Commit Graph

232 Commits

Author SHA1 Message Date
Tomas Härdin
3b9e457647 lavu/common.h: Fix UB in av_clip_uintp2_c()
Found by value analysis
2024-06-14 14:28:25 +02:00
Tomas Härdin
60ab40be70 lavu/common.h: Fix UB in av_clip_intp2_c()
Found by value analysis
2024-06-14 14:28:25 +02:00
Tomas Härdin
818a487849 lavu/common.h: Fix UB in av_clipl_int32_c()
Found by value analysis
2024-06-14 14:28:24 +02:00
James Almer
4b57ea8fc7 avutil/common: assert that bit position in av_zero_extend is valid
Signed-off-by: James Almer <jamrial@gmail.com>
2024-06-13 20:36:09 -03:00
James Almer
39c90d6466 avutil: rename av_mod_uintp2 to av_zero_extend
It's more descriptive of what it does.

Signed-off-by: James Almer <jamrial@gmail.com>
2024-06-13 20:35:57 -03:00
Andreas Rheinhardt
790f793844 avutil/common: Don't auto-include mem.h
There are lots of files that don't need it: The number of object
files that actually need it went down from 2011 to 884 here.

Keep it for external users in order to not cause breakages.

Also improve the other headers a bit while just at it.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2024-03-31 00:08:43 +01:00
Andreas Rheinhardt
b6b33f7edd avutil/common: Move includes to the beginning of the file
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2024-02-21 00:23:39 +01:00
Andreas Rheinhardt
c3e3ea3c88 avutil: Move error.h from avutil.h to common.h
Up until now, avutil.h includes common.h which includes mem.h which
includes avutil.h, so that all these headers are in fact equivalent.
Yet mem.h does not need to include avutil.h at all and when it no longer
does, including common.h will no longer include error.h (included by
avutil.h) as well; change this by moving error.h to avutil.h, as error.h
is clearly a commonly used header.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2023-09-07 00:41:47 +02:00
Andreas Rheinhardt
155cd6baa4 Remove obsolete version.h inclusions
Forgotten in e7bd47e657bbf9e1ce9915e93bc80cb1a29fb7f3.

Reviewed-by: Martin Storsjö <martin@martin.st>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2022-02-24 12:56:49 +01:00
Mark Reid
c3502f4f75 libavutil/common: clip nan value to amin
Changes av_clipf to return amin if a is nan.
Before if a is nan av_clipf_c returned nan and
av_clipf_sse would return amax. Now the both
should behave the same.

This works because nan > amin is false.
The max(nan, amin) will be amin.

Signed-off-by: James Almer <jamrial@gmail.com>
2021-11-15 16:50:08 -03:00
Andreas Rheinhardt
2dd8acbe80 avutil/common, macros: Move several macros from common.h to macros.h
common.h currently contains several things: Math macros, UTF-8 macros,
other fundamental macros; furthermore it also contains miscellaneous
math functions and it (directly and indirectly) includes lots of other
headers.

This commit moves the "other fundamental macros" to macros.h which is
a more fitting place.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2021-07-29 22:02:05 +02:00
Andreas Rheinhardt
bd50e715a9 avutil/common: Move everything inside inclusion guards
libavutil/common.h is a public header that provides generic math
functions whereas libavutil/intmath.h is a private header that contains
plattform-specific optimized versions of said math functions. common.h
includes intmath.h (when building the FFmpeg libraries) so that the
optimized versions are used for them.

This interdependency sometimes causes trouble: intmath.h once contained
an inlined ff_sqrt function that relied upon av_log2_16bit. In case there
was no optimized logarithm available on this plattform, intmath.h needed
to include common.h to get the generic implementation and this has been
done after the optimized versions (if any) have been provided so that
common.h used the optimized versions; it also needed to be done before
ff_sqrt. Yet when intmath.h was included from common.h and if an ordinary
inclusion guard was used by common.h, the #include "common.h" in intmath.h
was a no-op and therefore av_log2_16bit was still unknown at the end of
intmath.h (and also in ff_sqrt) if no optimized version was available.

