[FFmpeg-devel] [PATCH 1/6] avformat/jpegxl_anim_dec: Perform operations in a different order

[FFmpeg-devel] [PATCH 1/6] avformat/jpegxl_anim_dec: Perform operations in a different order

[Michael Niedermayer]

Fixes: OOM
Fixes: 59802/clusterfuzz-testcase-minimized-ffmpeg_dem_JPEGXL_ANIM_fuzzer-5681765466112000

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/jpegxl_anim_dec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/jpegxl_anim_dec.c b/libavformat/jpegxl_anim_dec.c
index 6ea6c46d8f..c62b596f76 100644
--- a/libavformat/jpegxl_anim_dec.c
+++ b/libavformat/jpegxl_anim_dec.c
@@ -227,7 +227,7 @@ static int jpegxl_anim_read_packet(AVFormatContext *s, AVPacket *pkt)
     if (ctx->initial && size < ctx->initial->size)
         size = ctx->initial->size;
 
-    if ((ret = av_new_packet(pkt, size) < 0))
+    if ((ret = av_new_packet(pkt, size)) < 0)
         return ret;
 
     if (ctx->initial) {
-- 
2.17.1

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH 2/6] avcodec/utils: fix 2 integer overflows in get_audio_frame_duration()

[Michael Niedermayer]

Fixes: signed integer overflow: 256 * 668003712 cannot be represented in type 'int'
Fixes: 59819/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-4674636538052608

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/utils.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavcodec/utils.c b/libavcodec/utils.c
index a8514ba6c1..672eb15d98 100644
--- a/libavcodec/utils.c
+++ b/libavcodec/utils.c
@@ -641,9 +641,9 @@ static int get_audio_frame_duration(enum AVCodecID id, int sr, int ch, int ba,
     if (sr > 0) {
         /* calc from sample rate */
         if (id == AV_CODEC_ID_TTA)
-            return 256 * sr / 245;
+            return 256ll * sr / 245;
         else if (id == AV_CODEC_ID_DST)
-            return 588 * sr / 44100;
+            return 588ll * sr / 44100;
         else if (id == AV_CODEC_ID_BINKAUDIO_DCT) {
             if (sr / 22050 > 22)
                 return 0;
-- 
2.17.1

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH 3/6] avformat/jpegxl_anim_dec: add FF_JPEGXL_CONTAINER_SIGNATURE_LE

[Michael Niedermayer]

Fixes: out of array read
Fixes: 59828/clusterfuzz-testcase-minimized-ffmpeg_dem_JPEGXL_ANIM_fuzzer-5029813220671488

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/jpegxl_anim_dec.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/libavformat/jpegxl_anim_dec.c b/libavformat/jpegxl_anim_dec.c
index c62b596f76..7e4d39385c 100644
--- a/libavformat/jpegxl_anim_dec.c
+++ b/libavformat/jpegxl_anim_dec.c
@@ -108,7 +108,7 @@ static int jpegxl_collect_codestream_header(const uint8_t *input_buffer, int inp
 
 static int jpegxl_anim_probe(const AVProbeData *p)
 {
-    uint8_t buffer[4096];
+    uint8_t buffer[4096 + AV_INPUT_BUFFER_PADDING_SIZE];
     int copied;
 
     /* this is a raw codestream */
@@ -123,7 +123,7 @@ static int jpegxl_anim_probe(const AVProbeData *p)
     if (AV_RL64(p->buf) != FF_JPEGXL_CONTAINER_SIGNATURE_LE)
         return 0;
 
