Commit Graph

123 Commits

Author SHA1 Message Date
Michael Niedermayer
ce7098b8f2 avcodec/dvdsubdec: Fix runtime error: left shift of 242 by 24 places cannot be represented in type 'int'
Fixes: 1080/clusterfuzz-testcase-5353236754071552

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-05-05 04:25:07 +02:00
Michael Niedermayer
61ee2ca775 avcodec/dvdsubdec: Fixes 2 runtime error: left shift of 170 by 24 places cannot be represented in type 'int'
Fixes: 619/clusterfuzz-testcase-5803914534322176

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-04-07 03:38:31 +02:00
Clément Bœsch
549045254c Fix all -Wformat warnings raised by DJGPP 2017-03-29 14:49:29 +02:00
Michael Niedermayer
c92f55847a avcodec/dvdsubdec: Fix off by 1 error
Fixes out of array read

Found-by: Thomas Garnier using libFuzzer
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-10-26 19:50:53 +02:00
Michael Niedermayer
25ab1a65f3 avcodec/dvdsubdec: Fix buf_size check
Fixes out of array access

Found-by: Thomas Garnier using libFuzzer
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-10-26 18:46:10 +02:00
Paul B Mahol
6cbd47bf90 avcodec/dvdsubdec: ignore h <= 1 case, to properly decode subtitle
Fixes #5825. If h == 1, second decode_rle() fails.

Regression since: 3f0a3e9e12.

Signed-off-by: Paul B Mahol <onemda@gmail.com>
2016-09-18 15:22:48 +02:00
Ganesh Ajjanagadde
14886bebfe avcodec/dvdsubdec: fix typo in dlog message
Likely accidental in 764900d645.

Fixes: CID 1341578.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>
2015-12-06 08:11:47 -05:00
Clément Bœsch
fb99ef0bd3 avcodec: use AV_OPT_TYPE_BOOL in a bunch of places 2015-12-04 15:37:05 +01:00
Michael Niedermayer
764900d645 avcodec/dvdsubdec: Fix types for offset1/2 in ff_dlog()
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-22 19:26:05 +01:00
Derek Buitenhuis
cde68661bf Merge commit '5c30ae1a09b66179e16694f6137658023ed1fef3'
* commit '5c30ae1a09b66179e16694f6137658023ed1fef3':
  dvdsubdec: Validate the RLE offsets

  Conflicts:
      libavcodec/dvdsubdec.c

Merged-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2015-11-22 17:15:21 +00:00
Luca Barbato
5c30ae1a09 dvdsubdec: Validate the RLE offsets
CC: libav-stable@libav.org
2015-11-17 18:56:29 +01:00
Andreas Cadhalpun
f621749d11 dvdsubdec: validate offset2 similar to offset1
If it is negative, it causes segmentation faults in decode_rle.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2015-11-11 00:39:47 +01:00
Hendrik Leppkes
ee573b4d31 Merge commit 'a17a7661906ba295d67afd80ac0770422e1b02b3'
* commit 'a17a7661906ba295d67afd80ac0770422e1b02b3':
  lavc: Add data and linesize to AVSubtitleRect

Merged-by: Hendrik Leppkes <h.leppkes@gmail.com>
2015-10-22 21:41:53 +02:00
Vittorio Giovara
a17a766190 lavc: Add data and linesize to AVSubtitleRect
Use the new fields directly instead of the ones from AVPicture.
This removes a layer of indirection which serves no pratical purpose
whatsoever, and will help in removing AVPicture structure completely
later.

Every subtitle encoder/decoder seamlessly points to the new arrays,
so it is possible to deprecate AVSubtitleRect.pict.

Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
2015-10-21 12:02:29 +02:00
wm4
e859a3c864 avcodec/dvdsubdec: don't use a NULL log context 2015-09-22 17:41:01 +02:00
wm4
9aab222239 avcodec/dvdsubdec: reject some broken packets
If cmd_pos is broken, this would just keep accumulating packets in the
reassembly buffer, until it fails and flushes the buffer on overflow.
Since packets are usually rather small, this will take a lot of subtitle
packets. The perceived effect is that subtitles are not displayed
anymore after the faulty packet was passed to the decoder.

I'm not terribly sure about this, but on the other hand this code is
active only when fragmented packets need to be reassembled.

Fixes sample file in trac issue #4872.
2015-09-22 17:41:01 +02:00
wm4
f874e2728b avcodec/dvdsub: fix partial packet assembly
Assuming the first and second packets are partial, this would append the
reassembly buffer (ctx->buf) to itself with the second
append_to_cached_buf() call, because buf is set to ctx->buf.

