git.ffmpeg.org Git - ffmpeg.git/log

avformat/img2dec: reject input images too big to fit into a single packet

Not entirely sure if it should instead use some entirely different
approach here, given that images exceeding 2GB don't seem that crazy
to me, but so far processing such images results in a heap overflow,
since the size addition overflows and a much too small packet is
allocated and its size never checked again when writing into it.

Fixes #YWH-PGM40646-32

(cherry picked from commit f6a95c7eb786f895812adaaa08d2fe91c4d4caf8)

doc/examples/qsv_transcode: EINVAL is more appropriate and ENAVAIL will fail build with visual studio

Signed-off-by: clarkh <hungkuishing@outlook.com>
(cherry picked from commit 6d129d8df5a3d8172a9565709a0b4ad4c86a8b52)

avutil/hwcontext_qsv: fix GCC 14.1 warnings

Tested-by: Tong Wu <tong1.wu@intel.com>
Signed-off-by: oltolm <oleg.tolmatcev@gmail.com>
(cherry picked from commit 45d31614bcc54c5ccbaabf07e7336ac477e2b424)

avfilter/stack_internal: fix checkheaders test

Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
(cherry picked from commit 1a1377c53decf1264ca255910124caae82fd63a0)

all: apply linter fixes

tools/check_arm_indent: skip empty glob

forgejo: apply needed CI changes for 6.0

forgejo: backport CI to release/6.0

lavc/aarch64: Fix addp overflow in ff_pred16x16_plane_neon_10

The mismatch between neon and C functions can be reproduced
using the following bitstream and command line on aarch64 devices.

wget https://streams.videolan.org/ffmpeg/incoming/replay_intra_pred_16x16.h264
./ffmpeg -cpuflags 0 -threads 1 -i replay_intra_pred_16x16.h264 -f framemd5 -y md5_ref
./ffmpeg -threads 1 -i replay_intra_pred_16x16.h264 -f framemd5 -y md5_neon

Signed-off-by: Bin Peng <pengbin@visionular.com>
(cherry picked from commit 3115c0c0e6c27c689a02a7267dcf8e61fa2ac425)

lavc/aarch64: Fix ff_pred16x16_plane_neon_10

Fix test failure on aarch64:
./tests/checkasm/checkasm --test=h264pred 367840

Signed-off-by: Peng Bin <pengbin@visionular.com>
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 72a3656e8468a394373b6397aacc906d7f7794c2)

lavc/aarch64: Fix ff_pred8x8_plane_neon_10

Fix test failure on aarch64:
./tests/checkasm/checkasm --test=h264pred 479612

The mismatch between neon and C functions can also be reproduced using the following bitstream and command line.

wget https://streams.videolan.org/ffmpeg/incoming/intra8x8pred_10bit.264
./ffmpeg -cpuflags 0 -threads 1 -i intra8x8pred_10bit.264 -f framemd5 -y md5_ref
./ffmpeg -threads 1 -i intra8x8pred_10bit.264 -f framemd5 -y md5_neon

Signed-off-by: Bin Peng <pengbin@visionular.com>
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit decc9e643cc3ac5537f42b465e2637fbefbf41cc)

avcodec/x86/pngdsp: add missing emms at the end of add_png_paeth_prediction

Fixes unpredictable behavior with floats.

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 57a29f2e7dd2374a1df27316c6cf7c0225e86758)

configure: Use MSYSTEM_CARCH for default arch on msys2

On msys2, `uname -m` returns the architecture of the base msys2
layer. On Windows on arm64, the base msys2 layer itself is still
x86_64 only, even if running with e.g. the clangarm64 where the
windows native applications are built as aarch64.

If MSYSTEM_CARCH is set, use this instead of `uname -m` for
the default architecture. This gives the correct behaviour
for the clangarm64 environments. It also gives the correct
default for the 32 bit x86 environments such as `mingw32`.

(On `mingw32`, the fact that `uname -m` returned `x86_64`
hasn't been an issue, as both that and `i686` gets normalized
into `x86` internally in ffmpeg's configure.)