-    if (jpegxl_collect_codestream_header(p->buf, p->buf_size, buffer, sizeof(buffer), &copied) <= 0 || copied <= 0)
+    if (jpegxl_collect_codestream_header(p->buf, p->buf_size, buffer, sizeof(buffer) - AV_INPUT_BUFFER_PADDING_SIZE, &copied) <= 0 || copied <= 0)
         return 0;
 
     if (ff_jpegxl_verify_codestream_header(buffer, copied, 0) >= 1)
@@ -138,7 +138,8 @@ static int jpegxl_anim_read_header(AVFormatContext *s)
     AVIOContext *pb = s->pb;
     AVStream *st;
     int offset = 0;
-    uint8_t head[256];
+    uint8_t head[256 + AV_INPUT_BUFFER_PADDING_SIZE];
+    const int sizeofhead = sizeof(head) - AV_INPUT_BUFFER_PADDING_SIZE;
     int headsize = 0;
     int ctrl;
     AVRational tb;
@@ -147,7 +148,7 @@ static int jpegxl_anim_read_header(AVFormatContext *s)
     uint64_t sig16 = avio_rl16(pb);
     if (sig16 == FF_JPEGXL_CODESTREAM_SIGNATURE_LE) {
         AV_WL16(head, sig16);
-        headsize = avio_read(s->pb, head + 2, sizeof(head) - 2);
+        headsize = avio_read(s->pb, head + 2, sizeofhead - 2);
         if (headsize < 0)
             return headsize;
         headsize += 2;
@@ -178,10 +179,10 @@ static int jpegxl_anim_read_header(AVFormatContext *s)
                 if (av_buffer_realloc(&ctx->initial, ctx->initial->size + read) < 0)
                     return AVERROR(ENOMEM);
             }
-            jpegxl_collect_codestream_header(buf, read, head + headsize, sizeof(head) - headsize, &copied);
+            jpegxl_collect_codestream_header(buf, read, head + headsize, sizeofhead - headsize, &copied);
             memcpy(ctx->initial->data + (ctx->initial->size - read), buf, read);
             headsize += copied;
-            if (headsize >= sizeof(head) || read < sizeof(buf))
+            if (headsize >= sizeofhead || read < sizeof(buf))
                 break;
         }
     }
-- 
2.17.1

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH 4/6] avcodec/evc_parse: Check log2_sub_gop_length

[Michael Niedermayer]

Fixes: 1.70141e+38 is outside the range of representable values of type 'int'
Fixes: 59883/clusterfuzz-testcase-minimized-ffmpeg_BSF_EVC_FRAME_MERGE_fuzzer-5557887217565696

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/evc_parse.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavcodec/evc_parse.c b/libavcodec/evc_parse.c
index 44be5c5291..822b236423 100644
--- a/libavcodec/evc_parse.c
+++ b/libavcodec/evc_parse.c
@@ -277,6 +277,8 @@ EVCParserSPS *ff_evc_parse_sps(EVCParserContext *ctx, const uint8_t *bs, int bs_
 
     if (!sps->sps_pocs_flag || !sps->sps_rpl_flag) {
         sps->log2_sub_gop_length = get_ue_golomb(&gb);
+        if (sps->log2_sub_gop_length > 5U)
+            return NULL;
         if (sps->log2_sub_gop_length == 0)
             sps->log2_ref_pic_gap_length = get_ue_golomb(&gb);
     }
-- 
2.17.1

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH 5/6] avcodec/vmixdec: Fix several integer anomalies

[Michael Niedermayer]

Fixes: vmixdec.c:132:34: runtime error: signed integer overflow: -2147483648 * 1856 cannot be represented in type 'int'
Fixes: vmixdec.c:119:20: runtime error: signed integer overflow: -1256 + -2147483648 cannot be represented in type 'int'
Fixes: vmixdec.c:137:36: runtime error: signed integer overflow: 2147483416 * 16 cannot be represented in type 'int'
Fixes: 59843/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VMIX_fuzzer-4857434624360448

