1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00
Commit Graph

422 Commits

Author SHA1 Message Date
Michael Niedermayer
3d7e6dbaf3 avcodec/h264_slice: Check input SPS in ff_h264_update_thread_context()
Fixes: crash
Fixes: check_pkt.mp4

Found-by: Rafael Dutra <rafael.dutra@cispa.de>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ceae92cb29)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-09-09 13:53:29 +02:00
Michael Niedermayer
322a0a6dd2 avcodec/h264_slice: Check sps in h264_slice_header_init()
Fixes: null pointer dereference
Fixes: h264_slice_header_init.mp4

Found-by: Rafael Dutra <rafael.dutra@cispa.de>
Tested-by: Rafael Dutra <rafael.dutra@cispa.de>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8047243899)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-09-09 13:53:29 +02:00
James Almer
347bcf6054 avcodec/h264_slice: clear old slice POC values on parsing failure
If a slice header fails to parse, and the next one uses different Sequence and
Picture parameter sets, certain values may not be read if they are not coded,
resulting in the previous slice values being used.

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit ce4a31cd1f)
2021-08-11 12:01:14 -03:00
Michael Niedermayer
c694273feb avcodec/h264_slice: Fix integer overflow in implicit_weight_table()
Fixes: signed integer overflow: 2 * 2132811760 cannot be represented in type 'int'
Fixes: 11156/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-6237685933408256

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 77e56d74f9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-01-21 07:53:26 +01:00
Josh de Kock
76a8c3b522 h264/pic_timing: support multiple timecodes 2018-10-23 15:46:30 +01:00
Devin Heitmueller
4241e44a3c lavc/h264: create AVFrame side data from H.264 timecodes
Create SMPTE ST 12-1 timecodes based on H.264 SEI picture timing
info.

For framerates > 30 FPS, the field flag is used in conjunction with
pairs of frames which contain the same frame timestamp in S12M.
Ensure the field is properly set per the spec.
2018-10-23 15:46:30 +01:00
Derek Buitenhuis
b1504e7796 h264_slice: Copy the value of x264_build before calling h264_slice_header_init during thread init
If we don't copy this value first, it is seen as 0 by h264_slice_header_init,
due to zero-allocation of the new context, triggering an old hack that
multiplied the denominator by 2 for files produced by old x264 versions, but
only if more than one thread was used.

Fixes #7475 and #7083.

Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2018-10-09 15:05:44 +01:00
Kieran Kunhya
c85852d3de h264: Support multi-field closed captions by using AVBufferRef and not resetting per field
Signed-off-by: Josh de Kock <joshdk@obe.tv>
2018-08-17 16:24:19 +01:00
John Stebbins
08b1d1d812 h264_slice: Fix return of incomplete frames from decoder
When not using libavformat for demuxing, AVCodecContext.has_b_frames
gets set too late causing the recovery frame heuristic in h264_refs to
incorrectly flag an early frame as recovered.

This patch sets has_b_frames earlier to prevent improperly flagging the
frame as recovered.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-06-28 21:35:01 +02:00
Michael Niedermayer
8c02cd8ca0 avcodec/h264_slice: Fix integer overflow with last_poc
Fixes: signed integer overflow: 2147483646 - -2816 cannot be represented in type 'int'
Fixes: crbug 823145

Reported-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-04-12 23:52:59 +02:00
Michael Niedermayer
1be49cee34 avcodec/h264: Increase field_poc to 64bit in ff_h264_init_poc() to detect overflows
Fixes: Integer overflow
Fixes: 5746/clusterfuzz-testcase-minimized-6270097623613440

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-02-17 20:31:39 +01:00
Michael Niedermayer
476665d4de avcodec/h264_slice: Do not attempt to render into frames already output
Fixes: null pointer dereference
Fixes: 4698/clusterfuzz-testcase-minimized-5096956322906112

This testcase does not reproduce the issue before 03b82b3ab9

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2018-01-07 04:47:32 +01:00
James Almer
e01d2c00ae avcodec/h264_slice: use H264_SEI_FpaType enum constants
Cosmetic change.

Signed-off-by: James Almer <jamrial@gmail.com>
2017-12-01 01:18:47 -03:00
James Almer
5e9b39b373 avcodec/h264_sei: remove redundant prefix to H264SEIFramePacking fields
Cosmetic change.

Signed-off-by: James Almer <jamrial@gmail.com>
2017-12-01 01:10:11 -03:00
James Almer
d268094f88 Merge commit '99e9697e3a12ab4a6638a36b95edafd6a98f9eaa'
* commit '99e9697e3a12ab4a6638a36b95edafd6a98f9eaa':
  stereo3d: Support view type for frame sequence type

Merged-by: James Almer <jamrial@gmail.com>
2017-11-29 21:06:49 -03:00
Vittorio Giovara
99e9697e3a stereo3d: Support view type for frame sequence type
Implement detection in h264 and hevc and insertion in framepack filter.

Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
2017-11-28 14:56:51 -05:00
Anton Khirnov
0e00624389 h264dec: add a NVDEC hwaccel
Some parts of the code are based on a patch by
Timo Rothenpieler <timo@rothenpieler.org>

Merges Libav commit b9129ec466.

Due to the name clash with our cuvid decoder, rename it to nvdec.

This commit also changes the Libav code to dynamic loading of the
cuda/cuvid libraries.

Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
2017-11-10 22:48:53 +01:00
James Almer
bc987cf91d Merge commit '45c4bf3df03ef53ae61fa1473424d4ae024f22e4'
* commit '45c4bf3df03ef53ae61fa1473424d4ae024f22e4':
  h264dec: track the last seen value of x264_build

Merged-by: James Almer <jamrial@gmail.com>
2017-11-08 14:23:48 -03:00
Clément Bœsch
2b32031827 lavc: drop VDA
Deprecated (aka removed) in OSX 10.11, and we have a replacement for it
(VideoToolbox).
2017-10-23 11:56:15 +02:00
James Almer
c68a3ab96e Merge commit '7b917041184874e7d7cba4450813de7e0bb28a33'
* commit '7b917041184874e7d7cba4450813de7e0bb28a33':
  lavc: Drop deprecated VDPAU codec capability

Merged-by: James Almer <jamrial@gmail.com>
2017-10-21 23:40:03 -03:00
Mark Thompson
6eb102a616 h264_sei: Add namespace prefix to all SEI values
This avoids confusion with equivalent H.265 SEI values when both are
being used at the same time.

(cherry picked from commit 6ea220cbee)
2017-09-12 22:29:31 +01:00
Vittorio Giovara
8c34a2024d h264: Add support for alternative transfer characterics SEI
The use of this SEI is for backward compatibility in HLG HDR systems:
older devices that cannot interpret the "arib-std-b67" transfer will
get the compatible transfer (usually bt709 or bt2020) from the VUI,
while newer devices that can interpret HDR will read the SEI and use
its value instead.

Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
2017-08-10 15:40:16 +02:00
Vittorio Giovara
ebf3b9e8a8 h264: Add support for alternative transfer characterics SEI
The use of this SEI is for backward compatibility in HLG HDR systems:
older devices that cannot interpret the "arib-std-b67" transfer will
get the compatible transfer (usually bt709 or bt2020) from the VUI,
while newer devices that can interpret HDR will read the SEI and use
its value instead.

Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
2017-08-10 15:32:59 +02:00
Michael Niedermayer
1f53bde6d8 avcodec/h264_slice: Fix overflow in slice offset
Fixes: runtime error: signed integer overflow: 1610612736 * 2 cannot be represented in type 'int'
Fixes: 2817/clusterfuzz-testcase-minimized-5289691240726528

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-08-05 23:56:52 +02:00
Wan-Teh Chang
8c3b329da2 avcodec/h264_slice: don't sync default_ref[] between threads.
default_ref[] is unconditionally initialized in h264_initialise_ref_list()
(called from ff_h264_build_ref_list(), called from h264_slice_init()).

This fixes the following tsan warning when running fate-h264:

WARNING: ThreadSanitizer: data race (pid=31070)
  Write of size 8 at 0x7bbc000082a8 by thread T1 (mutexes: write M1628):
    #0 memcpy /work/release-test/final/llvm.src/projects/compiler-rt/lib/tsan/../sanitizer_common/sanitizer_common_interceptors.inc:655:5
(ffmpeg+0x10de9d)
    #1 h264_initialise_ref_list ffmpeg/libavcodec/h264_refs.c:214:29 (ffmpeg+0x1186b3f)
    #2 ff_h264_build_ref_list ffmpeg/libavcodec/h264_refs.c:306 (ffmpeg+0x1186b3f)
    #3 h264_slice_init ffmpeg/libavcodec/h264_slice.c:1900:11 (ffmpeg+0x1191149)
[..]
  Previous read of size 8 at 0x7bbc000082a8 by main thread (mutexes:
write M1630):
    #0 memcpy /work/release-test/final/llvm.src/projects/compiler-rt/lib/tsan/../sanitizer_common/sanitizer_common_interceptors.inc:655:5
(ffmpeg+0x10de9d)
    #1 ff_h264_update_thread_context ffmpeg/libavcodec/h264_slice.c:411:5 (ffmpeg+0x118b7dc)

Signed-off-by: Wan-Teh Chang <wtc@google.com>
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2017-07-27 17:14:17 -04:00
Anton Khirnov
b9129ec466 h264dec: add a CUVID hwaccel
Some parts of the code are based on a patch by
Timo Rothenpieler <timo@rothenpieler.org>
2017-07-26 23:24:34 +02:00
Anton Khirnov
45c4bf3df0 h264dec: track the last seen value of x264_build
Do not use the one in the SEI directly as that is reset at certain
points.