I do not know a valid sample file which triggers this, and do not know
if packets can be split into more than 2 sub-packets, but it triggered
with a (differently) broken sample file in trac issue #4872.
2015-09-22 17:41:01 +02:00
wm4
4ed5a73a7e avcodec/dvdsubdec: fix indentation 2015-09-21 13:46:34 +02:00
wm4
6f2c64fd03 dvdsubdec: implement flushing
This is needed for proper operation with seeking.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-05-28 16:10:56 +02:00
wm4
0ad04bf6a2 dvdsubdec: reset buffer size on invalid over-large packets
Otherwise it will never be reset, and remain "stuck" in this state
forever. Can happen when seeking: the decoder will receive fragments
from different file positions, which triggers the condition easily.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-05-28 15:31:07 +02:00
Michael Niedermayer
8f7b022c8c Merge commit '6a85dfc830f51f1f5c2d36d4182d265c1ea3ba25'
* commit '6a85dfc830f51f1f5c2d36d4182d265c1ea3ba25':
  lavc: Replace av_dlog and tprintf with internal macros

Conflicts:
	libavcodec/aacdec.c
	libavcodec/audio_frame_queue.c
	libavcodec/bitstream.c
	libavcodec/dcadec.c
	libavcodec/dnxhddec.c
	libavcodec/dvbsubdec.c
	libavcodec/dvdec.c
	libavcodec/dvdsubdec.c
	libavcodec/get_bits.h
	libavcodec/gifdec.c
	libavcodec/h264.h
	libavcodec/h264_cabac.c
	libavcodec/h264_cavlc.c
	libavcodec/h264_loopfilter.c
	libavcodec/h264_refs.c
	libavcodec/imc.c
	libavcodec/interplayvideo.c
	libavcodec/jpeglsdec.c
	libavcodec/libopencore-amr.c
	libavcodec/mjpegdec.c
	libavcodec/mpeg12dec.c
	libavcodec/mpegvideo_enc.c
	libavcodec/mpegvideo_parser.c
	libavcodec/pngdec.c
	libavcodec/ratecontrol.c
	libavcodec/rv10.c
	libavcodec/svq1dec.c
	libavcodec/vqavideo.c
	libavcodec/wmadec.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2015-04-20 04:10:10 +02:00
Vittorio Giovara
6a85dfc830 lavc: Replace av_dlog and tprintf with internal macros 2015-04-19 12:41:59 +01:00
Michael Niedermayer
3d5c0ba816 Merge commit 'ec17782e17de1e8501ca213e276dfe5412ff1d11'
* commit 'ec17782e17de1e8501ca213e276dfe5412ff1d11':
  dvdsubdec: Check memory allocations

Conflicts:
	libavcodec/dvdsubdec.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2015-02-17 22:31:26 +01:00
Vittorio Giovara
ec17782e17 dvdsubdec: Check memory allocations 2015-02-17 12:16:43 -05:00
wm4
816577716b avcodec/dvdsubdec: fix accessing dangling pointers
dvdsub_decode() can call append_to_cached_buf() 2 times, the second time
with ctx->buf as argument. If the second append_to_cached_buf() reallocs
ctx->buf, the argument will be a pointer to the previous, freed block.
This can cause invalid reads at least with some fuzzed files - and
possibly with valid files.

Since packets can apparently not be larger than 64K (even if packets are
combined), just use a fixed size buffer. It will be allocated as part of
the DVDSubContext, and although some memory is "wasted", it's relatively
minimal by modern standards and should be acceptable.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-01-08 17:45:32 +01:00
wm4
bcaa9099b3 avcodec/dvdsubdec: error on bitmaps with size 0
Attemtping to decode them could lead to invalid writes with some fuzzed
samples.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-01-08 01:42:42 +01:00
wm4
c9151de7c4 avcodec/dvdsubdec: fix out of bounds accesses
The code blindly trusted buffer offsets read from the file in the RLE
decoder. Explicitly check the offset. Also error out on other RLE
decoding errors.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-01-05 05:03:49 +01:00
Michael Niedermayer
5d0cfb58ef avcodec/dvdsubdec: Avoid strerror() due to thread saftey
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-13 15:15:07 +01:00
Michael Niedermayer
ac967ad872 Merge commit 'd466d82faaf6e0e57a3a4be5e38e3902ef251ac3'
* commit 'd466d82faaf6e0e57a3a4be5e38e3902ef251ac3':
  dvdsubdec: Do not leak on failure path

Conflicts:
	libavcodec/dvdsubdec.c

See: 7fa9f7ef1c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-11-21 22:36:01 +01:00
Luca Barbato
d466d82faa dvdsubdec: Do not leak on failure path
CC: libav-stable@libav.org
Bug-Id: CID 1198262
2014-11-21 12:36:19 +00:00
Michael Niedermayer
1de786777e avcodec/dvdsubdec: Check all fseek()s return codes
Fixes CID1254660

