1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-28 20:53:54 +02:00
Commit Graph

116269 Commits

Author SHA1 Message Date
Jiasheng Jiang
4065ff69a2 avcodec/mpegvideo_enc: Add check for av_packet_new_side_data()
Add check for av_packet_new_side_data() to avoid null pointer
dereference if allocation fails.

Fixes: bdc1220eeb ("h263enc: Add an option for outputting info about MBs as side data")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@outlook.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
2024-07-02 09:55:24 +02:00
Andrew Sayers
5d54a25eea avfilter/af_afade: fix opt_type for nb_samples/ns
The actual value is an int64_t, and is accessed elsewhere as AV_OPT_TYPE_INT64.
2024-07-01 23:16:44 +02:00
Marth64
4dc204ea3e avformat/dvdvideodec: Fix duration logic with 1 chapter and validate chapter range
Chapters and duration are calculated together in dvdvideo demuxer.
Previous chapter calculation logic treated extraction of 1 chapter
using chapter_start and chapter_end switches incorrectly, returning
the duration of the entire title instead of just the segment.

Fix the logic so that it calculates and returns the duration of the
chapter segment instead. Additionally, validate that chapter_end
exceeds chapter_start (except in the special case of 0).

Signed-off-by: Marth64 <marth64@proxyid.net>
2024-07-01 22:54:00 +02:00
Marth64
0c1c7688ea avformat/dvdvideodec: Do not EOF on WAIT events
A DVDNAV_WAIT event by itself should not warrant an
EOF when navigating the program stream. Some discs
have WAIT events in the middle of a title, causing
playback to end prematurely prior to this fix.

Signed-off-by: Marth64 <marth64@proxyid.net>
2024-07-01 22:53:54 +02:00
Stefano Sabatini
3764b8ecdb lavfi: add Perlin noise generator 2024-07-01 22:31:02 +02:00
Josh Allmann
c9151ea507 avcodec/nvenc: fix segfault in intra-only mode
In intra-only mode, frameIntervalP is 0, which means the frame
data array is smaller than the number of surfaces.

Together with using the wrong size on deallocation of the
frame_data_array, this lead to a crash.

Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
2024-07-01 19:59:01 +02:00
Ramiro Polla
cc6fb1643d avdevice/v4l2: add NV16 and NV24 pixel formats 2024-07-01 13:43:07 +02:00
Rémi Denis-Courmont
b818dff8d8 lavc/vc1dsp: fix potential overflow in R-V V inv_trans_4
Judging by the coefficients, the last round of add/sub can overflow
to 17 bits with a very small probability just as with the 8-point
transform. This is not observed under FATE, but better safe than sorry.
2024-06-30 19:02:32 +03:00
Rémi Denis-Courmont
349c49fd1b lavc/vc1dsp: fix overflow in R-V V inv_trans_8
The last set of additions/subtractions can break the 16-bit limit, and
require 17 bits of precision. This uses widening adds accordingly to fix
the MSS2 FATE tests.

The problem potentially also affects inv_trans_4 with a very low
probability, but this is not reproducible under FATE.
2024-06-30 19:02:32 +03:00
Rémi Denis-Courmont
2c900d4c11 lavc/vc1dsp: factor R-V V inv_trans_8 code 2024-06-30 19:02:32 +03:00
Andreas Rheinhardt
2902ed25b5 avcodec/iirfilter: Move ff_iir_filter() to lavc/tests/iirfilter.c
It is only used by the test.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2024-06-30 11:37:25 +02:00
Andreas Rheinhardt
2330e77c97 avfilter/textutils: Constify ff_expand_text()
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2024-06-30 11:37:06 +02:00
Andreas Rheinhardt
ba457e9adb avfilter/textutils,vf_drawtext,qrencode: Constify function pointers
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2024-06-30 11:37:04 +02:00
Andreas Rheinhardt
5a30b45c0f avcodec/mpeg12dec: Don't adapt (last|next)_pic.linesize for field pics
These values are not read anywhere. Furthermore, since commit
fe6037fd04 the linesize values
of the MPVWorkPictures were wrong for subsequent fields
in a chain of B-pictures (as they are always doubled and no longer
based upon the frame-linesizes) which can eventually lead to overflow.

