing that changes
> this limit

This should be written in a comment above the code then, otherwise all
future readers will be completely clueless.

-- 
Anton Khirnov
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 1/2] avcodec/pictordec: Check that the image fits in the input

[Peter Ross]

[-- Attachment #1.1: Type: text/plain, Size: 2492 bytes --]

On Fri, Nov 25, 2022 at 03:11:32PM +0100, Anton Khirnov wrote:
> Quoting Michael Niedermayer (2022-11-25 14:38:46)
> > t   On Fri, Nov 25, 2022 at 05:45:29PM +1100, Peter Ross wrote:
> > > On Tue, Nov 22, 2022 at 11:56:51PM +0100, Michael Niedermayer wrote:
> > > > Fixes: Timeout
> > > > Fixes: 53438/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PICTOR_fuzzer-5458939919859712
> > > > 
> > > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpe
> > > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > > > ---
> > > >  libavcodec/pictordec.c | 3 +++
> > > >  1 file changed, 3 insertions(+)
> > > > 
> > > > diff --git a/libavcodec/pictordec.c b/libavcodec/pictordec.c
> > > > index 71bad40a0a..09229b94fd 100644
> > > > --- a/libavcodec/pictordec.c
> > > > +++ b/libavcodec/pictordec.c
> > > > @@ -162,6 +162,9 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *frame,
> > > >  
> > > >      if (av_image_check_size(s->width, s->height, 0, avctx) < 0)
> > > >          return -1;
> > > > +    if (bytestream2_get_bytes_left(&s->g) < s->width * s->height / 65536 * 5)
> > > > +        return AVERROR_INVALIDDATA;
> > > 
> > > how did you arrive at this formula?
> > 
> > There are 2 coding modes, RLE and RAW
> > I assume usable raw images will need around W*H and thus more than RLE
> > RLE codes the most compressed runs by
> > 1 byte for val (=marker)
> > 1 byte run (=0)
> > 2 bytes run 
> > 1 byte val
> > thats 5 bytes and the maximum run we can code is 65535
> > 
> > The RLE decoder loop exits before applying the last RLE run and then
> > there is a seperate piece of code after it that fills the last color to
> > the end. Iam not sure why its done like that way but if i remove that
> > mid exit the seperate code piece becomes unused for all images i have
> > so it seems all RLE images are always fully coded with no special case
> > at the end.
> > Based on this iam guesing that my formula is correct for undamaged images
> > but of course i could find one tomorrow that exploits the special end
> > handling and breaks this formula
> > and of course its very possible that i missed some other thing that changes
> > this limit
> 
> This should be written in a comment above the code then, otherwise all
> future readers will be completely clueless.

good idea. ok, patch looks good.

-- Peter
(A907 E02F A6E5 0CD2 34CD 20D2 6760 79C5 AC40 DD6B)

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

[-- Attachment #2: Type: text/plain, Size: 251 bytes --]

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 2/2] avcodec/ffv1dec: restructure slice coordinate reading a bit

[Michael Niedermayer]

[-- Attachment #1.1: Type: text/plain, Size: 850 bytes --]

On Tue, Nov 22, 2022 at 11:56:52PM +0100, Michael Niedermayer wrote:
> Fixes: signed integer overflow: -1094995528 * 8224 cannot be represented in type 'int'
> Fixes: 53508/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFV1_fuzzer-474551033462784
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/ffv1dec.c | 63 +++++++++++++++++++++++++-------------------
>  1 file changed, 36 insertions(+), 27 deletions(-)

will apply

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Let us carefully observe those good qualities wherein our enemies excel us
and endeavor to excel them, by avoiding what is faulty, and imitating what
is excellent in them. -- Plutarch

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

[-- Attachment #2: Type: text/plain, Size: 251 bytes --]

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 1/2] avcodec/pictordec: Check that the image fits in the input

[Michael Niedermayer]

[-- Attachment #1.1: Type: text/plain, Size: 2978 bytes --]

On Sat, Nov 26, 2022 at 10:42:30AM +1100, Peter Ross wrote:
> On Fri, Nov 25, 2022 at 03:11:32PM +0100, Anton Khirnov wrote:
> > Quoting Michael Niedermayer (2022-11-25 14:38:46)
> > > t   On Fri, Nov 25, 2022 at 05:45:29PM +1100, Peter Ross wrote:
> > > > On Tue, Nov 22, 2022 at 11:56:51PM +0100, Michael Niedermayer wrote:
> > > > > Fixes: Timeout
> > > > > Fixes: 53438/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PICTOR_fuzzer-5458939919859712
> > > > > 
> > > > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpe
> > > > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > > > > ---
> > > > >  libavcodec/pictordec.c | 3 +++
> > > > >  1 file changed, 3 insertions(+)
> > > > > 
> > > > > diff --git a/libavcodec/pictordec.c b/libavcodec/pictordec.c
> > > > > index 71bad40a0a..09229b94fd 100644
> > > > > --- a/libavcodec/pictordec.c
> > > > > +++ b/libavcodec/pictordec.c
> > > > > @@ -162,6 +162,9 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *frame,
> > > > >  
> > > > >      if (av_image_check_size(s->width, s->height, 0, avctx) < 0)
> > > > >          return -1;
> > > > > +    if (bytestream2_get_bytes_left(&s->g) < s->width * s->height / 65536 * 5)
> > > > > +        return AVERROR_INVALIDDATA;
> > > > 
> > > > how did you arrive at this formula?
> > > 
> > > There are 2 coding modes, RLE and RAW
> > > I assume usable raw images will need around W*H and thus more than RLE
> > > RLE codes the most compressed runs by
> > > 1 byte for val (=marker)
> > > 1 byte run (=0)
> > > 2 bytes run 
> > > 1 byte val
> > > thats 5 bytes and the maximum run we can code is 65535
> > > 
> > > The RLE decoder loop exits before applying the last RLE run and then
> > > there is a seperate piece of code after it that fills the last color to
> > > the end. Iam not sure why its done like that way but if i remove that
> > > mid exit the seperate code piece becomes unused for all images i have
> > > so it seems all RLE images are always fully coded with no special case
> > > at the end.
> > > Based on this iam guesing that my formula is correct for undamaged images
> > > but of course i could find one tomorrow that exploits the special end
> > > handling and breaks this formula
> > > and of course its very possible that i missed some other thing that changes
> > > this limit
> > 
> > This should be written in a comment above the code then, otherwise all
> > future readers will be completely clueless.
> 
> good idea. ok, patch looks good.

ok will apply, i need to reword this comment a bit as the code
changed already and the mid exit no longer exists

thx

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Into a blind darkness they enter who follow after the Ignorance,
they as if into a greater darkness enter who devote themselves
to the Knowledge alone. -- Isha Upanishad

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

[-- Attachment #2: Type: text/plain, Size: 251 bytes --]

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".