* [FFmpeg-devel] [PATCH 1/5] avcodec/tiff: Check camera_calibration for 0
@ 2022-12-18 17:08 Michael Niedermayer
2022-12-18 17:08 ` [FFmpeg-devel] [PATCH 2/5] avcodec/tiff: Prettify code in dng_blit() Michael Niedermayer
` (4 more replies)
0 siblings, 5 replies; 14+ messages in thread
From: Michael Niedermayer @ 2022-12-18 17:08 UTC (permalink / raw)
To: FFmpeg development discussions and patches
Fixes: division by 0
Fixes: 53926/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5680347889401856
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavcodec/tiff.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/libavcodec/tiff.c b/libavcodec/tiff.c
index 41b5a6b7e4..820457fedc 100644
--- a/libavcodec/tiff.c
+++ b/libavcodec/tiff.c
@@ -2050,8 +2050,10 @@ again:
}
if (!s->use_color_matrix) {
- for (i = 0; i < 3; i++)
- s->premultiply[i] /= s->camera_calibration[i][i];
+ for (i = 0; i < 3; i++) {
+ if (s->camera_calibration[i][i])
+ s->premultiply[i] /= s->camera_calibration[i][i];
+ }
} else {
for (int c = 0; c < 3; c++) {
for (i = 0; i < 3; i++) {
--
2.17.1
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 14+ messages in thread
* [FFmpeg-devel] [PATCH 2/5] avcodec/tiff: Prettify code in dng_blit()
2022-12-18 17:08 [FFmpeg-devel] [PATCH 1/5] avcodec/tiff: Check camera_calibration for 0 Michael Niedermayer
@ 2022-12-18 17:08 ` Michael Niedermayer
2023-01-11 10:30 ` Michael Niedermayer
2022-12-18 17:08 ` [FFmpeg-devel] [PATCH 3/5] avcodec/apac: Sanity check bits_per_coded_sample Michael Niedermayer
` (3 subsequent siblings)
4 siblings, 1 reply; 14+ messages in thread
From: Michael Niedermayer @ 2022-12-18 17:08 UTC (permalink / raw)
To: FFmpeg development discussions and patches
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavcodec/tiff.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/tiff.c b/libavcodec/tiff.c
index 820457fedc..1a1879de89 100644
--- a/libavcodec/tiff.c
+++ b/libavcodec/tiff.c
@@ -326,7 +326,7 @@ static void av_always_inline dng_blit(TiffContext *s, uint8_t *dst, int dst_stri
scale_factor[i] = s->premultiply[s->pattern[i]] * 65535.f / (s->white_level - s->black_level[i]);
} else {
for (int i = 0; i < 4; i++)
- scale_factor[i] = 65535.f * s->premultiply[i] / (s->white_level - s->black_level[i]);
+ scale_factor[i] = s->premultiply[ i ] * 65535.f / (s->white_level - s->black_level[i]);
}
if (is_single_comp) {
--
2.17.1
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 14+ messages in thread
* [FFmpeg-devel] [PATCH 3/5] avcodec/apac: Sanity check bits_per_coded_sample
2022-12-18 17:08 [FFmpeg-devel] [PATCH 1/5] avcodec/tiff: Check camera_calibration for 0 Michael Niedermayer
2022-12-18 17:08 ` [FFmpeg-devel] [PATCH 2/5] avcodec/tiff: Prettify code in dng_blit() Michael Niedermayer
@ 2022-12-18 17:08 ` Michael Niedermayer
2022-12-19 19:35 ` Paul B Mahol
2022-12-18 17:08 ` [FFmpeg-devel] [PATCH 4/5] avcodec/h264_slice: Use unsigned for fgs seed computation Michael Niedermayer
