Commit Graph

96027 Commits

Author SHA1 Message Date
Zhao Zhili
71fd72070c avutil/buffer: use appropriate atomic operations
No functional changes. ref/unref vs add/sub is symmetrical.

Signed-off-by: James Almer <jamrial@gmail.com>
2019-12-05 20:53:52 -03:00
James Almer
964eb754b4 tools: add a fuzzer tool for bitstream filters
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
2019-12-05 20:49:15 -03:00
Michael Niedermayer
37f31f4e50 avcodec/fitsdec: Use lrint()
Fixes: fate-fitsdec-bitpix-64

Possibly Fixes: -nan is outside the range of representable values of type 'unsigned short'
Possibly Fixes: 17769/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FITS_fuzzer-5678314672357376

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-05 20:20:05 +01:00
Andreas Rheinhardt
4825d8a98d avformat/mpeg: Fix leaks of AVFormatContext and subtitle packets
If an error happens in vobsub_read_header() after allocating the
AVFormatContext intended to read the sub-file, both the AVFormatContext
as well as the data in the subtitles queues leaks. This has been fixed.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-05 17:22:40 +01:00
Andreas Rheinhardt
bc3cf2bbd3 avformat/mpeg: Don't copy or leak string in AVBPrint
vobsub_read_header() uses an AVBPrint to write a string and up until
now, it collected the string stored in the AVBPrint via
av_bprint_finalize(), which might involve an allocation and copy of the
string. But this is unnecessary, as the lifetime of the returned string
does not exceed the lifetime of the AVBPrint. So use the string in the
AVBPrint directly.

This also makes it possible to easily fix a memleak: In certain error
situations, the string stored in the AVBPrint would not be freed (if it
was dynamically allocated). This has been fixed, too.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-05 17:22:40 +01:00
Andreas Rheinhardt
3f37880c05 avformat/mpeg: Make VobSub demuxer have its own context struct
When the VobSub demuxer was added, the fields it required were simply
added to the MpegDemuxContext (if the VobSub demuxer was selected at
all). The mpeg demuxer of course doesn't use these fields even if they
are there; and the VobSub demuxer doesn't use the old ones: It opens an
mpeg subdemuxer of its own and uses this where a mpeg demuxer is
required. Hence the two contexts can be split, saving memory.

Furthermore several headers can now be moved to the section that is
guarded by #if CONFIG_VOBSUB_DEMUXER (this even includes avassert.h
which was unguarded and has been added in 9cde9f70 despite not being
used in that patch).

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-05 17:22:40 +01:00
Andreas Rheinhardt
d5274f86a8 avformat/matroskadec: Reuse AVIOContext
When parsing EBML lacing, for every number read, a new AVIOContext has
been initialized (via ffio_init_context()) just for this number. This
has been changed: The context is kept now.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
2019-12-04 23:11:37 -03:00
Andreas Rheinhardt
dbe3be6744 avformat/matroskadec: Improve frame size parsing error messages
When parsing the sizes of the frames in a lace fails, sometimes no
error message was raised (e.g. when using xiph or fixed-size lacing).
Only EBML lacing generated error messages (which were wrongly declared
as AV_LOG_INFO), but even here not all errors resulted in an error
message. So add a generic error message to catch them all.

Moreover, if parsing one of the EBML numbers fails, ebml_read_num already
emits its own error messages, so that all that is needed is a generic error
message to indicate that this happened during parsing the sizes of the
frames in a block; in other words, the error messages specific to
parsing EBML lace numbers can be and have been removed.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
2019-12-04 23:11:37 -03:00
Andreas Rheinhardt
f74eaa17bb avformat/matroskadec: Remove unnecessary check
870e7552 introduced validating the lace sizes when they are parsed and
removed the old check; yet when merging this libav commit in 6902c3ac,
the old check for whether the frame extends beyond the frame has been kept.
It is unnecessary and has been removed.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
2019-12-04 23:11:37 -03:00
Andreas Rheinhardt
a69f92a946 avformat/matroskadec: Simplify control flow of parsing laces
Up until now, when an error happened in one of the inner loops in
matroska_parse_laces, a variable designated for the return value has
been set to an error value and break has been used to exit the
current loop/case. This was done so that the end of matroska_parse_laces
is reached, because said function allocated memory which is later used
and freed in the calling function and passed at the end of
matroska_parse_laces.

But given that there is no allocation any more, one can now return
immediately. And this commit does this.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
2019-12-04 23:11:37 -03:00
Andreas Rheinhardt
9ad1a6d64c avformat/matroskadec: Avoid allocating array for lace sizes
The maximal number of frames in a lace can be 256; hence one has a not
excessive upper bound on the size of an array that can hold the sizes of
all the frames in a lace. Yet up until now, said array has been
dynamically allocated. This has been changed.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
2019-12-04 23:11:37 -03:00
Andreas Rheinhardt
668490ac98 avformat/matroskadec: Use bytestream API instead of AVIOContext
It avoids the overhead of function calls.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
2019-12-04 23:11:37 -03:00
Andreas Rheinhardt
eec26b5911 avformat/matroskadec: avcodec/tta: Set extradata_size to 22
Up until c4e0e314, the seek table has been included in the tta
extradata, so that the size of said extradata was 22 (the size of a TTA1
header) + 4 * number of frames. The decoder rejected anything below a
size of 30 and so the Matroska demuxer exported 30 byte long extradata,
of which only 18 were set (it ignores a CRC-32 and simply leaves it at
0). But this is unnecessary since said commit, so reduce the size to 22.