Finally, it makes no real sense to ever double the linesize
of the reference pictures at all: Even when the current picture
is a field, it can still reference both fields of reference
pictures and therefore the linesize should allow to address
both fields (for the same reason, data is not offset for
reference pictures).

libavcodec/mpeg12dec.c:1304:41: runtime error: signed integer overflow: 4611686018427387904 * 2 cannot be represented in type 'long'

issue: 69732/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEGVIDEO_fuzzer-5123551179374592

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2024-06-30 11:34:36 +02:00
Andreas Rheinhardt
f26255962c avcodec/aacsbr_template: Remove unused-but-set variable
Also fixes a -Wdeclaration-after-statement.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2024-06-30 11:32:27 +02:00
Marton Balint
0d5e3f5a40 avutil/timestamp: avoid possible FPE when 0 is passed to av_ts_make_time_string2()
Signed-off-by: Marton Balint <cus@passwd.hu>
2024-06-30 09:11:44 +02:00
Rémi Denis-Courmont
d5e603ddc0 lavu/lls: remove useless VSETVL
This changes neither VL nor VTYPE, so it can safely be removed.
2024-06-29 21:03:44 +03:00
James Almer
0b330d8642 avformat/mov: set Stereo3D type when parsing eyes box
If view is defined in the child stri box, then the type must be set to
unspecified, as these boxes don't carry packing information.
Also, don't attach a useless Stereo 3D side data if the stream is monoscopic.

Signed-off-by: James Almer <jamrial@gmail.com>
2024-06-28 13:16:57 -03:00
James Almer
8af0919cc6 avutil/stereo3d: add a Stereo3D view to signal that the view is unspecified
Signed-off-by: James Almer <jamrial@gmail.com>
2024-06-28 13:16:57 -03:00
James Almer
1c8b32e19f avutil/stereo3d: add a Stereo3D type to signal that the packing is unspecified
Given that a video stream/frame may have only one view or both views coded with
the packing information being unavailable, this commit adds a new type value
AV_STEREO3D_UNSPEC for this purpose.
The most common case for this is container level signaling of Stereo3D video
where the specifics are defined at the bitstream level.

Signed-off-by: James Almer <jamrial@gmail.com>
2024-06-28 13:16:57 -03:00
James Almer
e0b574c483 avcodec/cbs_h266: move decoded_picture_hash to CBS SEI
It's defined in H.274 as a common SEI message type and not in H.266

Signed-off-by: James Almer <jamrial@gmail.com>
2024-06-28 13:16:57 -03:00
James Almer
826f55d5b3 avcodec/cbs_sei: add support for Frame Packing Arrangement SEI parsing
Signed-off-by: James Almer <jamrial@gmail.com>
2024-06-28 13:16:57 -03:00
James Almer
0cb733d276 avfilter/vf_showinfo: don't use sizeof(AVSphericalMapping)
It's not part of the libavutil ABI.

Signed-off-by: James Almer <jamrial@gmail.com>
2024-06-28 13:16:57 -03:00
James Almer
beacdbf4b4 avfilter/vf_showinfo: only print yaw, pitch, and roll if set
Signed-off-by: James Almer <jamrial@gmail.com>
2024-06-28 13:16:51 -03:00
James Almer
778096757d avfilter/vf_showinfo: use av_spherical_projection_name()
Signed-off-by: James Almer <jamrial@gmail.com>
2024-06-28 12:57:49 -03:00
James Almer
6da38e11f6 avfilter/vf_showinfo: don't use sizeof(AVStereo3D)
It's not part of the libavutil ABI.