` (2 subsequent siblings)
4 siblings, 1 reply; 14+ messages in thread
From: Michael Niedermayer @ 2022-12-18 17:08 UTC (permalink / raw)
To: FFmpeg development discussions and patches
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 53931/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APAC_fuzzer-6072913738727424
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavcodec/apac.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libavcodec/apac.c b/libavcodec/apac.c
index 030f81adce..2501209681 100644
--- a/libavcodec/apac.c
+++ b/libavcodec/apac.c
@@ -75,7 +75,9 @@ static av_cold int apac_init(AVCodecContext *avctx)
avctx->sample_fmt = AV_SAMPLE_FMT_U8P;
if (avctx->ch_layout.nb_channels < 1 ||
- avctx->ch_layout.nb_channels > 2)
+ avctx->ch_layout.nb_channels > 2 ||
+ avctx->bits_per_coded_sample > 32U
+ )
return AVERROR_INVALIDDATA;
for (int ch = 0; ch < avctx->ch_layout.nb_channels; ch++) {
--
2.17.1
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 14+ messages in thread
* [FFmpeg-devel] [PATCH 4/5] avcodec/h264_slice: Use unsigned for fgs seed computation
2022-12-18 17:08 [FFmpeg-devel] [PATCH 1/5] avcodec/tiff: Check camera_calibration for 0 Michael Niedermayer
2022-12-18 17:08 ` [FFmpeg-devel] [PATCH 2/5] avcodec/tiff: Prettify code in dng_blit() Michael Niedermayer
2022-12-18 17:08 ` [FFmpeg-devel] [PATCH 3/5] avcodec/apac: Sanity check bits_per_coded_sample Michael Niedermayer
@ 2022-12-18 17:08 ` Michael Niedermayer
2023-01-11 10:32 ` Michael Niedermayer
2022-12-18 17:08 ` [FFmpeg-devel] [PATCH 5/5] avcodec/wavpack: Avoid undefined shift in get_tail() Michael Niedermayer
2023-01-11 10:29 ` [FFmpeg-devel] [PATCH 1/5] avcodec/tiff: Check camera_calibration for 0 Michael Niedermayer
4 siblings, 1 reply; 14+ messages in thread
From: Michael Niedermayer @ 2022-12-18 17:08 UTC (permalink / raw)
To: FFmpeg development discussions and patches
Fixes: signed integer overflow: 2147481600 + 13408 cannot be represented in type 'int'
Fixes: 53963/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-4650467311616000
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavcodec/h264_slice.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/h264_slice.c b/libavcodec/h264_slice.c
index 420758ba0a..6188c74632 100644
--- a/libavcodec/h264_slice.c
+++ b/libavcodec/h264_slice.c
@@ -1228,7 +1228,7 @@ static int h264_export_frame_props(H264Context *h)
ret = ff_h2645_sei_to_frame(out, &h->sei.common, AV_CODEC_ID_H264, h->avctx,
&sps->vui, sps->bit_depth_luma, sps->bit_depth_chroma,
- cur->poc + (h->poc_offset << 5));
+ cur->poc + (unsigned)(h->poc_offset << 5));
if (ret < 0)
return ret;
--
2.17.1
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 14+ messages in thread
* [FFmpeg-devel] [PATCH 5/5] avcodec/wavpack: Avoid undefined shift in get_tail()
2022-12-18 17:08 [FFmpeg-devel] [PATCH 1/5] avcodec/tiff: Check camera_calibration for 0 Michael Niedermayer
` (2 preceding siblings ...)