Furthermore, replace 30 by 22 in a comment about the extradata size in
libavcodec/tta.c.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
2019-12-04 23:11:37 -03:00
Andreas Rheinhardt
f7bf59b431 avformat/matroskadec: Check before allocations
That way one doesn't have to free later. In this case (concerning TTA
extradata), this also fixes a memleak when the output samplerate is
invalid.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
2019-12-04 23:11:37 -03:00
James Almer
94fd85d81d fate/matroska: add a test for xiph lacing
Signed-off-by: James Almer <jamrial@gmail.com>
2019-12-04 22:52:01 -03:00
hwren
0bafcc9874 lavc/libxavs2.c: optimize error descriptions
Signed-off-by: hwren <hwrenx@126.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-04 20:21:34 +01:00
hwren
191203aa1f lavc/libxavs2.c: fix code style - spaces
Signed-off-by: hwren <hwrenx@126.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-04 20:17:00 +01:00
hwren
6721cd942a lavc/libxavs2.c: avoid recomputations of pointers in xavs2_copy_frame* functions
Signed-off-by: hwren <hwrenx@126.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-04 20:17:00 +01:00
hwren
3003917a8f lavc/libxavs2.c: use more descriptive variable names in xavs2_copy_frame* functions
Signed-off-by: hwren <hwrenx@126.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-04 20:17:00 +01:00
Limin Wang
0485033ae1 avfilter/vf_elbg: Fix for the seed type
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-04 20:17:00 +01:00
Andreas Rheinhardt
296f769fdc avformat/rmdec: Use av_packet_move_ref() for packet ownership transfer
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-04 20:17:00 +01:00
Kusanagi Kouichi
12bbfc4cca avdevice/xcbgrab: Handle reply and error properly
Fix a NULL dereference and leaks.

Signed-off-by: Kusanagi Kouichi <slash@ac.auone-net.jp>
Signed-off-by: Marton Balint <cus@passwd.hu>
2019-12-03 21:13:00 +01:00
Michael Niedermayer
5ac8675cb1 tools/target_dec_fuzzer: Support setting AV_CODEC_FLAG2_FAST
This should improve coverage

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-03 16:06:33 +01:00
Michael Niedermayer
3ae87bb3c1 tools/target_dec_fuzzer: Support fuzzing error detection
This should increase coverage

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-03 16:06:20 +01:00
Marton Balint
1e0ea36945 avformat/mpegtsenc: add padding to m2ts streams
6144 byte alignment is needed.

Signed-off-by: Marton Balint <cus@passwd.hu>
2019-12-03 11:00:11 +01:00
Marton Balint
998906a0a4 avformat/mpegtsenc: factorize writing packet
Signed-off-by: Marton Balint <cus@passwd.hu>
2019-12-03 11:00:11 +01:00
Marton Balint
db63db3977 avformat/mpegtsenc: move around setting m2ts_mode
Signed-off-by: Marton Balint <cus@passwd.hu>
2019-12-03 11:00:11 +01:00
Marton Balint
565dc3e451 avformat/mpegtsenc: set priority flag for AC3 codecs if writing BluRay
Signed-off-by: Marton Balint <cus@passwd.hu>
2019-12-03 11:00:11 +01:00
Marton Balint
f5b83d5419 avformat/mpegtsenc: allow any sensible PID for elementary and PMT PIDs
This sets the range of the first automatically assigned PMT PID or elementary
stream PID parameters to [0x20, 0x1ffa]. You can still assign manually a PID
for a stream using AVStream->id in the wider [0x10, 0x1ffe] range as specified
by ISO13818-1. But since DVB and ATSC both reserves some PIDs, let's not allow
them to be automatically assigned.

Also make sure that assigned PID numbers are valid and fix the error message
for the previous PID collision checks.

Signed-off-by: Marton Balint <cus@passwd.hu>
2019-12-03 11:00:10 +01:00
Guo, Yejun
b864af033d MAINTAINERS: add myself to libavfilter/dnn
Signed-off-by: Guo, Yejun <yejun.guo@intel.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-03 09:52:17 +01:00
Linjie Fu
8fc8bdddbf libavformat/utils: Fix code indentation
Introduced since 077939626e.