Signed-off-by: James Almer <jamrial@gmail.com>
2024-06-28 12:57:49 -03:00
James Almer
3478cf2c2d avfilter/vf_showinfo: print more Stereo 3D fields
Signed-off-by: James Almer <jamrial@gmail.com>
2024-06-28 12:57:49 -03:00
Dawid Kozinski
3e6c794862 avcodec/evc: Alterations following changes in libxeve
Signed-off-by: Dawid Kozinski <d.kozinski@samsung.com>
Signed-off-by: James Almer <jamrial@gmail.com>
2024-06-28 12:20:15 -03:00
Frank Plowman
83b77990c6 lavc/vvc: Always set flags for the current picture
ff_vvc_frame_rpl uses the flags to detect whether a frame is in use.
Therefore, in the case of a CVSS AU (RASL/GDR with
NoOutputBeforeRecoveryFlag) with ph_non_ref_pic_flag = 1, the frame
would be freed before it is used.  Fix this by always marking the
current frame with VVC_FRAME_FLAG_SHORT_REF, as is done by the HEVC
decoder.

Signed-off-by: Frank Plowman <post@frankplowman.com>
2024-06-28 21:37:40 +08:00
Ramiro Polla
1fb77347c8 checkasm: add tests for yuv2rgb 2024-06-28 14:49:49 +02:00
Ramiro Polla
a8e2714d82 libavcodec/mjpeg: preserve unclipped last_dc value
Perform av_clip_int16(val) _after_ copying the value to last_dc.

This change ensures that clipping is applied only within the context of
the current block, preventing the propagation of clipped values to
subsequent DC components.

Related commits: c28f648b19 and dffae122d0
Related ticket: 4683
2024-06-28 14:48:23 +02:00
Leo Izen
539d2e989d
avcodec/aacdec_lpd: remove unused local variables
int idx, and int first_tcx_flag are set but not used, so this commit
removes their declarations and assignments.
2024-06-28 01:43:52 -04:00
Kacper Michajłow
02b3fc5826
avformat/nuv: return early if header id fails to read
Fixes use of uninitialized value in memcmp below, reported by MSAN.

Found by OSS-Fuzz.

Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-06-27 23:28:46 +02:00
Zhao Zhili
6aeb084c39 avcodec/vvc: Don't create new thread when thread_count is 1
Make its behavior consistent with other decoders, e.g., H.264/H.265.

Signed-off-by: Zhao Zhili <zhilizhao@tencent.com>
2024-06-27 20:54:42 +08:00
Zhao Zhili
baf3123c1c avutil/executor: Allowing thread_count be zero
Before the patch, disable threads support at configure/build time
was the only method to force zero thread in executor. However,
it's common practice for libavcodec to run on caller's thread when
user specify thread number to one. And for WASM environment, whether
threads are supported needs to be detected at runtime. So executor
should support zero thread at runtime.

A single thread executor can be useful, e.g., to handle network
protocol. So we can't take thread_count one as zero thread, which
disabled a valid usercase.

Other libraries take -threads 0 to mean auto. Executor as a low
level utils doesn't do cpu detect. So take thread_count zero as
zero thread, literally.

Signed-off-by: Zhao Zhili <zhilizhao@tencent.com>
2024-06-27 20:54:42 +08:00
Frank Plowman
d79c926ab6 lavc/vvc: Validate IBC block vector
From H.266 (V3) (09/2023) p. 321:

It is a requirement of bitstream conformance that the luma block
vector bvL shall obey the following constraints:
- CtbSizeY is greater than or equal to
((yCb + (bvL[ 1 ] >> 4)) & (CtbSizeY − 1)) + cbHeight

This patch checks this is true, which fixes crashes on fuzzed
bitstreams.