2022-12-18 17:08 ` [FFmpeg-devel] [PATCH 4/5] avcodec/h264_slice: Use unsigned for fgs seed computation Michael Niedermayer
@ 2022-12-18 17:08 ` Michael Niedermayer
2022-12-18 17:18 ` James Almer
2022-12-18 18:14 ` Paul B Mahol
2023-01-11 10:29 ` [FFmpeg-devel] [PATCH 1/5] avcodec/tiff: Check camera_calibration for 0 Michael Niedermayer
4 siblings, 2 replies; 14+ messages in thread
From: Michael Niedermayer @ 2022-12-18 17:08 UTC (permalink / raw)
To: FFmpeg development discussions and patches
Fixes: left shift of 1208485947 by 1 places cannot be represented in type 'int'
Fixes: 54058/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVPACK_fuzzer-5827521084260352
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavcodec/wavpack.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c
index 3cb4077550..42859ab0a1 100644
--- a/libavcodec/wavpack.c
+++ b/libavcodec/wavpack.c
@@ -129,7 +129,7 @@ static av_always_inline unsigned get_tail(GetBitContext *gb, unsigned k)
e = (1LL << (p + 1)) - k - 1;
res = get_bits_long(gb, p);
if (res >= e)
- res = (res << 1) - e + get_bits1(gb);
+ res = ((unsigned)res << 1) - e + get_bits1(gb);
return res;
}
--
2.17.1
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [FFmpeg-devel] [PATCH 5/5] avcodec/wavpack: Avoid undefined shift in get_tail()
2022-12-18 17:08 ` [FFmpeg-devel] [PATCH 5/5] avcodec/wavpack: Avoid undefined shift in get_tail() Michael Niedermayer
@ 2022-12-18 17:18 ` James Almer
2022-12-18 17:32 ` Andreas Rheinhardt
2022-12-18 18:14 ` Paul B Mahol
1 sibling, 1 reply; 14+ messages in thread
From: James Almer @ 2022-12-18 17:18 UTC (permalink / raw)
To: ffmpeg-devel
On 12/18/2022 2:08 PM, Michael Niedermayer wrote:
> Fixes: left shift of 1208485947 by 1 places cannot be represented in type 'int'
> Fixes: 54058/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVPACK_fuzzer-5827521084260352
>
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
> libavcodec/wavpack.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c
> index 3cb4077550..42859ab0a1 100644
> --- a/libavcodec/wavpack.c
> +++ b/libavcodec/wavpack.c
> @@ -129,7 +129,7 @@ static av_always_inline unsigned get_tail(GetBitContext *gb, unsigned k)
> e = (1LL << (p + 1)) - k - 1;
> res = get_bits_long(gb, p);
> if (res >= e)
> - res = (res << 1) - e + get_bits1(gb);
> + res = ((unsigned)res << 1) - e + get_bits1(gb);
Don't we usually do << 1U for this?
> return res;
> }
>
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [FFmpeg-devel] [PATCH 5/5] avcodec/wavpack: Avoid undefined shift in get_tail()
2022-12-18 17:18 ` James Almer
@ 2022-12-18 17:32 ` Andreas Rheinhardt
0 siblings, 0 replies; 14+ messages in thread
From: Andreas Rheinhardt @ 2022-12-18 17:32 UTC (permalink / raw)
To: ffmpeg-devel
James Almer:
> On 12/18/2022 2:08 PM, Michael Niedermayer wrote:
>> Fixes: left shift of 1208485947 by 1 places cannot be represented in
>> type 'int'
>> Fixes:
>> 54058/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVPACK_fuzzer-5827521084260352
>>
>> Found-by: continuous fuzzing process
>> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
>> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
>> ---
>> libavcodec/wavpack.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c
>> index 3cb4077550..42859ab0a1 100644
>> --- a/libavcodec/wavpack.c
>> +++ b/libavcodec/wavpack.c
>> @@ -129,7 +129,7 @@ static av_always_inline unsigned
>> get_tail(GetBitContext *gb, unsigned k)
>> e = (1LL << (p + 1)) - k - 1;
>> res = get_bits_long(gb, p);
>> if (res >= e)
>> - res = (res << 1) - e + get_bits1(gb);
>> + res = ((unsigned)res << 1) - e + get_bits1(gb);
>
> Don't we usually do << 1U for this?
>
Definitely not. The type of a shift is given by the left operand, not
the right operand, so using << 1U doesn't help at all here.