Signed-off-by: Coia Prant <coiaprant@gmail.com>
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit df967d095ae6a42a46cd4c46b96d61cc1c319b23)

avfilter/avfiltergraph: fix regression in picking channel layout

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 1b3f4842c18409dba5a345ef9e7b3de7a4fa3657)

lsws/ppc/yuv2rgb_altivec: Fix build in non-VSX environments with Clang v2

v2: test for function if AltiVec is enabled instead of with AltiVec and without VSX

(cherry picked from commit 49c8f33262d7c113c71cee9cd30b990a92afa0a1)
Signed-off-by: Brad Smith <brad@comstyle.com>

lsws/ppc/yuv2rgb_altivec: Fix build in non-VSX environments with Clang

Add a check for the existence of the vec_xl() function. Clang provides
the function even with VSX not enabled.

(cherry picked from commit 30a8641465f7b7923e92d8724ef6a595fccb9e58)
Signed-off-by: Brad Smith <brad@comstyle.com>

avformat/mov: (v4) fix get_eia608_packet

The problem is reproducible with "Test for Quicktime 608 CC file.mov"
from https://samples.ffmpeg.org/MPEG2/subcc/

ffmpeg -i "Test for Quicktime 608 CC file.mov" -map 0 -c copy -y remuxed.mov

See https://trac.ffmpeg.org/ticket/11470

riscv: test for assembler support

This should fix the build on LLVM 16 and earlier, at the cost of turning
all non-RVV optimisations off.

Signed-off-by: Brad Smith <brad@comstyle.com>

avcodec/libx265: unbreak build for X265_BUILD >= 213

Earlier, x265 made an API change to support alpha and
other multiple layer pictures. We added guards to accommodate
that in 1f801dfdb5

They have now reverted that API change in
https://bitbucket.org/multicoreware/x265_git/commits/78e5b703b1

Updated our wrapper guards to unbreak build again.

lavc/hevcdec: set per-CTB filter parameters for WPP

Fixes #10887

(cherry picked from commit 536bb988889eec08c5a1d5fd733f9e98569ae65e)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit f705bc5b7333ed45d476f473df8f6bf893e867e2)
Signed-off-by: Anton Khirnov <anton@khirnov.net>

lavc/hevc: check framerate num/den to be strictly positive

Rather than just != 0. These values are read as uint32 and can become
negative when cast to int.

(cherry picked from commit eec1a7a6bb952c09945d908d2d5de35909516778)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 9cadadb9a12aaf30b196c896073c473d91a2bdf0)
Signed-off-by: Anton Khirnov <anton@khirnov.net>

lavc/libx265: unbreak build for X265_BUILD >= 210

x265 added support for alpha starting with build 210.
While doing so, x265_encoder_encode() changed its fifth arg to
an array of pointers to x265_picture. This broke building lavc/libx265.c

This patch simply unbreaks the build and maintains existing single-layer
non-alpha encoding support.

Fixes #11130

configure: improve check for POSIX ioctl

Instead of relying on system #ifdefs which may or may not be correct,
detect the POSIX ioctl signature at configure time.

(cherry picked from commit 00b64fca55a3a009c9d0e391c85f4fd3291e5d12)
Signed-off-by: Brad Smith <brad@comstyle.com>

configure: restore autodetection of v4l2 and fbdev

The detection logic for v4l2 and fbdev was accidentally modified to
depend on v4l2-m2m in 43b3412.

(cherry picked from commit 7405f1ad5351cc24b91a0227aeeaf24ff9d12278)
Signed-off-by: Brad Smith <brad@comstyle.com>

configure: use just the pkg-config for sndio

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f6d846459043786eb859ff1c95af30e6fbc2d0e4)
Signed-off-by: Brad Smith <brad@comstyle.com>

avformat/hlsenc: correctly reset subtitle stream counter per-varstream

Without resetting it, if there was a previous set of varstreams with
subtitles, it would subtract from all the streams, leading to chaos and
segfaults when trying to access for example stream -1.

libavcodec/arm/mlpdsp_armv5te: fix label format to work with binutils 2.43

binutils 2.43 has stricter validation for labels[1] and results in errors
when building ffmpeg for armv5:

src/libavcodec/arm/mlpdsp_armv5te.S:232: Error: junk at end of line, first unrecognized character is `0'

Remove the leading zero in the "01" label to resolve this error.