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/vmixdec.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/libavcodec/vmixdec.c b/libavcodec/vmixdec.c
index d0f2219a67..dac0827df2 100644
--- a/libavcodec/vmixdec.c
+++ b/libavcodec/vmixdec.c
@@ -116,7 +116,7 @@ static int decode_dcac(AVCodecContext *avctx,
                 dc_run--;
             } else {
                 dc_v = get_se_golomb_vmix(dc_gb);
-                dc += dc_v;
+                dc += (unsigned)dc_v;
                 if (!dc_v)
                     dc_run = get_ue_golomb_long(dc_gb);
             }
@@ -129,12 +129,12 @@ static int decode_dcac(AVCodecContext *avctx,
 
                 ac_v = get_se_golomb_vmix(ac_gb);
                 i = scan[n];
-                block[i] = (ac_v * factors[i]) >> 4;
+                block[i] = (unsigned)(ac_v * factors[i]) >> 4;
                 if (!ac_v)
                     ac_run = get_ue_golomb_long(ac_gb);
             }
 
-            block[0] = ((dc + add) * 16) >> 4;
+            block[0] = dc + add;
             s->idsp.idct_put(dst + x, linesize, block);
         }
 
-- 
2.17.1

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH 6/6] doc/developer: Require new modules to include tests

[Michael Niedermayer]

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 doc/developer.texi | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/doc/developer.texi b/doc/developer.texi
index a7da2ce2d5..0c2f2cd7d1 100644
--- a/doc/developer.texi
+++ b/doc/developer.texi
@@ -805,7 +805,10 @@ Lines with similar content should be aligned vertically when doing so
 improves readability.
 
 @item
-Consider adding a regression test for your code.
+Consider adding a regression test for your code. All new modules
+should be covered by tests. That includes demuxers, muxers, decoders, encoders
+filters, bitstream filters, parsers. If its not possible to do that, add
+an explanation why to your patchset, its ok to not test if theres a reason.
 
 @item
 If you added YASM code please check that things still work with --disable-yasm.
-- 
2.17.1

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 6/6] doc/developer: Require new modules to include tests

[Lynne]

Jun 18, 2023, 23:50 by michael@niedermayer.cc:

> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  doc/developer.texi | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/doc/developer.texi b/doc/developer.texi
> index a7da2ce2d5..0c2f2cd7d1 100644
> --- a/doc/developer.texi
> +++ b/doc/developer.texi
> @@ -805,7 +805,10 @@ Lines with similar content should be aligned vertically when doing so
>  improves readability.
>  
>  @item
> -Consider adding a regression test for your code.
> +Consider adding a regression test for your code. All new modules
> +should be covered by tests. That includes demuxers, muxers, decoders, encoders
> +filters, bitstream filters, parsers. If its not possible to do that, add
> +an explanation why to your patchset, its ok to not test if theres a reason.
>

Could you add assembly code to this as well?
checkasm is super useful, but is currently lacking quite
a few tests.
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 1/6] avformat/jpegxl_anim_dec: Perform operations in a different order

[Leo Izen]

On 6/18/23 17:50, Michael Niedermayer wrote:
> Fixes: OOM
> Fixes: 59802/clusterfuzz-testcase-minimized-ffmpeg_dem_JPEGXL_ANIM_fuzzer-5681765466112000
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>   libavformat/jpegxl_anim_dec.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/libavformat/jpegxl_anim_dec.c b/libavformat/jpegxl_anim_dec.c
> index 6ea6c46d8f..c62b596f76 100644
> --- a/libavformat/jpegxl_anim_dec.c
> +++ b/libavformat/jpegxl_anim_dec.c
> @@ -227,7 +227,7 @@ static int jpegxl_anim_read_packet(AVFormatContext *s, AVPacket *pkt)
>       if (ctx->initial && size < ctx->initial->size)
>           size = ctx->initial->size;
>   
> -    if ((ret = av_new_packet(pkt, size) < 0))
> +    if ((ret = av_new_packet(pkt, size)) < 0)
>           return ret;
>   
>       if (ctx->initial) {

Pushed the first patch, I maintain this code and it LGTM. I left others 
pending.

