Found-by: fate
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3cc3cb663b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Libx264 uses strtok which is not thread safe. Strtok is used in
x264_param_default_preset in param_apply_tune in x264/common/base.c.
Therefore the flag must be removed.
x264 fixed the issue, once the fix is pushed to stable, an #if can be added
to re-enable the flag based on X264_BUILD number.
Fixes ticket #7446.
Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit b02490a497)
Fixes: 10300/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-6292205497483264
Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f72b9904fe)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: -2144033225 + -5208934 cannot be represented in type 'int'
Fixes: 10633/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RA_144_fuzzer-5679133791617024
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c6282141cb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 7738135736989908991 - -7954308516317364223 cannot be represented in type 'long'
Fixes: find_stream_info_usan
Reported-by: Thomas Guilbert <tguilbert@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4e19cfcfa3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes crash noticed in the cbs_userdata patchset.
====ERROR: AddressSanitizer: heap-buffer-overflow on address 0x609000026c89 at pc 0x00010725d37b bp 0x7ffeea04e750 sp 0x7ffeea04e748
READ of size 4 at 0x609000026c89 thread T0
#0 0x10725d37a in ff_cbs_read_unsigned get_bits.h:274
#1 0x1072d2767 in ff_cbs_read_a53_user_data cbs_misc_syntax_template.c:119
#2 0x1078251a7 in h264_metadata_filter h264_metadata_bsf.c:595
#3 0x105c1321d in output_packet ffmpeg.c:853
0x609000026c89 is located 1 bytes to the right of 8-byte region [0x609000026c80,0x609000026c88)
allocated by thread T0 here:
#0 0x10aef08d7 in wrap_posix_memalign (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x578d7)
#1 0x10aca95e6 in av_malloc mem.c:87
#2 0x10ac545fe in av_buffer_allocz buffer.c:72
#3 0x107263b27 in cbs_h264_read_nal_unit cbs_h264_syntax_template.c:722
#4 0x10725b688 in cbs_read_fragment_content cbs.c:155
Signed-off-by: Aman Gupta <aman@tmm1.net>
(cherry picked from commit 41ed2c3849)
[ffmpeg] AVBSFContext: Decomposition unimplemented for unit 4 (type 10).
Signed-off-by: Aman Gupta <aman@tmm1.net>
(cherry picked from commit 64c50c0e97)
- Allow to add deps in any order rather than "in linking order".
- Expand deps chains as required rather than just once.
- Validate that there are no cycles.
- Validate that [after expansion] deps are limited to other fflibs.
- Remove expectation for a specific output order of unique().
Previously when adding items to <fflib>_deps, developers were
required to add them in linking order. This can be awkward and
bug-prone, especially when a list is not empty, e.g. when adding
conditional deps.
It also implicitly expected unique() to keep the last instance of
recurring items such that these lists maintain their linking order
after removing duplicate items.
This patch mainly allows to add deps in any order by keeping just
one master list in linking order, and then reordering all the
<fflib>_deps lists to align with the master list order.
This master list is LIBRARY_LIST itself, where otherwise its order
doesn't matter.
The patch also removes a limit where these deps lists were expanded
only once. This could have resulted in incomplete expanded lists,
or forcing devs to add already-deducable deps to avoid this issue.
Note: it is possible to deduce the master list order automatically
from the deps lists, but in this case it's probably not worth the
added complexity, even if minor. Maintaining one list should be OK.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
x4 - x25 faster.
check_deps() recursively enables/disables components, and its loop is
iterated nearly 6000 times. It's particularly slow in bash - currently
consuming more than 50% of configure runtime, and about 20% with other
shells.
This commit applies few local optimizations, most effective first:
- Use $1 $2 ... instead of pushvar/popvar, and same at enable_deep*
- Abort early in one notable case - empty deps, to avoid costly no-op.
- Smaller changes which do add up:
- Handle ${cfg}_checking locally instead of via enable[d]/disable
- ${cfg}_checking: test done before inprogress - x2 faster in 50%+
- one eval instead of several at the empty-deps early abort path.
- The "actual work" part is unmodified - just its surroundings.
Biggest speedups (relative and absolute) are observed with bash.
Tested-by: Michael Niedermayer <michael@niedermayer.cc>
Tested-by: Helmut K. C. Tessarek <tessarek@evermeet.cx>
Tested-by: Dave Yeo <daveryeo@telus.net>
Tested-by: Reino Wijnsma <rwijnsma@xs4all.nl>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 45499e557c)
x4 - x10 faster.