[1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=226749d5a6ff0d5c607d6428d6c81e1e7e7a994b

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 654bd47716c4f36719fb0f3f7fd8386d5ed0b916)

avcodec/nvenc: fix segfault in intra-only mode

In intra-only mode, frameIntervalP is 0, which means the frame
data array is smaller than the number of surfaces.

Together with using the wrong size on deallocation of the
frame_data_array, this lead to a crash.

Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
(cherry picked from commit c9151ea50715c4ce47ad1c8df519781565db01f6)

lavc/vp9: reset segmentation fields when segmentation isn't enabled

Fields under the segmentation switch are never reset on a new frame, and
retain the value from the previous frame. This bugs out a bunch of
hwaccel drivers when segmentation is disabled but update_map isn't
reset because they don't ignore values behind switches. This commit also
resets the temporal field, though it may not be required.

We also do this for vp8 [1] so this commit is just mirroring the vp8
logic.

This fixes an issue with certain samples [2] that causes blocky
artifacts with vaapi, d3d11va and cuda (and possibly others).
Mesa worked around [3] this by ignoring these fields if
segmentation.enabled is 0, but d3d11va still displays blocky artifacts.

[1] https://git.ffmpeg.org/gitweb/ffmpeg.git/blob/2e877090f958131accb8c7e5ac10e5b9865d1735:/libavcodec/vp8.c#l797
[2] https://github.com/mpv-player/mpv/issues/13533
[3] https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/27816

Signed-off-by: llyyr <llyyr.public@gmail.com>

configure: enable ffnvcodec, nvenc, nvdec for FreeBSD

Signed-off-by: Brad Smith <brad@comstyle.com>
(cherry picked from commit 43b1a956789bf0d5796769427d40c78e460c247f)
Signed-off-by: Brad Smith <brad@comstyle.com>

avcodec/x86/vp3dsp_init: Set correct function pointer, fix crash

Regression since fd172185580c1ccdcfb90bbfdb59fa806fad3117;
triggered by vp4/KTkvw8dg1J8.avi in the FATE suite, but not
when running fate as this code is not used when the bitexact
flag is set.

Bisecting done by ami_stuff, patch from user Mika Fischer
in ticket #10027 (which this commit fixes).

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit c3ca90a92e7211aef8ad1d044518a34f6ba137d7)

avutil/thread: fix pthread_setname_np parameters for NetBSD and Apple

Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit 71ea90638efa56b4cd006bfa6cfb464d2169692d)
Signed-off-by: Brad Smith <brad@comstyle.com>

avutil/thread: add support for setting thread name on *bsd and solaris

FreeBSD/DragonFly/Solaris use pthread_setname_np(). OpenBSD uses pthread_set_name_np().

Signed-off-by: Brad Smith <brad@comstyle.com>
Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit fd16d8c68cd7b820eda76c407b0645b7cf470efd)
Signed-off-by: Brad Smith <brad@comstyle.com>

avutil/ppc/cpu: Also use the machdep.altivec sysctl on NetBSD

Use the machdep.altivec sysctl on NetBSD for AltiVec detection
as is done with OpenBSD.

(cherry picked from commit 115c96b9bd53e775f425f23d5b73fa0a9dedbd08)
Signed-off-by: Brad Smith <brad@comstyle.com>

lavd/v4l2: Use proper field type for second parameter of ioctl() with BSD's

The proper type was used until 73251678c83cbe24d08264da693411b166239bc7.

This covers all of the OS's that currently have V4L2 support, permutations
of Linux glibc/musl, Android bionic, FreeBSD, NetBSD, OpenBSD, Solaris.

Copied from FreeBSD ports patch.

Signed-off-by: Brad Smith <brad@comstyle.com>
Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit 9e674b31606c805dd31b4bb754364a72a5877238)
Signed-off-by: Brad Smith <brad@comstyle.com>

Update for 6.0.2

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

fate/subtitles: Ignore line endings for sub-scc test

Since 7bf1b9b35769b37684dd2f18a54f01d852a540c8,
the test produces ordinary \n, yet this is not what the reference
file used for the most time, leading to test failures.