- Leo Izen

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 4/6] avcodec/evc_parse: Check log2_sub_gop_length

[James Almer]

On 6/18/2023 6:50 PM, Michael Niedermayer wrote:
> Fixes: 1.70141e+38 is outside the range of representable values of type 'int'
> Fixes: 59883/clusterfuzz-testcase-minimized-ffmpeg_BSF_EVC_FRAME_MERGE_fuzzer-5557887217565696
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>   libavcodec/evc_parse.c | 2 ++
>   1 file changed, 2 insertions(+)
> 
> diff --git a/libavcodec/evc_parse.c b/libavcodec/evc_parse.c
> index 44be5c5291..822b236423 100644
> --- a/libavcodec/evc_parse.c
> +++ b/libavcodec/evc_parse.c
> @@ -277,6 +277,8 @@ EVCParserSPS *ff_evc_parse_sps(EVCParserContext *ctx, const uint8_t *bs, int bs_
>   
>       if (!sps->sps_pocs_flag || !sps->sps_rpl_flag) {
>           sps->log2_sub_gop_length = get_ue_golomb(&gb);
> +        if (sps->log2_sub_gop_length > 5U)
> +            return NULL;
>           if (sps->log2_sub_gop_length == 0)
>               sps->log2_ref_pic_gap_length = get_ue_golomb(&gb);
>       }

LGTM, but please let me apply it as part of my evc patchset to prevent 
conflicts.
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 3/6] avformat/jpegxl_anim_dec: add FF_JPEGXL_CONTAINER_SIGNATURE_LE

[Leo Izen]

On 6/18/23 17:50, Michael Niedermayer wrote:
> Fixes: out of array read
> Fixes: 59828/clusterfuzz-testcase-minimized-ffmpeg_dem_JPEGXL_ANIM_fuzzer-5029813220671488
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>   libavformat/jpegxl_anim_dec.c | 13 +++++++------
>   1 file changed, 7 insertions(+), 6 deletions(-)
> 
> diff --git a/libavformat/jpegxl_anim_dec.c b/libavformat/jpegxl_anim_dec.c
> index c62b596f76..7e4d39385c 100644
> --- a/libavformat/jpegxl_anim_dec.c
> +++ b/libavformat/jpegxl_anim_dec.c
> @@ -108,7 +108,7 @@ static int jpegxl_collect_codestream_header(const uint8_t *input_buffer, int inp
>   
>   static int jpegxl_anim_probe(const AVProbeData *p)
>   {
> -    uint8_t buffer[4096];
> +    uint8_t buffer[4096 + AV_INPUT_BUFFER_PADDING_SIZE];
>       int copied;
>   
>       /* this is a raw codestream */
> @@ -123,7 +123,7 @@ static int jpegxl_anim_probe(const AVProbeData *p)
>       if (AV_RL64(p->buf) != FF_JPEGXL_CONTAINER_SIGNATURE_LE)
>           return 0;
>   
> -    if (jpegxl_collect_codestream_header(p->buf, p->buf_size, buffer, sizeof(buffer), &copied) <= 0 || copied <= 0)
> +    if (jpegxl_collect_codestream_header(p->buf, p->buf_size, buffer, sizeof(buffer) - AV_INPUT_BUFFER_PADDING_SIZE, &copied) <= 0 || copied <= 0)
>           return 0;
>   
>       if (ff_jpegxl_verify_codestream_header(buffer, copied, 0) >= 1)
> @@ -138,7 +138,8 @@ static int jpegxl_anim_read_header(AVFormatContext *s)
>       AVIOContext *pb = s->pb;
>       AVStream *st;
>       int offset = 0;
> -    uint8_t head[256];
> +    uint8_t head[256 + AV_INPUT_BUFFER_PADDING_SIZE];
> +    const int sizeofhead = sizeof(head) - AV_INPUT_BUFFER_PADDING_SIZE;
>       int headsize = 0;
>       int ctrl;
>       AVRational tb;
> @@ -147,7 +148,7 @@ static int jpegxl_anim_read_header(AVFormatContext *s)
>       uint64_t sig16 = avio_rl16(pb);
>       if (sig16 == FF_JPEGXL_CODESTREAM_SIGNATURE_LE) {
>           AV_WL16(head, sig16);
> -        headsize = avio_read(s->pb, head + 2, sizeof(head) - 2);
> +        headsize = avio_read(s->pb, head + 2, sizeofhead - 2);
>           if (headsize < 0)
>               return headsize;
>           headsize += 2;
> @@ -178,10 +179,10 @@ static int jpegxl_anim_read_header(AVFormatContext *s)
>                   if (av_buffer_realloc(&ctx->initial, ctx->initial->size + read) < 0)
>                       return AVERROR(ENOMEM);
>               }
> -            jpegxl_collect_codestream_header(buf, read, head + headsize, sizeof(head) - headsize, &copied);
> +            jpegxl_collect_codestream_header(buf, read, head + headsize, sizeofhead - headsize, &copied);
>               memcpy(ctx->initial->data + (ctx->initial->size - read), buf, read);
>               headsize += copied;
> -            if (headsize >= sizeof(head) || read < sizeof(buf))
> +            if (headsize >= sizeofhead || read < sizeof(buf))
>                   break;
>           }
>       }

