FFmpeg

mirror of https://mirror.skon.top/https://github.com/FFmpeg/FFmpeg synced 2026-04-21 05:11:59 +08:00

Author	SHA1	Message	Date
Cosmin Stejerean	e6ef90db6c	avfilter/bwdif: account for chroma sub-sampling in min size calculation The current logic for detecting frames that are too small for the algorithm does not account for chroma sub-sampling, and so a sample where the luma plane is large enough, but the chroma planes are not will not be rejected. In that event, a heap overflow will occur. This change adjusts the logic to consider the chroma planes and makes the change to all three bwdif implementations. Fixes #10688 Signed-off-by: Cosmin Stejerean <cosmin@cosmin.at> Reviewed-by: Thomas Mundt <tmundt75@gmail.com> Signed-off-by: Philip Langdale <philipl@overt.org> (cherry picked from commit `737ede405b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2025-03-11 22:23:23 +01:00
Michael Niedermayer	f4dd0a5fc7	avfilter/af_pan: Fix sscanf() use Fixes: Memory Data Leak Found-by: Simcha Kosman <simcha.kosman@cyberark.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b5b6391d64`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2025-03-11 19:48:27 +01:00
Michael Niedermayer	5f93a294c1	avfilter/af_pan: check nb_output_channels before use Fixes: CID1500281 Out-of-bounds write Fixes: CID1500331 Out-of-bounds write Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `5fe8bf4aa5`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2025-03-11 19:47:55 +01:00
Michael Niedermayer	7036d7a8c7	avfilter/vf_avgblur: Check plane instead of AVFrame Fixes: CID1551694 Use after free (false positive based on assuming that out == in and one is freed and one used) Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c296d4fdec`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2025-03-11 19:47:54 +01:00
Michael Niedermayer	4402b85c66	avfilter/vf_rotate: Check ff_draw_init2() return value Fixes: NULL pointer dereference Fixes: 3_343 Found-by: De3mond Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9c9f095e30`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2025-03-11 19:47:49 +01:00
Michael Niedermayer	de74a4e269	avfilter/signature_lookup: Dont copy uninitialized stuff around Fixes: CID1403238 Uninitialized pointer read Fixes: CID1403239 Uninitialized pointer read Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e7174e66ac`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2025-03-11 19:47:40 +01:00
Michael Niedermayer	46d12dce13	avfilter/signature_lookup: Fix 2 differences to the refernce SW Fixes: CID1403227 Division or modulo by float zero Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `25cb66369e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2025-03-11 19:47:39 +01:00
Michael Niedermayer	ea2a7937ce	avfilter/vf_signature: Dont crash on no frames Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `3d5f03bbc8`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-04-03 01:33:39 +02:00
Michael Niedermayer	c81cf184c5	avfilter/signature_lookup: Do not dereference NULL pointers after malloc failure Fixes: CID 1403229 Dereference after null check Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `98ae1ad7cf`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-03-26 04:20:16 +01:00
Michael Niedermayer	7ea72140a5	avfilter/signature_lookup: dont leave uncleared pointers in sll_free() Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `6c50482951`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2024-03-26 04:19:19 +01:00
Michael Niedermayer	fd3f7522a2	avfilter/vf_minterpolate: Check pts before division Fixes: FPE Fixes: tickets/10758/poc20ffmpeg Discovered by Zeng Yunxiang Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `68146f06f8`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-12-30 21:59:35 +01:00
Michael Niedermayer	0b8a2e6c0c	avfilter/vf_vidstabdetect: Avoid double AVERRORS Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `bb04235d72`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-12-29 23:09:12 +01:00
Michael Niedermayer	1b8ef074c1	avfilter/vf_swaprect: round coordinates down Fixes: out of array access: Fixes: tickets/10745/poc12ffmpeg Found-by: Li Zeyuan and Zeng Yunxiang. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7deaca71b3`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-12-29 23:07:17 +01:00
Michael Niedermayer	6c8b1116a8	avfilter/vf_swaprect: Use height for vertical variables Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9f4c5bd7d2`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-12-29 23:05:29 +01:00