Before a955b5965825631986ba854d007d4e934e466c7d this was solved by
duplicating the #ifndef av_log2_16bit check after the inclusion of
common.h in intmath.h; said commit instead moved these checks to the
end of common.h, outside the inclusion guards and made common.h include
itself to get these unguarded defines. This is still the current
state of affairs.

Yet this is unnecessary since 9734b8ba56d05e970c353dfd5baafa43fdb08024
as said commit removed ff_sqrt as well as the #include "common.h" from
intmath.h. Therefore this commit moves everything inside the inclusion
guards and makes common.h not include itself.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-02-11 09:07:10 +01:00
Michael Niedermayer
1bda9bb68a libavutil/common: Add FFABS64U()
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-02-10 12:28:29 +01:00
Michael Niedermayer
5dd9567080 avutil/common: Add FFABSU() for a signed -> unsigned ABS
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-01-26 18:37:12 +01:00
Michael Niedermayer
4e9514e99b avutil/common: Implement av_sat_add64_c() with fewer branches
No benchmark because this is not used in any speed relevant pathes nor is it
used where __builtin_add_overflow is available.
So I do not know how to realistically benchmark it.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-24 19:11:12 +02:00
Michael Niedermayer
e409262837 avutil/common: Fix integer overflow in av_ceil_log2_c()
Fixes: left shift of 1913647649 by 1 places cannot be represented in type 'int'
Fixes: 23572/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5082619795734528

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-06-30 20:35:23 +02:00
Dale Curtis
fda1c74539 Use gcc/clang builtins for av_sat_(add|sub)_64_c if available.
Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-05-27 21:05:52 +02:00
Dale Curtis
a7e1af3cb1 avutil/common: Add saturated add/sub operations for int64_t.
Many places are using their own custom code for handling overflow
around timestamps or other int64_t values. There are enough of these
now that having some common saturated math functions seems sound.

Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-05-15 22:03:36 +02:00
Marton Balint
6026384047 avutil/common: warn about possible move of the data pointer after the last 0 byte in GET_UTF8
Signed-off-by: Marton Balint <cus@passwd.hu>
2020-01-31 00:15:13 +01:00
Marton Balint
d9f5fe4ed7 avutil/common: put ERROR statements into separate code blocks in GET_UTF8/16
To be able to safely use more than one statement in ERROR.

Signed-off-by: Marton Balint <cus@passwd.hu>
2020-01-31 00:15:13 +01:00
Marton Balint
1466bb0bad avutil/common: add parenthesis around GET_16BIT in GET_UTF16
Signed-off-by: Marton Balint <cus@passwd.hu>
2020-01-31 00:15:13 +01:00
Marton Balint
5df1c1ad9a avutil/common: use unsigned int in GET_UTF8
Right shift of signed value is implementation defined.

Signed-off-by: Marton Balint <cus@passwd.hu>
2020-01-31 00:15:12 +01:00
Mengye Lv
9f353e376b avutil/common: Fix underflow for ROUNDED_DIV with unsigned integer
When used ROUNDED_DIV(a,b), if a is unsigned integer zero, it's
will lead to an underflow issue(it called unsigned integer
wrapping).

Fixes #8062

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Mengye Lv <mengyelv@tencent.com>
Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
2019-10-06 17:28:29 +08:00
Andreas Rheinhardt
ebd25a5ba5 avutil/common: Fix undefined shift
av_mod_uintp2_c uses a bitwise AND with (1 << p) - 1 to clear the high
bits of an unsigned int. But this is undefined if p == 31, because 1 is
an int and 2^31 is not representable in an int. So make 1 unsigned.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-09-18 22:53:00 +02:00
Michael Niedermayer
aa41d322be avutil/common: Fix undefined behavior in av_clip_uintp2_c()
Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 8521/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5639024952737792

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-06-15 21:52:29 +02:00
Michael Niedermayer
ab6f571ef7 avutil/common: Fix integer overflow in av_clip_uint8_c() and av_clip_uint16_c()
Fixes: 5567/clusterfuzz-testcase-minimized-5769966247739392
Fixes: runtime error: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-02-17 15:56:55 +01:00
Andrew D'Addesio
9b45bcf713 libavutil: Add saturating subtraction functions
Add av_sat_sub32 and av_sat_dsub32 as the subtraction analogues to
av_sat_add32/av_sat_dadd32.