What's with the commit message? Seems unrelated to the change.

- Leo Izen

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 4/6] avcodec/evc_parse: Check log2_sub_gop_length

[James Almer]

On 6/18/2023 7:27 PM, James Almer wrote:
> On 6/18/2023 6:50 PM, Michael Niedermayer wrote:
>> Fixes: 1.70141e+38 is outside the range of representable values of 
>> type 'int'
>> Fixes: 
>> 59883/clusterfuzz-testcase-minimized-ffmpeg_BSF_EVC_FRAME_MERGE_fuzzer-5557887217565696
>>
>> Found-by: continuous fuzzing process 
>> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
>> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
>> ---
>>   libavcodec/evc_parse.c | 2 ++
>>   1 file changed, 2 insertions(+)
>>
>> diff --git a/libavcodec/evc_parse.c b/libavcodec/evc_parse.c
>> index 44be5c5291..822b236423 100644
>> --- a/libavcodec/evc_parse.c
>> +++ b/libavcodec/evc_parse.c
>> @@ -277,6 +277,8 @@ EVCParserSPS *ff_evc_parse_sps(EVCParserContext 
>> *ctx, const uint8_t *bs, int bs_
>>       if (!sps->sps_pocs_flag || !sps->sps_rpl_flag) {
>>           sps->log2_sub_gop_length = get_ue_golomb(&gb);
>> +        if (sps->log2_sub_gop_length > 5U)
>> +            return NULL;
>>           if (sps->log2_sub_gop_length == 0)
>>               sps->log2_ref_pic_gap_length = get_ue_golomb(&gb);
>>       }
> 
> LGTM, but please let me apply it as part of my evc patchset to prevent 
> conflicts.

Actually, this is leaving the SPS allocated in the array, which should 
be freed if we're going to start erroring out on failed range checks.
I'll amend it before applying it.
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 6/6] doc/developer: Require new modules to include tests

[Jean-Baptiste Kempf]

On Sun, 18 Jun 2023, at 23:50, Michael Niedermayer wrote:
>  doc/developer.texi | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)

+1

-- 
Jean-Baptiste Kempf -  President
+33 672 704 734
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 6/6] doc/developer: Require new modules to include tests

[Anton Khirnov]

Quoting Michael Niedermayer (2023-06-18 23:50:21)
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  doc/developer.texi | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/doc/developer.texi b/doc/developer.texi
> index a7da2ce2d5..0c2f2cd7d1 100644
> --- a/doc/developer.texi
> +++ b/doc/developer.texi
> @@ -805,7 +805,10 @@ Lines with similar content should be aligned vertically when doing so
>  improves readability.
>  
>  @item
> -Consider adding a regression test for your code.
> +Consider adding a regression test for your code. All new modules
> +should be covered by tests. That includes demuxers, muxers, decoders, encoders

s/should/must/?