Inspired by patches from Michael Niedermayer <michaelni@gmx.at> and
Anton Mitrofanov <BugMaster@narod.ru>.

CC: libav-stable@libav.org
2017-07-26 23:23:13 +02:00
Michael Niedermayer
7592d97f10 avcodec/h264_slice: Fix signed integer overflow
Fixes: runtime error: signed integer overflow: 26 + 2147483644 cannot be represented in type 'int'
Fixes: 2456/clusterfuzz-testcase-minimized-4822695051001856

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-07-05 03:19:27 +02:00
wm4
70143a3954 dxva: add support for new dxva2 and d3d11 hwaccel APIs
This also adds support to avconv (which is trivial due to the new
hwaccel API being generic enough).

The new decoder setup code in dxva2.c is significantly based on work by
Steve Lhomme <robux4@gmail.com>, but with heavy changes/rewrites.

Merges Libav commit f9e7a2f95a.
Also adds untested VP9 support.
The check for DXVA2 COBJs is removed. Just update your MinGW to
something newer than a 5 year old release.

Signed-off-by: Diego Biurrun <diego@biurrun.de>
2017-06-27 18:05:02 +02:00
Michael Niedermayer
09096fb687 avcodec/h264_parse: Check picture structure when initializing weight table
Fixes: runtime error: index 49 out of bounds for type 'int [48][2][2]'
Fixes: 2159/clusterfuzz-testcase-minimized-5267945972301824

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-06-10 00:48:23 +02:00
wm4
f9e7a2f95a dxva: add support for new dxva2 and d3d11 hwaccel APIs
This also adds support to avconv (which is trivial due to the new
hwaccel API being generic enough).

The new decoder setup code in dxva2.c is significantly based on work by
Steve Lhomme <robux4@gmail.com>, but with heavy changes/rewrites.

Signed-off-by: Diego Biurrun <diego@biurrun.de>
2017-06-08 21:20:18 +02:00
James Almer
07596e45c5 avcodec/h264dec: export cropping information instead of handling it internally
This merges commit c3e84820d6 from libav,
originally written by Anton Khirnov and skipped in
fc63d5ceb3.

 libavcodec/h264_picture.c |  3 ---
 libavcodec/h264_ps.c      |  9 ---------
 libavcodec/h264_slice.c   | 25 +++++++++++++++++++------
 libavcodec/h264dec.c      | 13 +------------
 libavcodec/h264dec.h      |  9 +++++----
 5 files changed, 25 insertions(+), 34 deletions(-)
2017-05-26 11:15:45 -03:00
James Almer
6505e8cfd0 avcodec/h264dec: be more explicit in handling container cropping
This merges commit 4fded0480f from libav,
originally written by Anton Khirnov and skipped in
fc63d5ceb3.

 libavcodec/h264_slice.c | 20 +++++++++++++-------
 libavcodec/h264dec.c    |  3 +++
 libavcodec/h264dec.h    |  5 +++++
 3 files changed, 21 insertions(+), 7 deletions(-)
2017-05-26 11:15:45 -03:00
Mark Thompson
6ea220cbee h264_sei: Add namespace prefix to all SEI values
This avoids confusion with equivalent H.265 SEI values when both are
being used at the same time.
2017-05-16 22:23:14 +01:00
Ronald S. Bultje
7f05c5cea0 h264: don't re-call ff_h264_direct_ref_list_init() w/ frame-mt.
I'm hoping that this will address the remaining tsan fate-h264 issues:

WARNING: ThreadSanitizer: data race (pid=24478)
  Read of size 8 at 0x7dbc0001c828 by main thread (mutexes: write M3243):
    #0 ff_h264_ref_picture src/libavcodec/h264_picture.c:107 (ffmpeg+0x0000013b78d8)
[..]
  Previous write of size 1 at 0x7dbc0001c82e by thread T2 (mutexes: write M3245):
    #0 ff_h264_direct_ref_list_init src/libavcodec/h264_direct.c:137 (ffmpeg+0x000001382c93)

But I'm not sure because I haven't been able to reproduce locally.
2017-04-07 13:29:45 -04:00
Michael Niedermayer
08117a4015 avcodec/h264: Check weight values to be within the specs limits.
Fixes: integer overflows
Fixes: 911/clusterfuzz-testcase-5415105606975488

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Reviewed-by: "Ronald S. Bultje" <rsbultje@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-04-07 15:33:17 +02:00
Ronald S. Bultje
083300bea9 pthread_frame: allow per-field ThreadFrame owners.
This tries to handle cases where separate invocations of decode_frame()
(each running in separate threads) write to respective fields in the
same AVFrame->data[]. Having per-field owners makes interaction between
readers (the referencing thread) and writers (the decoding thread)
slightly more optimal if both accesses are field-based, since they will
use the respective producer's thread objects (mutex/cond) instead of
sharing the thread objects of the first field's producer.