(We often use "* 2U" in such cases; "* (1U << 1)" would also be possible.)
- Andreas
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [FFmpeg-devel] [PATCH 5/5] avcodec/wavpack: Avoid undefined shift in get_tail()
2022-12-18 17:08 ` [FFmpeg-devel] [PATCH 5/5] avcodec/wavpack: Avoid undefined shift in get_tail() Michael Niedermayer
2022-12-18 17:18 ` James Almer
@ 2022-12-18 18:14 ` Paul B Mahol
2022-12-20 16:42 ` Michael Niedermayer
1 sibling, 1 reply; 14+ messages in thread
From: Paul B Mahol @ 2022-12-18 18:14 UTC (permalink / raw)
To: FFmpeg development discussions and patches
On 12/18/22, Michael Niedermayer <michael@niedermayer.cc> wrote:
> Fixes: left shift of 1208485947 by 1 places cannot be represented in type
> 'int'
> Fixes:
> 54058/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVPACK_fuzzer-5827521084260352
>
Please use something else than casting.
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
> libavcodec/wavpack.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c
> index 3cb4077550..42859ab0a1 100644
> --- a/libavcodec/wavpack.c
> +++ b/libavcodec/wavpack.c
> @@ -129,7 +129,7 @@ static av_always_inline unsigned get_tail(GetBitContext
> *gb, unsigned k)
> e = (1LL << (p + 1)) - k - 1;
> res = get_bits_long(gb, p);
> if (res >= e)
> - res = (res << 1) - e + get_bits1(gb);
> + res = ((unsigned)res << 1) - e + get_bits1(gb);
> return res;
> }
>
> --
> 2.17.1
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
>
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [FFmpeg-devel] [PATCH 3/5] avcodec/apac: Sanity check bits_per_coded_sample
2022-12-18 17:08 ` [FFmpeg-devel] [PATCH 3/5] avcodec/apac: Sanity check bits_per_coded_sample Michael Niedermayer
@ 2022-12-19 19:35 ` Paul B Mahol
2022-12-20 17:13 ` Michael Niedermayer
0 siblings, 1 reply; 14+ messages in thread
From: Paul B Mahol @ 2022-12-19 19:35 UTC (permalink / raw)
To: FFmpeg development discussions and patches
On 12/18/22, Michael Niedermayer <michael@niedermayer.cc> wrote:
> Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type
> 'int'
> Fixes:
> 53931/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APAC_fuzzer-6072913738727424
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
> libavcodec/apac.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/libavcodec/apac.c b/libavcodec/apac.c
> index 030f81adce..2501209681 100644
> --- a/libavcodec/apac.c
> +++ b/libavcodec/apac.c
> @@ -75,7 +75,9 @@ static av_cold int apac_init(AVCodecContext *avctx)
> avctx->sample_fmt = AV_SAMPLE_FMT_U8P;
>
> if (avctx->ch_layout.nb_channels < 1 ||
> - avctx->ch_layout.nb_channels > 2)
> + avctx->ch_layout.nb_channels > 2 ||
> + avctx->bits_per_coded_sample > 32U
> + )
> return AVERROR_INVALIDDATA;
>
> for (int ch = 0; ch < avctx->ch_layout.nb_channels; ch++) {
> --
> 2.17.1
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
>
Pretty sure bps cant be <8 and >16
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [FFmpeg-devel] [PATCH 5/5] avcodec/wavpack: Avoid undefined shift in get_tail()
2022-12-18 18:14 ` Paul B Mahol
@ 2022-12-20 16:42 ` Michael Niedermayer
0 siblings, 0 replies; 14+ messages in thread
From: Michael Niedermayer @ 2022-12-20 16:42 UTC (permalink / raw)
To: FFmpeg development discussions and patches
[-- Attachment #1.1: Type: text/plain, Size: 604 bytes --]
On Sun, Dec 18, 2022 at 07:14:27PM +0100, Paul B Mahol wrote:
> On 12/18/22, Michael Niedermayer <michael@niedermayer.cc> wrote:
> > Fixes: left shift of 1208485947 by 1 places cannot be represented in type
> > 'int'
> > Fixes:
> > 54058/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVPACK_fuzzer-5827521084260352
> >
>
> Please use something else than casting.