-- 
Anton Khirnov
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 6/6] doc/developer: Require new modules to include tests

[Anton Khirnov]

Quoting Lynne (2023-06-18 23:55:56)
> Jun 18, 2023, 23:50 by michael@niedermayer.cc:
> 
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> >  doc/developer.texi | 5 ++++-
> >  1 file changed, 4 insertions(+), 1 deletion(-)
> >
> > diff --git a/doc/developer.texi b/doc/developer.texi
> > index a7da2ce2d5..0c2f2cd7d1 100644
> > --- a/doc/developer.texi
> > +++ b/doc/developer.texi
> > @@ -805,7 +805,10 @@ Lines with similar content should be aligned vertically when doing so
> >  improves readability.
> >  
> >  @item
> > -Consider adding a regression test for your code.
> > +Consider adding a regression test for your code. All new modules
> > +should be covered by tests. That includes demuxers, muxers, decoders, encoders
> > +filters, bitstream filters, parsers. If its not possible to do that, add
> > +an explanation why to your patchset, its ok to not test if theres a reason.
> >
> 
> Could you add assembly code to this as well?
> checkasm is super useful, but is currently lacking quite
> a few tests.

The SIMD/DSP section already says new asm should have tests.
I would be in favor of making that into 'must' (unless very good reason
otherwise).

-- 
Anton Khirnov
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 6/6] doc/developer: Require new modules to include tests

[Paul B Mahol]

NAK
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 3/6] avformat/jpegxl_anim_dec: add FF_JPEGXL_CONTAINER_SIGNATURE_LE

[Michael Niedermayer]

[-- Attachment #1.1: Type: text/plain, Size: 3581 bytes --]