Michael Niedermayer	a01849d11e	avfilter/vf_swaprect: assert that rectangles are within memory Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9d1ba698d2`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-12-29 23:03:41 +01:00
Michael Niedermayer	4d4c58c0f8	avfilter/af_alimiter: Check nextpos before use Fixes: out of array read Fixes: tickets/10744/poc11ffmpeg Found-by: Li Zeyuan and Zeng Yunxiang. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a88b06f9ee`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-12-29 23:02:37 +01:00
Michael Niedermayer	4a8ced17d0	avfilter/af_stereowiden: Check length Fixes: out of array access Fixes: tickets/10746/poc13ffmpeg Found-by: Zeng Yunxiang Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `50f0f8c53c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-12-29 22:49:26 +01:00
Michael Niedermayer	6750d82cba	avfilter/vf_gradfun: Do not overread last line The code works in steps of 2 lines and lacks support for odd height Implementing odd height support is better but for now this fixes the out of array access Fixes: out of array access Fixes: tickets/10702/poc6ffmpe Found-by: Zeng Yunxiang Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e4d2666bdc`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2023-12-29 02:37:08 +01:00
Michael Niedermayer	aed958c060	avfilter/vf_signature: Fix integer overflow in filter_frame() Fixes: CID1403233 The second of the 2 changes may be unneeded but will help coverity Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `dd6040675e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-07-12 23:10:35 +02:00
Michael Niedermayer	8775295080	avfilter/vsrc_mandelbrot: Check for malloc failure Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `fbd22504c4`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-06-14 16:56:57 +02:00
Michael Niedermayer	0a3a33311e	avfilter/vf_frei0r: Copy to frame allocated according to frei0r requirements Fixes: issues with non trivial linesize Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d353909e77`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-06-14 16:55:15 +02:00
Michael Niedermayer	1e99ff9d33	avfilter/video: Add ff_default_get_video_buffer2() to set specific alignment Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d740782701`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-06-14 16:54:58 +02:00
Paul B Mahol	ee981f7ceb	avfilter/vf_colorspace: fix memmory leaks Fixes #8303 (cherry picked from commit `fddef964e8`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-05-04 19:57:06 +02:00
Paul B Mahol	ac6c213c4e	avfilter/vf_random: fix memory leaks Fixes #8296 (cherry picked from commit `3488e0977c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-05-04 19:34:58 +02:00
Paul B Mahol	16eb9939ea	avfilter/vf_bwdif: fix heap-buffer overflow Fixes #8261 (cherry picked from commit `8c3166e1c3`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-05-04 19:31:57 +02:00
Paul B Mahol	222783e2fa	avfilter/vf_edgedetect: fix heap-buffer overflow Fixes #8275 (cherry picked from commit `de598f82f8`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-05-04 19:25:28 +02:00
Paul B Mahol	da58e7fb9e	avfilter/vf_w3fdif: deny processing small videos Fixes #8243 (cherry picked from commit `0e68e8c93f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-05-04 19:23:47 +02:00
Paul B Mahol	cde751ce49	avfilter/vf_avgblur: fix heap-buffer overflow Fixes #8274 (cherry picked from commit `f069a9c2a6`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-05-04 18:49:23 +02:00
Paul B Mahol	c5629402fa	avfilter/af_tremolo: fix heap-buffer overflow Fixes #8317 (cherry picked from commit `58bb9d3a3a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-05-04 18:47:02 +02:00
Paul B Mahol	3ee76a3ddb	avfilter/vf_edgedetect: check if height is big enough Fixes #8260 (cherry picked from commit `ccf4ab8c9a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-05-04 18:42:52 +02:00
Paul B Mahol	c1ce4fba51	avfilter/vf_bitplanenoise: fix overreads Fixes #8244 (cherry picked from commit `0b56723874`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-05-04 18:40:16 +02:00
Paul B Mahol	c72ed4f3eb	avfilter/vf_fieldorder: fix heap-buffer overflow Fixes #8264 (cherry picked from commit `07050d7bdc`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-05-04 18:37:30 +02:00
Paul B Mahol	278f86ece9	avfilter/vf_fieldmatch: fix heap-buffer overflow Also fix use of uninitialized values. Fixes #8239 (cherry picked from commit `ce5274c138`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-05-04 18:34:31 +02:00
