This blocks disallowed extensions from probing
It also requires all available segments to have matching extensions to the format
mpegts is treated independent of the extension
It is recommended to set the whitelists correctly
instead of depending on extensions, but this should help a bit,
and this is easier to backport
Fixes: CVE-2023-6602 II. HLS Force TTY Demuxer
Fixes: CVE-2023-6602 IV. HLS XBIN Demuxer DoS Amplification
The other parts of CVE-2023-6602 have been fixed by prior commits
Found-by: Harvey Phillips of Amazon Element55 (element55)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
codec37 operates on 2 buffers, which must be considered private to
the codec and must therefore not be changed by subsequent FOBJs.
Let codec37 therefore operate on frm1/2 instead of frm0/2, but copy
the decoded image to frm0 where other codecs operate on.
Fixes artifacts encountered in Full Throttle "dazed.san" and also
in a lot of Rebel Assault II gameplay videos: these videos consist of
frames with an initial codec37 FOBJ image to set the stage, and
optional codec1-23 FOBJs overlaid on top of that image.
Signed-off-by: Manuel Lauss <manuel.lauss@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This was disabled in da60b99a88 and then
accidentally re-enabled in 172b0e2e88.
The code in question was never properly adapted for litte-endian mode.
refs: trac/10955
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The comments supposed to track the possible value of the qmat and qmat16
matrices, but they were not updated properly in the long history of the
mpegvideo encoder. Also they wrongly assumed the usage of built-in quantizer
matrices and linear quantization.
Signed-off-by: Marton Balint <cus@passwd.hu>
Values in csp, prim, trc, etc, are irrelevant if there's no conversion needed.
Reviewed-by: Niklas Haas <ffmpeg@haasn.xyz>
Signed-off-by: James Almer <jamrial@gmail.com>
Fixes: Use of uninitialized memory
Fixes: 71444/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-5448597561212928
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: -277109688 * 8 cannot be represented in type 'int'
Fixes: 376118159/clusterfuzz-testcase-minimized-ffmpeg_SWR_fuzzer-5884436320681984
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: use of uninitialized memory
Fixes: 375286238/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HYMT_fuzzer-6352546854141952
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: Use of uninitialized memory
Fixes: 377642312/clusterfuzz-testcase-minimized-ffmpeg_dem_IAMF_fuzzer-4554550985424896
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: use of uninitilaized data
Fixes: 385167047/clusterfuzz-testcase-minimized-ffmpeg_dem_IPMOVIE_fuzzer-5941477505564672
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
ff_parse_mpeg2_descriptor() reads over what is initialized
Fixes: use of uninitialized memory
Fixes: 383825645/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-5144130618982400
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: use of uninitialized data
Fixes: 383825642/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5380168801124352
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
It performs better when its less buggy
Compression changes for rgb_scanline_half_piz_dw_t08 (using float16 with remaping) from
56086 byte to 34371
(with a single slice its 28122 byte)
prior remap it was 188186 bytes
ACES_OT_VWG_SampleFrames/ACES_OT_VWG_SampleFrames improves too but only by a fraction of a percent
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Don't export a matrix encoding side data when there's none signaled.
And if downmixing was handled by the decoder itself, then the downmix info does
not apply to the frame.
Signed-off-by: James Almer <jamrial@gmail.com>
With this, if the eac3 dependent frame doesn't have coded downmix values when
parsed by ff_eac3_parse_header(), it will inherit the coded ones from the core
ac3 frame instead of ignoring them.
Signed-off-by: James Almer <jamrial@gmail.com>
A flag in the codec header determines whether opcodes 0xfd/0xfe
are to be treated as special or not. The current code has 2
implementations of the same decoding scheme, with one treating
the 2 opcodes as special, the other not.
Collapse them into a single implementation and treat these opcode
according to the flag.
Signed-off-by: Manuel Lauss <manuel.lauss@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
RLE-compressed stream of motion vector indices and a special opcode
to fill a block with data from the source stream.
It is used in the LucasArts "Full Throttle" blink*.san animations.
Signed-off-by: Manuel Lauss <manuel.lauss@gmail.com>
Fixes: Ticket5753
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
packet_buffer is used in mux.c, and if a muxing process fails at a point where
packets remained in said queue, they will leak.
Fixes ticket #11419
Signed-off-by: James Almer <jamrial@gmail.com>
Fixes: applying zero offset to null pointer
partly Fixes: verysmall.flv
Found-by: Elias Myllymäki <elias.myllymaki04p@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Found-by: Elias Myllymäki <elias.myllymaki04p@gmail.com>
Reviewed-by: Alexander Strasser <eclipse7@gmx.net>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This may be needed for floats
Sponsored-by: Sovereign Tech Fund
Reviewed-by: Alexander Strasser <eclipse7@gmx.net>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: undefined NULL pointer use
Fixes: clusterfuzz-testcase-minimized-audio_decoder_fuzzer-6363211175493632
This performs equivalent sanity checks as are done in mov_read_trak()
before mov_build_index()
Reported-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