On Sun, Jun 18, 2023 at 06:57:58PM -0400, Leo Izen wrote:
> On 6/18/23 17:50, Michael Niedermayer wrote:
> > Fixes: out of array read
> > Fixes: 59828/clusterfuzz-testcase-minimized-ffmpeg_dem_JPEGXL_ANIM_fuzzer-5029813220671488
> > 
> > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> >   libavformat/jpegxl_anim_dec.c | 13 +++++++------
> >   1 file changed, 7 insertions(+), 6 deletions(-)
> > 
> > diff --git a/libavformat/jpegxl_anim_dec.c b/libavformat/jpegxl_anim_dec.c
> > index c62b596f76..7e4d39385c 100644
> > --- a/libavformat/jpegxl_anim_dec.c
> > +++ b/libavformat/jpegxl_anim_dec.c
> > @@ -108,7 +108,7 @@ static int jpegxl_collect_codestream_header(const uint8_t *input_buffer, int inp
> >   static int jpegxl_anim_probe(const AVProbeData *p)
> >   {
> > -    uint8_t buffer[4096];
> > +    uint8_t buffer[4096 + AV_INPUT_BUFFER_PADDING_SIZE];
> >       int copied;
> >       /* this is a raw codestream */
> > @@ -123,7 +123,7 @@ static int jpegxl_anim_probe(const AVProbeData *p)
> >       if (AV_RL64(p->buf) != FF_JPEGXL_CONTAINER_SIGNATURE_LE)
> >           return 0;
> > -    if (jpegxl_collect_codestream_header(p->buf, p->buf_size, buffer, sizeof(buffer), &copied) <= 0 || copied <= 0)
> > +    if (jpegxl_collect_codestream_header(p->buf, p->buf_size, buffer, sizeof(buffer) - AV_INPUT_BUFFER_PADDING_SIZE, &copied) <= 0 || copied <= 0)
> >           return 0;
> >       if (ff_jpegxl_verify_codestream_header(buffer, copied, 0) >= 1)
> > @@ -138,7 +138,8 @@ static int jpegxl_anim_read_header(AVFormatContext *s)
> >       AVIOContext *pb = s->pb;
> >       AVStream *st;
> >       int offset = 0;
> > -    uint8_t head[256];
> > +    uint8_t head[256 + AV_INPUT_BUFFER_PADDING_SIZE];
> > +    const int sizeofhead = sizeof(head) - AV_INPUT_BUFFER_PADDING_SIZE;
> >       int headsize = 0;
> >       int ctrl;
> >       AVRational tb;
> > @@ -147,7 +148,7 @@ static int jpegxl_anim_read_header(AVFormatContext *s)
> >       uint64_t sig16 = avio_rl16(pb);
> >       if (sig16 == FF_JPEGXL_CODESTREAM_SIGNATURE_LE) {
> >           AV_WL16(head, sig16);
> > -        headsize = avio_read(s->pb, head + 2, sizeof(head) - 2);
> > +        headsize = avio_read(s->pb, head + 2, sizeofhead - 2);
> >           if (headsize < 0)
> >               return headsize;
> >           headsize += 2;
> > @@ -178,10 +179,10 @@ static int jpegxl_anim_read_header(AVFormatContext *s)
> >                   if (av_buffer_realloc(&ctx->initial, ctx->initial->size + read) < 0)
> >                       return AVERROR(ENOMEM);
> >               }
> > -            jpegxl_collect_codestream_header(buf, read, head + headsize, sizeof(head) - headsize, &copied);
> > +            jpegxl_collect_codestream_header(buf, read, head + headsize, sizeofhead - headsize, &copied);
> >               memcpy(ctx->initial->data + (ctx->initial->size - read), buf, read);
> >               headsize += copied;
> > -            if (headsize >= sizeof(head) || read < sizeof(buf))
> > +            if (headsize >= sizeofhead || read < sizeof(buf))
> >                   break;
> >           }
> >       }
> 

> What's with the commit message? Seems unrelated to the change.

Must be some copy and paste mistake



[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Republics decline into democracies and democracies degenerate into
despotisms. -- Aristotle

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

[-- Attachment #2: Type: text/plain, Size: 251 bytes --]

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 4/6] avcodec/evc_parse: Check log2_sub_gop_length

[James Almer]

On 6/18/2023 8:01 PM, James Almer wrote:
> On 6/18/2023 7:27 PM, James Almer wrote:
>> On 6/18/2023 6:50 PM, Michael Niedermayer wrote:
>>> Fixes: 1.70141e+38 is outside the range of representable values of 
>>> type 'int'
>>> Fixes: 
>>> 59883/clusterfuzz-testcase-minimized-ffmpeg_BSF_EVC_FRAME_MERGE_fuzzer-5557887217565696
>>>
>>> Found-by: continuous fuzzing process 
>>> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
>>> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
>>> ---
>>>   libavcodec/evc_parse.c | 2 ++
>>>   1 file changed, 2 insertions(+)
>>>
>>> diff --git a/libavcodec/evc_parse.c b/libavcodec/evc_parse.c
>>> index 44be5c5291..822b236423 100644
>>> --- a/libavcodec/evc_parse.c
>>> +++ b/libavcodec/evc_parse.c
>>> @@ -277,6 +277,8 @@ EVCParserSPS *ff_evc_parse_sps(EVCParserContext 
>>> *ctx, const uint8_t *bs, int bs_
>>>       if (!sps->sps_pocs_flag || !sps->sps_rpl_flag) {
>>>           sps->log2_sub_gop_length = get_ue_golomb(&gb);
>>> +        if (sps->log2_sub_gop_length > 5U)
>>> +            return NULL;
>>>           if (sps->log2_sub_gop_length == 0)
>>>               sps->log2_ref_pic_gap_length = get_ue_golomb(&gb);
>>>       }
>>
>> LGTM, but please let me apply it as part of my evc patchset to prevent 
>> conflicts.
> 
> Actually, this is leaving the SPS allocated in the array, which should 
> be freed if we're going to start erroring out on failed range checks.
> I'll amend it before applying it.