In practice, this fixes the following tsan-warning in fate-h264:

WARNING: ThreadSanitizer: data race (pid=21615)
  Read of size 4 at 0x7d640000d9fc by thread T2 (mutexes: write M1006):
    #0 ff_thread_report_progress pthread_frame.c:569 (ffmpeg:x86_64+0x100f7cf54)
[..]
  Previous write of size 4 at 0x7d640000d9fc by main thread (mutexes: write M1004):
    #0 update_context_from_user pthread_frame.c:335 (ffmpeg:x86_64+0x100f81abb)
2017-04-06 10:03:27 -04:00
Ronald S. Bultje
8c2aa45d4a h264: revert 1189af4292.
The patch introduces race conditions.
2017-03-28 18:04:27 -04:00
Michael Niedermayer
d7b2bb5391 h264_sei: Check actual presence of picture timing SEI message
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
2017-02-28 10:32:50 -05:00
Michael Niedermayer
6a37abc59a avcodec/h264_sei: Check actual presence of SEI picture timing instead of implying it
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-02-15 00:19:50 +01:00
Michael Niedermayer
c03029a835 avcodec/h264_slice: Clear ref_counts on redundant slices
Fixes reading freed memory
Fixes: 568/clusterfuzz-testcase-6107186067406848

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-02-08 18:31:04 +01:00
Diego Biurrun
d4c2103bd3 golomb: Convert to the new bitstream reader 2017-01-31 17:46:19 +01:00
Clément Bœsch
7448019890 Merge commit '38efff92f1ef81f3de20ff0460ec7b70c253d714'
* commit '38efff92f1ef81f3de20ff0460ec7b70c253d714':
  FATE: add a test for H.264 with two fields per packet
  h264: fix decoding multiple fields per packet with slice threads

This merge includes two commits because the FATE test was useful in
order to make proper testing.

The merge gets rid of the now unused:
- SLICE_SINGLETHREAD and SLICE_SKIPED macros
- max_contexts
- "again" label in decode_nal_units()

This commit also includes the fix from d3e4d406b.

Thanks to wm4 and Michael Niedermayer for their testing.

Merged-by: Clément Bœsch <u@pkh.me>
Merged-by: Matthieu Bouron <matthieu.bouron@gmail.com>
2017-01-24 16:13:03 +01:00
Clément Bœsch
e5ac554ba7 lavc/h264: simplify find_unused_picture() 2017-01-19 10:34:10 +01:00
Matthieu Bouron
bdbbb8f11e Merge commit 'f450cc7bc595155bacdb9f5d2414a076ccf81b4a'
* commit 'f450cc7bc595155bacdb9f5d2414a076ccf81b4a':
  h264: eliminate decode_postinit()

Also includes fixes from 1f7b4f9abc and e344e65109.

Original patch replace H264Context.next_output_pic (H264Picture *) by
H264Context.output_frame (AVFrame *). This change is discarded as it
is incompatible with the frame reconstruction and motion vectors
display code which needs the extra information from the H264Picture.

Merged-by: Clément Bœsch <u@pkh.me>
Merged-by: Matthieu Bouron <matthieu.bouron@gmail.com>
2017-01-17 14:38:48 +01:00
Clément Bœsch
bd520e8569 lavc/h264_slice: drop redundant current_slice reset
It is done unconditionally in ff_h264_field_end()
2017-01-16 10:43:41 +01:00
Anton Khirnov
c3e84820d6 h264dec: export cropping information instead of handling it internally 2017-01-12 16:29:12 +01:00
Anton Khirnov
4fded0480f h264dec: be more explicit in handling container cropping
The current condition can trigger in cases where it shouldn't, with
unexpected results.
Make sure that:
- container cropping is really based on the original dimensions from the
  caller
- those dimenions are discarded on size change

The code is still quite hacky and eventually should be deprecated and
removed, with the decision about which cropping is used delegated to the
caller.
2017-01-12 16:28:05 +01:00
Anton Khirnov
e7de05f98f h264dec: drop a redundant check
Cropping parameters are already checked for validity during SPS parsing,
no need to check them again.
2017-01-09 13:21:13 +01:00
Anton Khirnov
45286a625c h264dec: make sure to only end a field if it has been started
Calling ff_h264_field_end() when the per-field state is not properly
initialized leads to all kinds of undefined behaviour.

CC: libav-stable@libav.org
Bug-Id: 977 978 992
2016-12-19 08:15:58 +01:00