Commit Graph

99461 Commits

Author SHA1 Message Date
Michael Niedermayer
3291d994b7 avcodec/dxtory: Fix negative stride shift in dx2_decode_slice_420()
Fixes: left shift of negative value -640
Fixes: 26044/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXTORY_fuzzer-5631057602543616

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-04 16:54:11 +02:00
James Almer
05872c67a4 avcodec/av1dec: partially clean state on frame decoding errors
Fixes: member access within null pointer of type 'TileGroupInfo' (aka 'struct TileGroupInfo')
Fixes: 25725/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AV1_fuzzer-5166692706287616

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: James Almer <jamrial@gmail.com>
2020-10-04 10:34:15 -03:00
Paul B Mahol
069d2b4a50 avformat: add tri-ACE demuxer 2020-10-03 21:50:59 +02:00
Paul B Mahol
e0d0565425 avformat/adxdec: demux multiple blocks at once
Improves decoding speed by 24x
2020-10-03 21:49:39 +02:00
Lynne
45070eec4c
libwavpackenc: remove libwavpackenc wrapper
The manual states "there is virtually no reason to use that encoder.".

It supports less sample formats than the native encoder, is less efficient
than the native encoder and is also slower and pretty much remains untested.
libwavpack also isn't being fuzzed, which given that we plug the parameters
without any sanitizing them looks concerning.
2020-10-02 17:43:15 +02:00
Jan Ekström
d9e812797c avformat/movenc: handle tracks w/o AVStreams in calculate_mpeg4_bit_rates
The generated text streams for chapters lack an AVStream since they
are but an internal concept within movenc.

Fixes #8910
2020-10-02 16:49:44 +03:00
Michael Niedermayer
686f015190 avformat/asfdec_f: Change order or operations slightly
Fixes: signed integer overflow: 20 * 5184056935931942919 cannot be represented in type 'long'
Fixes: 25466/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4798660247552000

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-02 14:59:53 +02:00
Michael Niedermayer
c313089fbe avformat/dxa: Use av_rescale() for duration computation
Fixes: signed integer overflow: 8224000000 * 1629552639 cannot be represented in type 'long'
Fixes: 24908/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4658478506049536

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-02 14:59:53 +02:00
Michael Niedermayer
3056e19e68 avcodec/vc1_block: Fix integer overflow in ac value
Fixes: signed integer overflow: 25488 * 87381 cannot be represented in type 'int'
Fixes: 24765/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1_fuzzer-5108259565076480

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-02 14:59:53 +02:00
Mark Reid
453004fde6 libswcale/input: use more accurate rgbf32 yuv conversions
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-02 14:59:52 +02:00
Mark Reid
6bf57c6a2a libswscale/tests: add floatimg_cmp test
changes since v1:
- made into fate test
- fixed c90 warnings
- tests more intermediate formats
- tested on BE mips too

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-02 14:59:52 +02:00
Zhao Zhili
a191d4166f avformat/rtsp: fix parse_rtsp_message
1. Remove the assumption that the message method is TEARDOWN.
2. Don't ignore the error code of ff_rtsp_parse_streaming_commands.

Signed-off-by: Martin Storsjö <martin@martin.st>
2020-10-02 09:11:24 +03:00
Martin Storsjö
0b1d8468c4 rtsp: Fix infinite loop in listen mode with UDP transport
In listen mode with UDP transport, once the sender has sent
the TEARDOWN and closed the connection, poll will indicate that
one can read from the connection (indicating that the socket has
reached EOF and should be closed by the receiver as well). In this
case, parse_rtsp_message won't try to parse the command (because
it's no longer in state STREAMING), but previously just returned
zero.

Prior to f6161fccf8c5720ceac1ed1df8ba60ff8fed69f5, this caused
udp_read_packet to return zero, which is treated as EOF by
read_packet. But after that commit, udp_read_packet would continue
if parse_rtsp_message didn't return an explicit error code.

To keep the original behaviour from before that commit, more
explicitly return an error in parse_rtsp_message when in the wrong
state.