Signed-off-by: Linjie Fu <linjie.fu@intel.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-03 09:50:00 +01:00
Andreas Rheinhardt
710ab13693 avfilter/vf_unsharp: Don't dereference NULL
The unsharp filter uses an array of arrays of uint32_t, each of which is
separately allocated. These arrays also need to freed separately; but
before doing so, one needs to check whether the array of arrays has
actually been allocated, otherwise one would dereference a NULL pointer.
This fixes #8408.

Furthermore, the array of arrays needs to be zero-initialized so that
no uninitialized pointer will be freed in case an allocation of one of
the individual arrays fails.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-03 09:50:00 +01:00
James Almer
968c4cbf22 fate/cbs: add svc AV1 tests
Signed-off-by: James Almer <jamrial@gmail.com>
2019-12-02 14:45:02 -03:00
James Almer
5985ca0436 avcodec/av1_parser: skip frames with spatial_id > 0
This fixes marking keyframes in svc samples.

Signed-off-by: James Almer <jamrial@gmail.com>
2019-12-02 14:38:52 -03:00
Zhao Zhili
f9d4366912 avfilter/buffersrc: remove write-only variable 2019-12-02 17:28:16 +01:00
James Almer
637742b45d fate/cbs: add a decode model AV1 test
Signed-off-by: James Almer <jamrial@gmail.com>
2019-12-01 16:53:11 -03:00
James Almer
af7ab32b89 fate/cbs: add a switch frame AV1 test
Signed-off-by: James Almer <jamrial@gmail.com>
2019-12-01 16:53:11 -03:00
James Almer
553c1431ac Revert "avcodec/cbs_av1_syntax_template: Check ref_frame_idx before use"
This reverts commit 8174e5c77d.

It's no longer needed after the previous commit.

Signed-off-by: James Almer <jamrial@gmail.com>
2019-12-01 16:53:11 -03:00
James Almer
eced91afa5 avcodec/cbs_av1: implement missing set_frame_refs() function
Defined in Section 7.8

This finishes implementing support for frames using
frame_refs_short_signaling.

Signed-off-by: James Almer <jamrial@gmail.com>
2019-12-01 16:53:11 -03:00
Michael Niedermayer
a11aa5f3ed avcodec/alsdec: Discard frames for which no channel could be decoded
Fixes: Timeout (80sec -> 33sec)
Fixes: 18668/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5710836719157248

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-01 17:17:04 +01:00
Michael Niedermayer
fd3c34ff30 avcodec/alsdec: Avoid 1 layer of pointer dereferences in INTERLEAVE_OUTPUT()
This optimizes the code slightly (116 -> 80sec)
Testcase: 18668/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5710836719157248

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-01 17:17:04 +01:00
Michael Niedermayer
0ddef00457 avcodec/g729dec: Avoid one multiply by using init_get_bits8()
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-01 17:17:04 +01:00
Michael Niedermayer
336f9461df avcodec/g729dec: Avoid using buf_size
buf_size is not updated as buf is advanced so it is wrong after the first
iteration

Fixes: Timeout (160sec -> 27sec)
Fixes: 18658/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G729_fuzzer-5729784269373440

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-01 17:17:04 +01:00
Michael Niedermayer
576746b4e3 avcodec/g729dec: Factor block_size out
This will be used in the next commit

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-01 17:17:04 +01:00
Michael Niedermayer
f64be9da4c avcodec/g729dec: require buf_size to be non 0
The 0 case was added with the support for multiple packets. It
appears unintended and causes extra complexity and out of array
accesses (though within padding)

No testcase

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-01 17:17:04 +01:00
Michael Niedermayer
d468da8d79 avcodec/g729dec: Check for KELVIN && 6k4
This combination would assume different block sizes throughout the code so its
better to error out.

Fixes: signed integer overflow: -1082385168 * 2 cannot be represented in type 'int'
Fixes: 19110/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ACELP_KELVIN_fuzzer-5643993950191616

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-01 17:17:04 +01:00
Michael Niedermayer
7686ba1f14 avcodec/alac: Fix integer overflow in lpc_prediction() with sign
Fixes: signed integer overflow: -2147483648 * -1 cannot be represented in type 'int'
Fixes: 18643/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5672182449700864

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-01 17:17:04 +01:00
Michael Niedermayer
589cb44498 avcodec/wmaprodec: Fix buflen computation in save_bits()
Fixes: Assertion failure
Fixes: 18630/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAPRO_fuzzer-5201588654440448

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-01 17:17:04 +01:00
Michael Niedermayer
0e010e489b avcodec/vc1_block: Fix integer overflow in AC rescaling in vc1_decode_i_block_adv()
Fixes: signed integer overflow: 50176 * 262144 cannot be represented in type 'int'
Fixes: 18629/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5182370286403584

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-01 17:17:04 +01:00
Michael Niedermayer
47d963335e avcodec/vmdaudio: Check chunk counts to avoid integer overflow
Fixes: signed integer overflow: 4 * 538976288 cannot be represented in type 'int'
Fixes: 18622/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VMDAUDIO_fuzzer-5092166174507008

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-01 17:17:04 +01:00