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-11-16 17:50:18 +01:00
Shin-ichi Toyama
12630fa821 avcodec/dvdsubdec: New option for obtaining global palette from .IFO file (experimental)
Suggested-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-11-15 12:50:39 +01:00
Nicholas Robbins
c7d21dee28 libavcodec/dvdsubdec: Add option forced_subs_only to only decode forced subtitle frames.
Signed-off-by: Nicholas Robbins <nickrobbins@yahoo.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-09-22 21:01:13 +02:00
Michael Niedermayer
5c073bbb57 avcodec/dvdsubdec: fix VD/SD identifier name
Found-by: Nicholas Robbins <nickrobbins-at-yahoo.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-09-19 23:47:20 +02:00
Michael Niedermayer
2d7cec14be avcodec/dvdsubdec: Dont mix integers with pointers
Reviewed-by: James Darnley <james.darnley@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-08-16 15:58:40 +02:00
Michael Niedermayer
fb33bff990 Merge commit 'f929ab0569ff31ed5a59b0b0adb7ce09df3fca39'
* commit 'f929ab0569ff31ed5a59b0b0adb7ce09df3fca39':
  cosmetics: Write NULL pointer equality checks more compactly

Conflicts:
	cmdutils.c
	ffmpeg_opt.c
	ffplay.c
	libavcodec/dvbsub.c
	libavcodec/dvdsubdec.c
	libavcodec/dvdsubenc.c
	libavcodec/dxa.c
	libavcodec/libxvid_rc.c
	libavcodec/mpegvideo.c
	libavcodec/mpegvideo_enc.c
	libavcodec/rv10.c
	libavcodec/tiffenc.c
	libavcodec/utils.c
	libavcodec/vc1dec.c
	libavcodec/zmbv.c
	libavdevice/v4l2.c
	libavformat/matroskadec.c
	libavformat/movenc.c
	libavformat/sdp.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-08-15 21:00:50 +02:00
Gabriel Dume
4b1f5e5090 cosmetics: Write NULL pointer inequality checks more compactly
Signed-off-by: Diego Biurrun <diego@biurrun.de>
2014-08-15 05:34:13 -07:00
Gabriel Dume
f929ab0569 cosmetics: Write NULL pointer equality checks more compactly
Signed-off-by: Diego Biurrun <diego@biurrun.de>
2014-08-15 03:18:18 -07:00
Michael Niedermayer
dd200c56c0 avcodec/dvdsubdec: free subtitle rectangles if nothing is output
Fixes assertion failure
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-07-31 14:17:46 +02:00
Oliver Fromme
d73823286d avcodec/dvdsubdec: fix alpha in debuging code
improve the debugging function for saving subtitles
to PPM files: Actually use the alpha channel.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-07-04 00:35:21 +02:00
Oliver Fromme
3f0a3e9e12 avcodec/dvdsubdec: Fix off-by-one error
Fix an off-by-one error that causes the height of decoded
subtitles to be too small, thus cutting off the lowest row
of pixels.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-07-04 00:32:43 +02:00
Michael Niedermayer
5440151fa4 Merge commit '3dc6272bed7890a49080e18eacf3c7a4a6594b0d'
* commit '3dc6272bed7890a49080e18eacf3c7a4a6594b0d':
  Remove a number of unnecessary dsputil.h #includes

Conflicts:
	libavcodec/h264pred.c
	libavcodec/vc1dsp.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-04-05 18:54:15 +02:00
Diego Biurrun
3dc6272bed Remove a number of unnecessary dsputil.h #includes 2014-04-04 19:08:05 +02:00
Michael Niedermayer
6016b8329b Merge commit '05563ccacc98fd185affdbf8cbaf094caf36b852'
* commit '05563ccacc98fd185affdbf8cbaf094caf36b852':
  dsputil: cosmetics: Lose camelCase on ff_cropTbl and ff_squareTbl names

Conflicts:
	libavcodec/bit_depth_template.c
	libavcodec/motionpixels_tablegen.h

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-03-14 00:39:51 +01:00
Diego Biurrun
05563ccacc dsputil: cosmetics: Lose camelCase on ff_cropTbl and ff_squareTbl names
Also switch from "tbl" to "tab" name suffixes.
2014-03-13 08:12:44 -07:00
Michael Niedermayer
7fa9f7ef1c dvdsub_parse_extradata: fix memleak
Fixes CID1135765
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-12-10 18:30:44 +01:00
Michael Niedermayer
b7fea3daab libavcodec/dvdsubdec: remove exit() call in debug code
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-11-08 00:42:50 +01:00
Michael Niedermayer
48f37664a8 Merge remote-tracking branch 'qatar/master'
* qatar/master:
  Remove #undefs for formerly forbidden system functions

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2013-11-07 23:39:31 +01:00
Diego Biurrun
86f910806b Remove #undefs for formerly forbidden system functions
The macros forbidding the system functions no longer exist, obviating
the need for the #undefs.
2013-11-07 00:26:15 +01:00
Michael Niedermayer
4a35651267 Merge commit 'd6da372984c87fd6288c148c291065d6032ceda3'
* commit 'd6da372984c87fd6288c148c291065d6032ceda3':
  eacmv: stop using deprecated avcodec_set_dimensions
  dvdsubdec: stop using deprecated avcodec_set_dimensions
  dvdec: stop using deprecated avcodec_set_dimensions
  dpx: stop using deprecated avcodec_set_dimensions

Conflicts:
	libavcodec/dpx.c
	libavcodec/dvdec.c
	libavcodec/dvdsubdec.c
	libavcodec/eacmv.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2013-11-01 14:01:02 +01:00