Fixes: #8840
Signed-off-by: Martin Storsjö <martin@martin.st>
2020-10-02 09:09:17 +03:00
James Almer
979cc0c7cb avutil/pixdesc: add missing FF_API_PSEUDOPAL check
Signed-off-by: James Almer <jamrial@gmail.com>
2020-10-02 00:18:13 -03:00
James Almer
a7489c0fbd avformat/utils: add missing FF_API_LAVF_AVCTX check
Signed-off-by: James Almer <jamrial@gmail.com>
2020-10-01 22:47:51 -03:00
James Almer
10c01c3779 avformat/sdp: add missing FF_API_LAVF_AVCTX check
Signed-off-by: James Almer <jamrial@gmail.com>
2020-10-01 22:45:34 -03:00
James Almer
137a36bdfc avcodec/utils: add missing FF_API_TAG_STRING check
Signed-off-by: James Almer <jamrial@gmail.com>
2020-10-01 22:43:28 -03:00
James Almer
0191f2d29c avcodec/options: add missing FF_API_COPY_CONTEXT checks
Signed-off-by: James Almer <jamrial@gmail.com>
2020-10-01 22:43:03 -03:00
James Almer
bd52b41444 avcodec/libvpxenc: add missing FF_API_ERROR_FRAME check
Signed-off-by: James Almer <jamrial@gmail.com>
2020-10-01 22:42:37 -03:00
Timo Rothenpieler
13c74291ec avcodec/cuviddec: avoid copy of uninitialized extradata pointer 2020-10-01 21:28:55 +02:00
Timo Rothenpieler
c75756d047 avcodec/cuviddec: use correct type for extradata_size 2020-10-01 20:49:59 +02:00
Timo Rothenpieler
bba6262080 avcodec/cuviddec: fix copy&paste error 2020-10-01 20:20:48 +02:00
Andreas Rheinhardt
22a2386a56 avformat/movenc: Fix stack overflow when remuxing timecode tracks
There are two possible kinds of timecode tracks (with tag "tmcd") in the
mov muxer: Tracks created internally by the muxer and timecode tracks
sent by the user. If any of the latter exists, the former are
deactivated. The former all belong to another track, the source
track; the latter don't have a source track set, but the index of the
source track is initially zeroed by av_mallocz_array(). This is a
problem since 3d894db700: Said commit added
a function that calculates the duration of tracks and the duration of
timecode tracks is calculated by rescaling the duration (calculated by
the very same function) of the source track. This gives an infinite
recursion if the first track (the one that will be treated as source
track for all timecode tracks) is a timecode track itself, leading to a
stack overflow.

This commit fixes this by not using the nonexistent source track
when calculating the duration of timecode tracks not created internally
by the mov muxer.

Reviewed-by: Martin Storsjö <martin@martin.st>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-01 14:30:34 +02:00
Andreas Rheinhardt
66eadb3926 avcodec/utils: Reindentation
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-01 13:35:28 +02:00
Andreas Rheinhardt
b8e0ceda11 avcodec/utils: Also free encoder extradata on avcodec_open2() error
It is owned by libavcodec for encoders.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-01 13:34:57 +02:00
Andreas Rheinhardt
d1dcc20126 avcodec/utils: Don't forget cleaning up when allocating priv_data fails
Allocating an AVCodecContext's priv_data used to be the first object
allocated in avcodec_open2(), so it was unnecessary to goto free_and_end
(which does the cleanup) upon error here. But this is no longer so since
f3a29b750a.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-01 13:19:42 +02:00
Andreas Rheinhardt
c6e54d14c5 avcodec/utils: Improve check for freeing codec private options
Don't check for AVCodec.priv_data_size (which is always true if
AVCodec.priv_class is set). Instead check for AVCodecContext.priv_data
to actually exist.

(Note: av_opt_free(NULL) is a no-op.)

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-01 13:18:18 +02:00
Andreas Rheinhardt
502c5fe101 avcodec/utils: Remove always-true check
The first thing avcodec_open2() allocates is the AVCodecInternal. If
allocating it fails, a jump to end occurs; but if an error happens after
its allocation, a jump to free_and_end happens which frees all
allocations performed so far and then jumps to end. Yet free_and_end
contained a check for AVCodecInternal (after having already dereferenced
it to check whether ff_thread_free() needs to be called) which is of
course always true. So remove it.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-01 12:50:57 +02:00
Anton Khirnov
33b4b788aa opusdec: do not fail when LBRR frames are present
Decode and discard them.

Fixes ticket 4641.
2020-10-01 11:16:17 +02:00
Nicolas George
3bf5cc9c58 fate: add scale filters for big-endian architectures.
Filters mostly work in native endianness, but they must output
a specified endianness, usually little: that requires a final
conversion for big endian.

I do not know what's the deal with gif-deal: inserting explicitly
the filters that are implicitly inserted result in less frames in
output. Probably a strange problem of duration.
2020-09-30 16:39:34 +02:00
Andreas Rheinhardt
9d8f9b2e40 swresample/audioconvert: Fix left shift of negative value
Fixes ticket #8219.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-09-30 10:50:45 +02:00
James Almer
aa5e49e46d avcodec/av1dec: call ff_cbs_flush() on decoder flush
Signed-off-by: James Almer <jamrial@gmail.com>
2020-09-29 21:38:27 -03:00
James Almer
3392c1b05e avcodec/av1dec: fix check for active sequence header
We clear the AV1RawSequenceHeader pointer on flush, not the relevant AVBufferRef.