Reviewed-by: Martin Storsjö <martin@martin.st>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit 99d33cc661fbd04e8657831b818042b11f1862a2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/mxfdec: Check index_edit_rate

Fixes: Assertion b >=0 failed at libavutil/mathematics.c:62
Fixes: 67811/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-5108429687422976

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ed49391961999f028e0bc55767d0eef6eeb15e49)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

swscale/utils: Fix xInc overflow

Fixes: signed integer overflow: 2 * 1073741824 cannot be represented in type 'int'
Fixes: 67802/clusterfuzz-testcase-minimized-ffmpeg_SWS_fuzzer-6249515855183872

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1a9eda65d027e0167f7363e0514f71311ac5d8d1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/isom: Uninit layout in ff_mp4_read_dec_config_descr()

Fixes: memleak
Fixes: 67442/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-5068813261406208

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit d157725cf726adc29385d264eaf79ae430b1f3e5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/exr: Dont use 64bits to hold 6bits

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e3984de6ffd6068efcfb5c576f1ec788211608fe)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/exr: Check for remaining bits in huf_unpack_enc_table()

Fixes: Timeout
Fixes: 67645/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-6308760977997824

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 589fa8a027f3b1707d78d7c45335acc498a5e887)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/mpegts: Reset local nb_prg on add_program() failure

add_program() will deallocate the whole array on failure so
we must clear nb_prgs

Fixes: null pointer dereference
Fixes: crash-35a3b39ddcc5babeeb005b7399a3a1217c8781bc

Found-by: Catena cyber
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cb9752d897de17212a7a3ce54ad3e16b377b22c0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/aiffdec: Check for previously set channels

Fixes: out of array access (av_channel_layout_copy())
Fixes: 67087/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-4920720268263424

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 23b29f72eeb2ff6f2176ee74b9abe78aec4cd1f4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/mxfdec: Make edit_unit_byte_count unsigned

Suggested-by: Marton Balint <cus@passwd.hu>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f30fe5e8d002e15f07eaacf720c5654097cb62df)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/movenc: Check that cts fits in 32bit

Fixes: Assertion av_rescale_rnd(start_dts, mov->movie_timescale, track->timescale, AV_ROUND_DOWN) <= 0 failed at libavformat/movenc.c:3694
Fixes: poc2

Found-by: Wang Dawei and Zhou Geng, from Zhongguancun Laboratory
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d88c284c18bf6cd3dd24a7c86b5e496dd3037405)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/mxfdec: Check first case of offset_temp computation for overflow

This is kind of ugly
Fixes: signed integer overflow: 255 * 1157565362826411919 cannot be represented in type 'long'
Fixes: 67313/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-6250434245230592

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d6ed6f6e8dffcf777c336869f56002da588e2de8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avfilter/vf_signature: Dont crash on no frames

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3d5f03bbc8bba2929cc09b07d2731ae5d392e772)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/westwood_vqa: Fix 2g packets

Fixes: signed integer overflow: 2147483424 * 2 cannot be represented in type 'int'
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_WSVQA_fuzzer-4576211411795968

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 86f73277bf014e2ce36dd2594f1e0fb8b3bd6661)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/matroskadec: Check timescale

Fixes: 3.82046e+18 is outside the range of representable values of type 'unsigned int'
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6381436594421760

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e849eb23432e45d0a1fda3901bb84eff0ce91282)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/wavdec: satuarte next_tag_ofs, data_end

Fixes: signed integer overflow: 5053074104798691550 + 5053074104259715104 cannot be represented in type 'long'
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-6515315309936640

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 61dca9e150b723a160d4a570885f3e5326c3d276)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/sbgdec: Check for negative duration

Fixes: signed integer overflow: 9223372036854775807 - -8000000 cannot be represented in type 'long'
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-5133181743136768

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0bed22d597b78999151e3bde0768b7fe763fc2a6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/rpl: Use 64bit for total_audio_size and check it

Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-4677434693517312
Fixes: signed integer overflow: 5555555555555555556 * 8 cannot be represented in type 'long long'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 878625812f164fbb733f442965235656d9eaccc8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/timecode: use 64bit for intermediate for rounding in fps_from_frame_rate()

Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-4802790784303104
Fixes: signed integer overflow: 1768972133 + 968491058 cannot be represented in type 'int'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3d8d778a68531b406455f8090d81216ef374ab75)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/mov: use 64bit for intermediate for rounding

Fixes: signed integer overflow: 1768972133 + 968491058 cannot be represented in type 'int'
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-4802790784303104

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f01a89c5a378cb7b55a0bcb5763cfb1da83b81f1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/jacosubdec: Use 64bit for abs

Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_JACOSUB_fuzzer-5401294942371840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 746203af3116288b1dd4442e46a5724ba759e831)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/concatdec: Check user_duration sum

Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_CONCAT_fuzzer-6434245599690752
Fixes: signed integer overflow: 9223372026773000000 + 22337000000 cannot be represented in type 'long'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 007486058c2eb7a7518450a2ddb4fa98845887a3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/wavarc: Avoid signed integer overflow in sample

Fixes: signed integer overflow: -2147483648 + -25122315 cannot be represented in type 'int'
Fixes: 62285/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVARC_fuzzer-6199806972198912

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6009dd07bd2bde72f2e01723678c1994ecef035e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/truemotion1: Height not being a multiple of 4 is unsupported

mb_change_bits is given space based on height >> 2, while more data is read

Fixes: out of array access
Fixes: 62285/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION1_fuzzer-5201925062590464.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ebdcf9849905fdd67dcd3ab93e55e47ded35fda2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/hcadec: do not set hfr_group_count to invalid values

Fixes: 62285/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HCA_fuzzer-6247136417087488
Fixes: out of array write

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit addb85ea39300c36010ffb6dc0d28b2ea62b4805)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/concatdec: clip outpoint - inpoint overflow in get_best_effort_duration()

An alternative would be to limit all time/duration fields to below 64bit

Fixes: signed integer overflow: -93000000 - 9223372036839000000 cannot be represented in type 'long long'
Fixes: 64546/clusterfuzz-testcase-minimized-ffmpeg_dem_CONCAT_fuzzer-5110813828186112

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit dd733b2be472cea766c62984237533b239e9a93d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/jacosubdec: clarify code

add comments, rename variables and indent things differently

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e83e8d443b5b86aabf17d1cfb7fba9abf15e24fd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/cafdec: Check that data chunk end fits within 64bit

Fixes: signed integer overflow: 64 + 9223372036854775803 cannot be represented in type 'long long'
Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6536881135550464
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6536881135550464

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b792e4d4c772b7b5ef8ea32be187a871000e50c2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/iff: Saturate avio_tell() + 12

Fixes: signed integer overflow: 9223372036854775796 + 12 cannot be represented in type 'long long'
Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-4898373660704768

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b8e754525ca3d3fd835f7360e11f29b02b39cd62)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/dxa: Adjust order of operations around block align

Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_DXA_fuzzer-5730576523198464
Fixes: signed integer overflow: 2147483566 + 82 cannot be represented in type 'int'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 50d8e4f27398fd5778485a827d7a2817921f8540)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/cafdec: dont seek beyond 64bit

Fixes: signed integer overflow: 64 + 9223372036854775807 cannot be represented in type 'long long'
Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6418242730328064
Fixes: 62276/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6418242730328064

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d973fcbcc2f944752ff10e6a76b0b2d9329937a7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/id3v2: read_uslt() check for the amount read

Fixes: timeout
Fixes: 66783/clusterfuzz-testcase-minimized-ffmpeg_dem_GENH_fuzzer-5356884892647424

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c0f4abe2aa0117a10fb651f2c1c030d4cd516081)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/wady: Check >0 samplerate and channels 1 || 2.