Also clarify the formulas for dadd32/dsub32.

Signed-off-by: Andrew D'Addesio <modchipv12@gmail.com>
2017-12-04 07:28:45 +00:00
Derek Buitenhuis
21f9468402 avutil: Rename FF_CEIL_COMPAT to AV_CEIL_COMPAT
Libav, for some reason, merged this as a public API function. This will
aid in future merges.

A define is left for backwards compat, just in case some person
used it, since it is in a public header.

Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2016-01-27 16:36:46 +00:00
Andreas Cadhalpun
f8bc0137bd lavu: prevent overflow in av_clip_intp2_c
This fixes ubsan runtime error: signed integer overflow: 8388608 +
2140274688 cannot be represented in type 'int'

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-01-15 00:32:54 +01:00
Michael Niedermayer
9ca64c31d2 avutil/common: Protect GET_BYTE in GET_UTF8() by ()
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-13 03:09:08 +01:00
James Almer
28d5a3a74a lavu: rename and move ff_parity to av_parity
av_popcount is not defined in intmath.h.

Reviewed-by: ubitux
Signed-off-by: James Almer <jamrial@gmail.com>
2016-01-07 20:04:24 -03:00
Clément Bœsch
04826b7ff0 lavu/common: add an explanation to FF_CEIL_RSHIFT() 2016-01-07 22:34:04 +01:00
Clément Bœsch
84a967df03 lavu/common: fix FF_CEIL_RSHIFT() range comment 2016-01-07 22:20:22 +01:00
Hendrik Leppkes
4cf66a8193 Merge commit '50078c1c8070dd8d1c329e8117ff30ec72489039'
* commit '50078c1c8070dd8d1c329e8117ff30ec72489039':
  libavutil: move FFALIGN macro from common.h to macros.h

Merged-by: Hendrik Leppkes <h.leppkes@gmail.com>
2016-01-02 10:25:12 +01:00
Janne Grunau
50078c1c80 libavutil: move FFALIGN macro from common.h to macros.h
Include macros.h explicitly in common.h so that external code using
FFALIGN does not break. It was already implicitly included through
version.h. Include macros.h in lls.h and internal.h for FFALIGN.
lls.h was including common.h only for FFALIGN and internal.h was
missing the include for FFALIGN. `make checkheaders` did not catch it
because it's an internal header.
2015-12-14 16:16:55 +01:00
Michael Niedermayer
5c3dee7dad avutil: Move av_rint64_clip_* to internal.h
The function is renamed to ff_rint64_clip()

This should avoid build failures on VS2012
Feel free to changes this to a different solution

Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-15 03:47:09 +01:00
Ganesh Ajjanagadde
6f520ce1a6 avutil/common: add av_rint64_clip
The rationale for this function is reflected in the documentation for
it, and is copied here:

Clip a double value into the long long amin-amax range.
This function is needed because conversion of floating point to integers when
it does not fit in the integer's representation does not necessarily saturate
correctly (usually converted to a cvttsd2si on x86) which saturates numbers
> INT64_MAX to INT64_MIN. The standard marks such conversions as undefined
behavior, allowing this sort of mathematically bogus conversions. This provides
a safe alternative that is slower obviously but assures safety and better
mathematical behavior.
API:
@param a value to clip
@param amin minimum value of the clip range
@param amax maximum value of the clip range
@return clipped value

Note that a priori if one can guarantee from the calling side that the
double is in range, it is safe to simply do an explicit/implicit cast,
and that will be far faster. However, otherwise this function should be
used.

avutil minor version is bumped.