Signed-off-by: James Almer <jamrial@gmail.com>
2020-09-29 21:38:27 -03:00
James Almer
ea4b10249d avcodec/av1dec: parse dimensions from the sequence header in extradata
Signed-off-by: James Almer <jamrial@gmail.com>
2020-09-29 21:38:27 -03:00
James Almer
421906dddb avcodec/cbs_vp9: implement a CodedBitstreamType.flush() callback
Signed-off-by: James Almer <jamrial@gmail.com>
2020-09-29 21:38:27 -03:00
James Almer
0c84253353 avcodec/cbs_h2645: implement CodedBitstreamType.flush() callbacks
Signed-off-by: James Almer <jamrial@gmail.com>
2020-09-29 21:38:27 -03:00
James Almer
dfd184eed5 avcodec/cbs_av1: implement a CodedBitstreamType.flush() callback
Signed-off-by: James Almer <jamrial@gmail.com>
2020-09-29 21:38:27 -03:00
James Almer
515b6419ca avcodec/cbs: add a flush callback to CodedBitstreamType
Used to reset the codec's private internal state.

Signed-off-by: James Almer <jamrial@gmail.com>
2020-09-29 21:38:27 -03:00
Paul B Mahol
23d0754165 avfilter/vf_v360: stop using floats variables in xyz_to_octahedron
Use proper integer variables.
2020-09-30 00:09:22 +02:00
Timo Rothenpieler
a96743a05c avcodec/cuviddec: handle arbitrarily sized extradata 2020-09-29 23:29:04 +02:00
Andreas Rheinhardt
5bc74d06da avcodec/utils: Only call codec->close if init has been called
avcodec_open2() also called the AVCodec's close function if an error
happened before init had ever been called if the AVCodec has the
FF_CODEC_CAP_INIT_CLEANUP flag set. This is against the documentation of
said flag: "The codec allows calling the close function for deallocation
even if the init function returned a failure."

E.g. the SVQ3 decoder is not ready to be closed if init has never been
called.

Fixes: NULL dereference
Fixes: 25762/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SVQ3_fuzzer-5716279070294016

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-09-29 21:18:19 +02:00
Mark Thompson
4fceb2634e Revert "avfilter/setparams: add FF_FILTER_FLAG_HWFRAME_AWARE"
This reverts commit 5bbf58ab87.

The setparams filters are not hwframe aware, so the default context
passthrough behaviour is needed to allow using them with hardware frames.
2020-09-29 17:07:43 +01:00
Paul B Mahol
12585c87e6 avfilter/vf_v360: simplify input flipping 2020-09-29 14:21:22 +02:00
Paul B Mahol
86b29c0cd0 avfilter/vf_v360: split maps into slices 2020-09-29 14:21:20 +02:00
Mingyu Yin
ad2546e3b3 dnn/native: add native support for dense
Signed-off-by: Mingyu Yin <mingyu.yin@intel.com>
2020-09-29 14:19:55 +08:00
Rick Kern
adcdf0bc60 libavcodec/videotoolboxenc: Fix crash when frame received after error
Signed-off-by: Rick Kern <kernrj@gmail.com>
2020-09-28 21:48:23 -04:00
Tian Qi
9837f5a643 avcodec/videotoolboxenc: move pthread_cond_signal after add buffer to the queue
In the VT encoding insertion by FFmpeg,
and vtenc_q_push is callback to add the encoded data
to the singly linked list group in VTEncContext,
and consumers are notified to fetch it.
However, because it first informs consumers of pthread_cond_signal,
and then inserts the data into the tail,
there is a multi-thread safety hazard.

Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
Signed-off-by: Rick Kern <kernrj@gmail.com>
2020-09-28 21:46:40 -04:00
Tian Qi
1cbea3f9ca avcodec/videotoolboxenc: don't wait when flushing data
because there is run in thread mode, few times will block
the workflow at the wait, so check the status is flushing data,
don't wait when flushing data.

Signed-off-by: Tian Qi <tianqi@kuaishou.com>
Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
Signed-off-by: Rick Kern <kernrj@gmail.com>
2020-09-28 21:46:30 -04:00
Zhao Zhili
d80d91d213 avcodec/videotoolboxenc: fix use after destroy
The lock is used in clear_frame_queue().

Signed-off-by: Rick Kern <kernrj@gmail.com>
2020-09-28 21:46:23 -04:00
Zhao Zhili
419d2524a8 avcodec/videotoolboxenc: fix align issue
bool a53_cc is accessed as int:
src/libavutil/opt.c:129:9: runtime error: store to misaligned
address 0x7fbf454121a3 for type 'int', which requires 4 byte alignment

Signed-off-by: Rick Kern <kernrj@gmail.com>
2020-09-28 21:45:54 -04:00