Paul B Mahol	07cb2c8863	avfilter/vf_lenscorrection: make width/height int Somehow previous correct fix broke usage. (cherry picked from commit `79522411fa`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-04-13 23:39:50 +02:00
Oneric	1c73b96c21	avfilter/vf_subtitles: pass storage size to libass Due to a quirk of the ASS format some tags depend on the exact storage resolution of the video, so tell libass via ass_set_storage_size.	2022-04-13 23:39:50 +02:00
Paul B Mahol	b239ccff7d	avfilter/vf_gblur: fix heap-buffer overflow Fixes #8282 (cherry picked from commit `64a805883d`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-04-13 23:39:50 +02:00
Paul B Mahol	32a384519a	avfilter/vf_lenscorrection: fix division by zero Fixes #8265 (cherry picked from commit `19587c9332`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2022-04-13 23:39:50 +02:00
Timo Rothenpieler	11388838ff	avfilter/scale_npp: fix non-aligned output frame dimensions	2021-10-07 18:39:44 +02:00
Michael Niedermayer	7590dbf9be	avfilter/vf_mestimate: Check b_count Fixes: left shift of negative value -1 Fixes: Ticket8270 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `06af6e101b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-12 11:22:04 +02:00
Michael Niedermayer	58bbb40b72	avfilter/vf_dctdnoiz: Check threads Fixes: floating point division by 0 Fixes: Ticket 8269 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4a3917c02c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-11 21:23:49 +02:00
Michael Niedermayer	a2d45c6b9a	avfilter/vf_ciescope: Fix undefined behavior in rgb_to_xy() with black Fixes: floating point division by 0 Fixes: undefined behavior in handling NaN Fixes: Ticket 8268 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `3d500e62f6`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-11 21:23:49 +02:00
Michael Niedermayer	1c5391ce1c	avfilter/vf_yadif: Fix handing of tiny images Fixes: out of array access Fixes: Ticket8240 Fixes: CVE-2020-22021 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7971f62120`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit bb08ee0c6fb7bdebd37cbf00aefed206909e8f78) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-11 21:23:49 +02:00
Michael Niedermayer	c2ae301888	avfilter/vf_vmafmotion: Check dimensions Fixes: out of array access Fixes: Ticket8241 Fixes: Ticket8246 Fixes: CVE-2020-22019 Fixes: CVE-2020-22033 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `82ad1b7675`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-11 21:23:49 +02:00
Michael Niedermayer	5ca2ee38e8	avfilter/vf_scale: Fix adding 0 to NULL (which is UB) in scale_slice() Found-by: Jeremy Leconte <jleconte@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1cf96ce269`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2021-09-11 21:23:49 +02:00
Andreas Rheinhardt	59b73dc1f3	avfilter/vf_xbr: Fix left shift of negative number Affected every usage of vf_xbr, e.g. the FATE-tests filter-2xbr, filter-3xbr, filter-4xbr. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4294dc3589`) Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>	2020-07-03 00:03:45 +02:00
Andreas Rheinhardt	9eeef68b50	avfilter/vf_hqx: Fix undefined left shifts of negative numbers Affected every usage of this filter; in particular, it affected the FATE-tests filter-2xbr, filter-3xbr and filter-4xbr. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `fa21194326`) Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>	2020-07-03 00:03:45 +02:00
Michael Niedermayer	4f04fa75dd	avfilter/vf_aspect: Fix integer overflow in compute_dar() Fixes: signed integer overflow: 1562273630 * 17 cannot be represented in type 'int' Fixes: Ticket8323 Found-by: Suhwan Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0c0ca0f244`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-02 19:55:09 +02:00
Michael Niedermayer	cb9ec725c3	avfilter/vf_find_rect: Remove assert A score of 0 is possible Fixes: Ticket8500 Reviewed-by: Paul B Mahol <onemda@gmail.com> Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `dfc4714886`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-02 19:55:09 +02:00
Michael Niedermayer	bd8633d4d3	avfilter/vf_find_rect: Increase worst case score score could be 1.0 which lead to uninitialized values Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `6ff2474e02`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2020-07-02 19:55:09 +02:00
Michael Niedermayer	386b987f2a	avfilter/vf_geq: Use av_clipd() instead of av_clipf() With floats we cannot represent all 32bit integer dimensions Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c8813b1a98`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2019-11-15 12:25:46 +01:00

1 2 3 4 5 ...

6665 Commits