Reviewed-by: Ronald S. Bultje <rsbultje@gmail.com>
Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>
2015-11-13 21:48:16 -05:00
Ganesh Ajjanagadde
265f83fd35 avutil/common: add FFDIFFSIGN macro
This is of use for defining comparator callbacks. Common approaches like
return x-y are not safe due to the risks of overflow.
Furthermore, the (x > y) - (x < y) trick is optimized to branchless
code.
This also documents this macro accordingly.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>
2015-11-03 16:28:12 -05:00
Hendrik Leppkes
d96d0252fd Merge commit 'cdfe45ad371b7a8e6135b6c063b6b2a93152cb3a'
* commit 'cdfe45ad371b7a8e6135b6c063b6b2a93152cb3a':
  lavu: Drop deprecated av_reverse function

Merged-by: Hendrik Leppkes <h.leppkes@gmail.com>
2015-09-05 17:17:15 +02:00
Michael Niedermayer
d6cd614dac avutil/common: Add FFNABS()
This macro avoids the undefined corner case with the *_MIN values

Previous version Reviewed-by: Ganesh Ajjanagadde <gajjanag@mit.edu>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-09-03 09:05:50 +02:00
Michael Niedermayer
733511fb53 avutil/common: Document FFABS() corner case
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-09-03 02:18:01 +02:00
Vittorio Giovara
cdfe45ad37 lavu: Drop deprecated av_reverse function
Deprecated in 10/2012.
2015-08-28 16:04:27 +02:00
James Almer
d13e521cc8 libavutil: add av_mod_uintp2
Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: James Almer <jamrial@gmail.com>
2015-03-20 15:47:31 -03:00
Michael Niedermayer
85108195c5 avutil/common: minor simplification in av_clip_intp2_c()
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-03-02 01:07:50 +01:00
Michael Niedermayer
6d66e1a113 avutil/common: Fix integer overflow in av_clip_int8/16_c
Fixes: signal_sigsegv_30420a5_2388_cov_1489993561_integra_lavf.mp4

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-02-25 20:56:00 +01:00
Michael Niedermayer
88d850ecb3 Merge commit 'bf07d813f6c88b5a76980f321cf7272d799c4216'
* commit 'bf07d813f6c88b5a76980f321cf7272d799c4216':
  libavutil: Add av_clip_intp2

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2015-02-21 11:13:34 +01:00
Peter Meerwald
bf07d813f6 libavutil: Add av_clip_intp2
there already is a function, av_clip_uintp2() that clips a signed integer
to an unsigned power-of-two range, i.e. 0,2^p-1

this patch adds a function av_clip_intp2() that clips a signed integer
to a signed power-of-two range, i.e. -(2^p),(2^p-1)

the new function can be used as a special case for av_clip(), e.g.
av_clip(x, -8192, 8191) can be rewritten as av_clip_intp2(x, 13)

there are ARM instructions, usat and ssat resp., which map nicely to these
functions (see next patch)

Signed-off-by: Peter Meerwald <pmeerw@pmeerw.net>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2015-02-21 00:54:40 +01:00
Michael Niedermayer
ccdfa3e271 Merge remote-tracking branch 'qatar/master'
* qatar/master:
  Add missing #includes for *INT64_MAX and *INT64_C

Conflicts:
	ffmpeg.c
	ffmpeg_filter.c
	ffplay.c
	libavformat/assdec.c
	libavformat/avidec.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2013-11-24 05:21:19 +01:00
Diego Biurrun
8f8bc92365 Add missing #includes for *INT64_MAX and *INT64_C 2013-11-23 21:55:52 +01:00
Michael Niedermayer
66872161cb avutil/common: error out with clear message if __STDC_CONSTANT_MACROS is not defined with c++
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-11-05 22:10:02 +01:00