The WADY decoder only supports mono and stereo

This fixes a probetest failure

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6f9e90ab0bede36cc960a099e8f19998345e7164)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/proresenc_kostya: Remove bug similarity text

According to kostya, it is not based on Wassermans encoder

CC: Kostya Shishkov <kostya.shishkov@gmail.com>
CC: Anatoliy Wasserman <anatoliy.wasserman@yandex.ru>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e0e30e07a1755c4f7829f64d35dc07e399c02c6e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/vorbisdec: Check remaining data in vorbis_residue_decode_internal()

Fixes: timeout
Fixes: 66326/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VORBIS_fuzzer-6295291863040000

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit dc89cf804a811c0d25f4649a99f7fab4b5b416fa)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/concatdec: Check in and outpoints to be to produce a positive representable duration

Fixes: signed integer overflow: -93000000 - 9223372036839000000 cannot be represented in type 'long'
Fixes: 64546/clusterfuzz-testcase-minimized-ffmpeg_dem_CONCAT_fuzzer-5110813828186112

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b2d7cbc378fa276d62fd676c037b9df59fc319a0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/8bps: Consider width in the minimal size check

Fixes: Timeout
Fixes: 64479/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EIGHTBPS_fuzzer-5434435386081280

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5db09574dfd40d3e15db9336a34398405a1c601b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

libswscale/utils: Fix bayer to yuvj

Fixes: out of array access.

Earlier code assumes that a unscaled bayer to yuvj420 converter exists
but the later code then skips yuvj420

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e9cc9e492f987ce23ce8c514258a17952dd20401)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

swscale/swscale: Check srcSliceH for bayer

Fixes: Assertion srcSliceH > 1 failed at libswscale/swscale_unscaled.c:1359
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 64098d0cd8ab1d27f78a335ca684f00a419b2160)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

swscale/utils: Allocate more dithererror

Fixes: out of array read
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 18f26f8a2f8dc3b9ec3ac3ab8e03fce15cc8c88d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/indeo3: Round dimensions up in allocate_frame_buffers()

Fixes: Ticket6581

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3be80ce299d0073118ae42f5d99c14f912751d93)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avutil/rational: Document what is to be expected from av_d2q() of doubles representing rational numbers

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f465badb062c8023bc245f4878e7a6a082afc416)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avfilter/signature_lookup: Do not dereference NULL pointers after malloc failure

Fixes: CID 1403229 Dereference after null check

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 98ae1ad7cf16bd10a4fa79f676439edc4da7cba6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avfilter/signature_lookup: dont leave uncleared pointers in sll_free()

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6c504829514333439d15deb5717567fb4bdbbee0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/mpegvideo_enc: Use ptrdiff_t for stride

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e063c1d079086150580ed7a9ad076da122e27f76)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

libavformat/hlsenc.c: Populate OTI using AAC profile in write_codec_attr.

This patch populates the third entry for HLS codec attribute using the
AAC profile.

The HLS specifications[1] require this value to be the Object Type ID as
referred to in table 1.3 of ISO/IEC 14496-3:2009[2].

The numerical constants in the code refer to these OTIs minus one, as
documented in commit 372597e[3], confirmed by comparing the values in the
code with the values in the table mentioned above.

Links:
1: https://datatracker.ietf.org/doc/html/rfc6381#section-3.3
2: https://csclub.uwaterloo.ca/~ehashman/ISO14496-3-2009.pdf
3: https://github.com/FFmpeg/FFmpeg/commit/372597e5381c097455a7b73849254d56083eb056

Changes in this version:
- Default value set to "mp4a.40.2" when profile is unknown for backward
compatibility.