ok will apply with * 2U
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Asymptotically faster algorithms should always be preferred if you have
asymptotical amounts of data
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
[-- Attachment #2: Type: text/plain, Size: 251 bytes --]
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [FFmpeg-devel] [PATCH 3/5] avcodec/apac: Sanity check bits_per_coded_sample
2022-12-19 19:35 ` Paul B Mahol
@ 2022-12-20 17:13 ` Michael Niedermayer
0 siblings, 0 replies; 14+ messages in thread
From: Michael Niedermayer @ 2022-12-20 17:13 UTC (permalink / raw)
To: FFmpeg development discussions and patches
[-- Attachment #1.1: Type: text/plain, Size: 1855 bytes --]
On Mon, Dec 19, 2022 at 08:35:45PM +0100, Paul B Mahol wrote:
> On 12/18/22, Michael Niedermayer <michael@niedermayer.cc> wrote:
> > Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type
> > 'int'
> > Fixes:
> > 53931/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APAC_fuzzer-6072913738727424
> >
> > Found-by: continuous fuzzing process
> > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> > libavcodec/apac.c | 4 +++-
> > 1 file changed, 3 insertions(+), 1 deletion(-)
> >
> > diff --git a/libavcodec/apac.c b/libavcodec/apac.c
> > index 030f81adce..2501209681 100644
> > --- a/libavcodec/apac.c
> > +++ b/libavcodec/apac.c
> > @@ -75,7 +75,9 @@ static av_cold int apac_init(AVCodecContext *avctx)
> > avctx->sample_fmt = AV_SAMPLE_FMT_U8P;
> >
> > if (avctx->ch_layout.nb_channels < 1 ||
> > - avctx->ch_layout.nb_channels > 2)
> > + avctx->ch_layout.nb_channels > 2 ||
> > + avctx->bits_per_coded_sample > 32U
> > + )
> > return AVERROR_INVALIDDATA;
> >
> > for (int ch = 0; ch < avctx->ch_layout.nb_channels; ch++) {
> > --
> > 2.17.1
> >
> > _______________________________________________
> > ffmpeg-devel mailing list
> > ffmpeg-devel@ffmpeg.org
> > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> >
> > To unsubscribe, visit link above, or email
> > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
> >
>
> Pretty sure bps cant be <8 and >16
ok, will apply <8 || >16 check then
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Does the universe only have a finite lifespan? No, its going to go on
forever, its just that you wont like living in it. -- Hiranya Peiri
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
[-- Attachment #2: Type: text/plain, Size: 251 bytes --]
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [FFmpeg-devel] [PATCH 1/5] avcodec/tiff: Check camera_calibration for 0
2022-12-18 17:08 [FFmpeg-devel] [PATCH 1/5] avcodec/tiff: Check camera_calibration for 0 Michael Niedermayer
` (3 preceding siblings ...)
2022-12-18 17:08 ` [FFmpeg-devel] [PATCH 5/5] avcodec/wavpack: Avoid undefined shift in get_tail() Michael Niedermayer
@ 2023-01-11 10:29 ` Michael Niedermayer
4 siblings, 0 replies; 14+ messages in thread
From: Michael Niedermayer @ 2023-01-11 10:29 UTC (permalink / raw)
To: FFmpeg development discussions and patches
[-- Attachment #1.1: Type: text/plain, Size: 695 bytes --]
On Sun, Dec 18, 2022 at 06:08:19PM +0100, Michael Niedermayer wrote:
> Fixes: division by 0
> Fixes: 53926/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5680347889401856
>
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
> libavcodec/tiff.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
will apply
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
If a bugfix only changes things apparently unrelated to the bug with no
further explanation, that is a good sign that the bugfix is wrong.