Inside print_enabled components, the filter_list case invokes sed
about 350 times to parse the same source file and extract different
info for each arg. This is never instant, and on systems where fork is
slow (notably MSYS2/Cygwin on windows) it takes many seconds.
Change it to use sed once on the source file and set env vars with the
parse results, then use these results inside the loop.
Additionally, the cases of indev_list and outdev_list are very
infrequent, but nevertheless they're faster, and arguably cleaner, with
shell parameter substitutions than with command substitutions.
Tested-by: Michael Niedermayer <michael@niedermayer.cc>
Tested-by: Helmut K. C. Tessarek <tessarek@evermeet.cx>
Tested-by: Dave Yeo <daveryeo@telus.net>
Tested-by: Reino Wijnsma <rwijnsma@xs4all.nl>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 923586a58f)
x50 - x200 faster.
Currently configure spends 50-70% of its runtime inside a single
function: flatten_extralibs[_wrapper] - which does string processing.
During its run, nearly 20K command substitutions (subshells) are used,
including its callees unique() and resolve(), which is the reason
for its lengthy run.
This commit avoids all subshells during its execution, speeding it up
by about two orders of magnitude, and reducing the overall configure
runtime by 50-70% .
resolve() is rewritten to avoid subshells, and in unique() and
flatten_extralibs() we "inline" the filter[_out] functionality.
Note that logically, "unique" functionality has more than one possible
output (depending on which of the recurring items is kept). As it
turns out, other parts expect the last recurring item to be kept
(which was the original behavior of uniqie()). This patch preservs
its output order.
Tested-by: Michael Niedermayer <michael@niedermayer.cc>
Tested-by: Helmut K. C. Tessarek <tessarek@evermeet.cx>
Tested-by: Dave Yeo <daveryeo@telus.net>
Tested-by: Reino Wijnsma <rwijnsma@xs4all.nl>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 58b81ac621)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0a41a8bf29)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Found-by: kierank
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ad89e203bf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Divisions tend to be slower than shifts unless the compiler optimizes them out.
And some of these are in inner loops.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b90d8cc746)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 9924/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EAC3_fuzzer-5473421772193792
Fixes: left shift of 1 by 63 places cannot be represented in type 'long long'
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 148a21611d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fe315feab5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This checks the value exactly for intra frames and checks it against a
minimum for inter frames as they can be variable.
Fixes: Timeout
Fixes: 10182/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ZMBV_fuzzer-6245951174344704
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e33b28cc79)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
decomp_len is used in raw frames, so it should not be left at the value from
whatever was decoded previously (which may be any other frame)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3d201b83cd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: Timeout
Fixes: 9961/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5687856176562176
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 28b80c2d52)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Speed improvment 35.5 sec -> 34.7sec
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 71bf033050)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 697984b9db)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: -26884 * 91439 cannot be represented in type 'int'
Fixes: 9687/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RA_144_fuzzer-4995588121690112
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 93a203662f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Entries are always at least 8 bytes per the parsing code, so if we
see an impossible entry count avoid massive allocations. This is
similar to an existing check in mov_read_stsc().
Since ff_mov_read_stsd_entries() does eof checks, an alternative
approach could be to clamp the entry count to atom.size / 8.
Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 320b631a99)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
AV_CODEC_FLAG_GLOBAL_HEADER should be set before calling avcodec_open2() to have any effect.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a82e4fb8c6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: -19818 + -2147483648 cannot be represented in type 'int'
Fixes: 9545/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-4928769537081344
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit acba153a14)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 168d8d56bf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The specification states "NSV files may contain a single file header. "
Fixes: out of array access
Fixes: nsv-asan-002f473f726a0dcbd3bd53e422c4fc40b3cf3421
Found-by: Paul Ch <paulcher@icloud.com>
Tested-by: Paul Ch <paulcher@icloud.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 78d4b6bd43)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: dash-crash-da39a3ee5e6b4b0d3255bfef95601890afd80709.xml
Found-by: Paul Ch <paulcher@icloud.com>
Reviewed-by: Steven Liu <lq@chinaffmpeg.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 46753bfdd0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: infinite loop
Fixes: mlv-timeout-e3b8cab9835edecad6823baa057e029671329d04
Found-by: Paul Ch <paulcher@icloud.com>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1e71cb2c8e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: long running loop
Fixes: ivr-timeout-42468cb797f52f025fb329394702f5d4d64322d6
Found-by: Paul Ch <paulcher@icloud.com>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c2eec1762d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
Fixes: 9480/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-6647324284551168 -rss_limit_mb=2000
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9b604e96a5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: -540538872 + -2012739576 cannot be represented in type 'int'
Fixes: 9255/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5758630052757504
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit db7e9082e1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>