Signed-off-by: Steven Liu <liuqi05@kuaishou.com>
(cherry picked from commit 797f0b27c175022d896e46db4ac2873e3e0a70af)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/mpegvideo_enc: Dont copy beyond the image

Fixes: out of array access
Fixes: tickets/10754/poc17ffmpeg

Discovered by Zeng Yunxiang.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a066b8a809fa6d8b31398d41787822803f8762f2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avfilter/vf_minterpolate: Check pts before division

Fixes: FPE
Fixes: tickets/10758/poc20ffmpeg

Discovered by Zeng Yunxiang

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 68146f06f852078866b3ef1564556e3a272920c7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/flacdec: Avoid double AVERRORS

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 029294ff541c9c85092f81dd45f18081d234f0d5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avfilter/vf_vidstabdetect: Avoid double AVERRORS

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bb04235d728a2b85d6cbe14dd60184faa932c855)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avfilter/vf_swaprect: round coordinates down

Fixes: out of array access:
Fixes: tickets/10745/poc12ffmpeg

Found-by: Li Zeyuan and Zeng Yunxiang.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7deaca71b32c556620e05954ca2d13fbe9aacf1f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avfilter/vf_swaprect: Use height for vertical variables

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9f4c5bd7d23eb94afe85290e03748f52483102b8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avfilter/vf_swaprect: assert that rectangles are within memory

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9d1ba698d2bed1d4bed731b3be62e84d72c35476)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avfilter/af_alimiter: Check nextpos before use

Fixes: out of array read
Fixes: tickets/10744/poc11ffmpeg

Found-by: Li Zeyuan and Zeng Yunxiang.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a88b06f9ee8c88f78bdd614fc25283225223e858)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avfilter/f_reverse: Apply PTS compensation only when pts is available

Fixes: out of array access
Fixes: tickets/10753/poc16ffmpeg

Regression since: 45dc668aea0edac34969b5a1ff76cf9ad3a09be1
Found-by: Zeng Yunxiang
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 61e73851a33f0b4cb7662f8578a4695e77bd3c19)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avfilter/af_stereowiden: Check length

Fixes: out of array access
Fixes: tickets/10746/poc13ffmpeg

Found-by: Zeng Yunxiang
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 50f0f8c53c818f73fe2d752708e2fa9d2a2d8a07)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/mov: Fix MSAN issue with stsd_id

Fixes: use of uninitialized value
Fixes: bbb-320x240-2video-2audio.mp4

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ff451df9479810d75851f92babd0b4290da03dd6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avfilter/vf_weave: Fix odd height handling

Fixes: out of array access
Fixes: tickets/10743/poc10ffmpeg

Found-by: Zeng Yunxiang and Li Zeyuan
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0ecc1f0e48930723d7a467761b66850811c23e62)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avfilter/edge_template: Fix small inputs with gaussian_blur()

Fixes: out of array access
Fixes: Ticket10699
Fixes: poc5ffmpeg

Found-by: Zeng Yunxiang
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c443658d26d2b8e19901f9507a890e0efca79056)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avfilter/vf_gradfun: Do not overread last line

The code works in steps of 2 lines and lacks support for odd height
Implementing odd height support is better but for now this fixes the
out of array access

Fixes: out of array access
Fixes: tickets/10702/poc6ffmpe

Found-by: Zeng Yunxiang
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e4d2666bdc3dbd177a81bbf428654a5f2fa3787a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avfilter/avf_showspectrum: fix off by 1 error

Fixes: out of array access
Fixes: tickets/10749/poc15ffmpeg

Regression since: 81df787b53eb5c6433731f6eaaf7f2a94d8a8c80

Found-by: Zeng Yunxiang
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ab0fdaedd1e7224f7e84ea22fcbfaa4ca75a6c06)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/mov: do not set sign bit for chunk_offsets

Fixes: signed integer overflow: 2314885530818453536 - -7412889664301817824 cannot be represented in type 'long'
Fixes: 64296/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6304027146846208

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cfc0a68d4d3192779e356a852e71b8218e7a00ab)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/jpeglsdec: Check Jpeg-LS LSE

Fixes: signed integer overflow: 2147478526 + 33924 cannot be represented in type 'int'
Fixes: shift exponent 32 is too large for 32-bit type 'unsigned int'
Fixes: 64243/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-5195717848989696

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c72a20f01a6122e1832f73801ea5f54b188abea3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

configure: Enable section_data_rel_ro for FreeBSD and NetBSD aarch64 / arm

Fixes the build. It's a requirement when utilizing PIE.

Signed-off-by: Brad Smith <brad@comstyle.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6066c430e33b4cbf5dc8ff8b3a6d149f51d20300)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>