Signed-off-by: Frank Plowman <post@frankplowman.com>
2024-06-27 20:38:34 +08:00
Frank Plowman
c917c423e0 lavc/vvc: Don't discard return codes
Signed-off-by: Frank Plowman <post@frankplowman.com>
2024-06-27 20:36:13 +08:00
Gyan Doshi
9a3bc59a38 configure: fix alignment of conditional lib dependencies 2024-06-27 15:12:35 +05:30
Gyan Doshi
27284b7800 configure: fix assignment of dep libs for QR-code filters 2024-06-27 15:12:06 +05:30
Martin Storsjö
75e3b81f75 avcodec/vvcdec: Fix compiling with MSVC 2022 17.8 and older
Versions of MSVC older than 17.9 error out here with the following
error:

    src/libavcodec/vvc/filter.c(815): error C2059: syntax error: '}'
    src/libavcodec/vvc/filter.c(832): error C2065: 'all_zero_bs': undeclared identifier
    src/libavcodec/vvc/filter.c(836): error C2065: 'all_zero_bs': undeclared identifier

This was a regression from 5b9320b209.

Signed-off-by: Martin Storsjö <martin@martin.st>
2024-06-27 11:06:23 +03:00
Michael Niedermayer
1080116658
avcodec/aac/aacdec_usac: Test ac in usac
ff_aac_usac_config_decode() needs AACDecContext to be set but some callers
pass NULL.

Happens only when the LATM decoder is used, and USAC is not supported in
LATM

Fixes: member access within null pointer of type 'AACDecContext' (aka 'struct AACDecContext')
Fixes: 69435/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_LATM_fuzzer-5733527483121664

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Lynne <dev@lynne.ee>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-06-26 20:55:11 +02:00
Michael Niedermayer
c221c7422f
swscale/output: Avoid undefined overflow in yuv2rgb_write_full()
Fixes: signed integer overflow: -140140 * 16525 cannot be represented in type 'int'
Fixes: 68859/clusterfuzz-testcase-minimized-ffmpeg_SWS_fuzzer-4516387130245120

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-06-26 20:49:36 +02:00
Michael Niedermayer
9e6c5b6e86
swscale/output: alpha can become negative after scaling, use multiply
Fixes: left shift of negative value -3245
Fixes: 69047/clusterfuzz-testcase-minimized-ffmpeg_SWS_fuzzer-6571511551950848

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-06-26 20:49:36 +02:00
Paul B Mahol
c22488f718
avcodec/smcenc: make sure ny/nx are >= 0
(cherry picked from commit 5ad38785e7ad4067a288e9d5e8ce2c4ed2bf584a)

Fixes: out of array read
Fixes: 68939/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMC_fuzzer-587804104884224

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-06-26 20:49:35 +02:00
Michael Niedermayer
4a7220bd5c
avcodec/targaenc: Allocate space for the palette
Fixes: out of array access
Fixes: 68927/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TARGA_fuzzer-5105665067515904

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-06-26 20:49:35 +02:00
Michael Niedermayer
d34d4b6a7c
avcodec/r210enc: Use av_rescale for bitrate
Fixes: signed integer overflow: 281612954574848 * 65344 cannot be represented in type 'long'
Fixes: 68956/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_R210_fuzzer-6459074458746880

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-06-26 20:49:35 +02:00
Michael Niedermayer
228f255b5d
avcodec/jfdctint_template: Fewer integer anomalies
Fixes: signed integer overflow: 105788 * -20995 cannot be represented in type 'int'
Fixes: signed integer overflow: 923211729 + 2073948236 cannot be represented in type 'int'
Fixes: signed integer overflow: 1281179284 + 2073948236 cannot be represented in type 'int'
Fixes: 68975/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PRORES_fuzzer-6266769177116672
Fixes: 68997/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PRORES_KS_fuzzer-6284237161431040

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-06-26 20:49:34 +02:00
Michael Niedermayer
3a9292aff3
avcodec/snowenc: MV limits due to mv_penalty table size
Fixes: out of array read
Fixes: 69673/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-5476592894148608

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-06-26 20:49:34 +02:00
Michael Niedermayer
eb9c96a82f
avcodec/ratecontrol: Try to keep fps as a rational
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-06-26 20:49:34 +02:00
Michael Niedermayer
f81602fb3a
tools/target_dec_fuzzer: Adjust threshold for MV30
Fixes: 60867/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MV30_fuzzer-6381933108527104
Fixes: Timeout

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2024-06-26 20:49:33 +02:00