Commit Graph

21 Commits

Author SHA1 Message Date
Andreas Rheinhardt 790f793844 avutil/common: Don't auto-include mem.h
There are lots of files that don't need it: The number of object
files that actually need it went down from 2011 to 884 here.

Keep it for external users in order to not cause breakages.

Also improve the other headers a bit while just at it.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2024-03-31 00:08:43 +01:00
Michael Niedermayer cd66606a8f avcodec/bonk: Fix undefined overflow in predictor_calc_error()
Fixes: signed integer overflow: -2146469728 - 1488954 cannot be represented in type 'int'
Fixes: 62490/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-5612782399389696

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-16 01:05:07 +02:00
Michael Niedermayer 2b25a5168e avcodec/bonk: Fix integer overflow in predictor_calc_error()
Fixes: signed integer overflow: -2147483300 - 12285 cannot be represented in type 'int'
Fixes: 59462/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-5714298807386112

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-09-14 22:00:17 +02:00
Michael Niedermayer 43e5e2e423 avcodec/bonk: Avoid undefined integer overflow in predictor_calc_error()
Fixes: signed integer overflow: -159584 * 5105950 cannot be represented in type 'int'
Fixes: 55165/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-5796023719297024

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-05-22 02:49:59 +02:00
Anton Khirnov 8b20d0dcb5 lavc: deprecate AV_CODEC_CAP_SUBFRAMES
There is nothing meaningful the caller can do with it.
2023-05-15 10:24:54 +02:00
Michael Niedermayer 957106a24d avcodec/bonk: decode multiple passes in intlist_read() at once
This makes the worst case much faster

Fixes: Timeout
Fixes: 51363/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-5660734784143360
Fixes: 57957/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-5874095467397120

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-05-01 00:48:32 +02:00
Paul B Mahol 0c7af7b954 avcodec/bonk: properly handle some other errors 2023-02-07 17:13:11 +01:00
Michael Niedermayer 8e58d20e10 avcodec/bonk: Check ntaps against buffer size
Fixes: out of array read
Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-6739246658748416

Note: This issue was assigned to a unrelated theora bug

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-01-12 15:44:41 +01:00
Michael Niedermayer 977028f9f4 avcodec/bonk: Avoid undefined overflow in quant
Fixes: signed integer overflow: -2889074 * 2048 cannot be represented in type 'int'
Fixes: 51363/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-5660734784143360
Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-6617680050520064
Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-6743951854141440

No check is done for the overflow as this was rejected in last review, see the ML

Note: the 2nd and 3rd testcase was assigned by ossfuzz to a unrelated theora issue (48567)

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-01-12 15:44:41 +01:00
Paul B Mahol 5852682dbd avcodec/bonk: increase level limit as joint encodings needs more 2023-01-02 18:42:35 +01:00
Michael Niedermayer 8f975641d7 avcodec/bonk: Use unsigned in predictor_init_state() to avoid undefined behavior
Fixes: signed integer overflow: -5010 * -717450 cannot be represented in type 'int'
Fixes: 53370/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-4945644204195840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-11-28 21:20:56 +01:00
Paul B Mahol abb5ff373d avcodec/bonk: check level value to not reach invalid values
Also reset bitstream parsing variables on fatal error.
2022-11-22 20:51:42 +01:00
Michael Niedermayer 104b516a13 avcodec/bonk: step cannot become 0 without overflowing which is undefined
also the original reference code does not contain a 0 check

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-11-14 21:52:51 +01:00
Michael Niedermayer 5df8c300a9 avcodec/bonk: actual_run seems not able to become negative
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-11-14 21:52:51 +01:00
Michael Niedermayer 00b489b168 avcodec/bonk: Remove special 32bit case from read_uint_max()
This case seems not to match the reference decoder and it also
seems not reachable

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-11-14 21:52:51 +01:00
Michael Niedermayer 8e59e72041 avcodec/bonk: steplet cannot become negative
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-11-10 21:14:23 +01:00
Michael Niedermayer 3263185225 avcodec/bonk: Check step against overflow
No testcase

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-11-10 21:14:23 +01:00
Michael Niedermayer 9f00286c4c avcodec/bonk: Simplify read_uint_max()
The max == 0 case can be removed too but i left it as 50% of the cases use it

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-11-10 21:14:23 +01:00
Michael Niedermayer f4df49eb48 avcodec/bonk: Use unsigned in predictor_calc_error() to avoid undefined overflows
Fixes: signed integer overflow: 22 * -2107998208 cannot be represented in type 'int'
Fixes: 51363/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-5660734784143360

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-11-10 21:14:22 +01:00
Andreas Rheinhardt 8d12f3de14 avcodec/bonk: Actually clip when using av_clip()
Also fixes a "statement with no effect [-Wunused-value]"
warning from GCC.

Reviewed-by: James Almer <jamrial@gmail.com>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2022-09-12 23:51:51 +02:00
Paul B Mahol 88170070c4 avcodec: add bonk audio decoder 2022-09-12 11:34:27 +02:00