Applied.
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 3/6] avformat/jpegxl_anim_dec: add FF_JPEGXL_CONTAINER_SIGNATURE_LE

[Leo Izen]

On 6/19/23 13:01, Michael Niedermayer wrote:
> On Sun, Jun 18, 2023 at 06:57:58PM -0400, Leo Izen wrote:
>> On 6/18/23 17:50, Michael Niedermayer wrote:
>>> Fixes: out of array read
>>> Fixes: 59828/clusterfuzz-testcase-minimized-ffmpeg_dem_JPEGXL_ANIM_fuzzer-5029813220671488
>>>
>>> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
>>> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
>>> ---
>>>    libavformat/jpegxl_anim_dec.c | 13 +++++++------
>>>    1 file changed, 7 insertions(+), 6 deletions(-)
> 
>> What's with the commit message? Seems unrelated to the change.
> 
> Must be some copy and paste mistake

Pushed with a different commit message as 6a9d13acc26b.

- Leo Izen

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 6/6] doc/developer: Require new modules to include tests

[Anton Khirnov]

Quoting Paul B Mahol (2023-06-19 18:09:06)
> NAK

You like throwing this letter sequence around, but without some actual
arguments it's meaningless and will be ignored.

-- 
Anton Khirnov
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 2/6] avcodec/utils: fix 2 integer overflows in get_audio_frame_duration()

[Michael Niedermayer]

[-- Attachment #1.1: Type: text/plain, Size: 677 bytes --]

On Sun, Jun 18, 2023 at 11:50:17PM +0200, Michael Niedermayer wrote:
> Fixes: signed integer overflow: 256 * 668003712 cannot be represented in type 'int'
> Fixes: 59819/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-4674636538052608
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/utils.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)

will apply

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Avoid a single point of failure, be that a person or equipment.

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

[-- Attachment #2: Type: text/plain, Size: 251 bytes --]

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 6/6] doc/developer: Require new modules to include tests

[Michael Niedermayer]

[-- Attachment #1.1: Type: text/plain, Size: 545 bytes --]

On Sun, Jun 18, 2023 at 11:50:21PM +0200, Michael Niedermayer wrote:
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  doc/developer.texi | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)

will apply

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Rewriting code that is poorly written but fully understood is good.
Rewriting code that one doesnt understand is a sign that one is less smart
than the original author, trying to rewrite it will not make it better.

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

[-- Attachment #2: Type: text/plain, Size: 251 bytes --]

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 5/6] avcodec/vmixdec: Fix several integer anomalies

[Michael Niedermayer]

[-- Attachment #1.1: Type: text/plain, Size: 996 bytes --]

On Sun, Jun 18, 2023 at 11:50:20PM +0200, Michael Niedermayer wrote:
> Fixes: vmixdec.c:132:34: runtime error: signed integer overflow: -2147483648 * 1856 cannot be represented in type 'int'
> Fixes: vmixdec.c:119:20: runtime error: signed integer overflow: -1256 + -2147483648 cannot be represented in type 'int'
> Fixes: vmixdec.c:137:36: runtime error: signed integer overflow: 2147483416 * 16 cannot be represented in type 'int'
> Fixes: 59843/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VMIX_fuzzer-4857434624360448
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/vmixdec.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)

will apply

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

The greatest way to live with honor in this world is to be what we pretend
to be. -- Socrates

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

[-- Attachment #2: Type: text/plain, Size: 251 bytes --]

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".