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
[-- Attachment #2: Type: text/plain, Size: 251 bytes --]
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [FFmpeg-devel] [PATCH 2/5] avcodec/tiff: Prettify code in dng_blit()
2022-12-18 17:08 ` [FFmpeg-devel] [PATCH 2/5] avcodec/tiff: Prettify code in dng_blit() Michael Niedermayer
@ 2023-01-11 10:30 ` Michael Niedermayer
0 siblings, 0 replies; 14+ messages in thread
From: Michael Niedermayer @ 2023-01-11 10:30 UTC (permalink / raw)
To: FFmpeg development discussions and patches
[-- Attachment #1.1: Type: text/plain, Size: 409 bytes --]
On Sun, Dec 18, 2022 at 06:08:20PM +0100, Michael Niedermayer wrote:
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
> libavcodec/tiff.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
will apply
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Everything should be made as simple as possible, but not simpler.
-- Albert Einstein
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
[-- Attachment #2: Type: text/plain, Size: 251 bytes --]
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [FFmpeg-devel] [PATCH 4/5] avcodec/h264_slice: Use unsigned for fgs seed computation
2022-12-18 17:08 ` [FFmpeg-devel] [PATCH 4/5] avcodec/h264_slice: Use unsigned for fgs seed computation Michael Niedermayer
@ 2023-01-11 10:32 ` Michael Niedermayer
0 siblings, 0 replies; 14+ messages in thread
From: Michael Niedermayer @ 2023-01-11 10:32 UTC (permalink / raw)
To: FFmpeg development discussions and patches
[-- Attachment #1.1: Type: text/plain, Size: 686 bytes --]
On Sun, Dec 18, 2022 at 06:08:22PM +0100, Michael Niedermayer wrote:
> Fixes: signed integer overflow: 2147481600 + 13408 cannot be represented in type 'int'
> Fixes: 53963/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-4650467311616000
>
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
> libavcodec/h264_slice.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
will apply
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
No snowflake in an avalanche ever feels responsible. -- Voltaire
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
[-- Attachment #2: Type: text/plain, Size: 251 bytes --]
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2023-01-11 10:32 UTC | newest]
Thread overview: 14+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-12-18 17:08 [FFmpeg-devel] [PATCH 1/5] avcodec/tiff: Check camera_calibration for 0 Michael Niedermayer
2022-12-18 17:08 ` [FFmpeg-devel] [PATCH 2/5] avcodec/tiff: Prettify code in dng_blit() Michael Niedermayer
2023-01-11 10:30 ` Michael Niedermayer
2022-12-18 17:08 ` [FFmpeg-devel] [PATCH 3/5] avcodec/apac: Sanity check bits_per_coded_sample Michael Niedermayer
2022-12-19 19:35 ` Paul B Mahol
2022-12-20 17:13 ` Michael Niedermayer
2022-12-18 17:08 ` [FFmpeg-devel] [PATCH 4/5] avcodec/h264_slice: Use unsigned for fgs seed computation Michael Niedermayer
2023-01-11 10:32 ` Michael Niedermayer
2022-12-18 17:08 ` [FFmpeg-devel] [PATCH 5/5] avcodec/wavpack: Avoid undefined shift in get_tail() Michael Niedermayer
2022-12-18 17:18 ` James Almer
2022-12-18 17:32 ` Andreas Rheinhardt
2022-12-18 18:14 ` Paul B Mahol
2022-12-20 16:42 ` Michael Niedermayer
2023-01-11 10:29 ` [FFmpeg-devel] [PATCH 1/5] avcodec/tiff: Check camera_calibration for 0 Michael Niedermayer
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git