virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-08-15 14:13:16 +02:00
Code Issues Releases Activity
94,437 Commits 38 Branches 408 Tags
11f99a9a45925e14409eff65606973676d7376b6
Commit Graph

94437 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Paul B Mahol
73afea3ccc avfilter/af_dynaudnorm: add more descriptive aliases for options 2019-07-24 15:20:47 +01:00
Andreas Rheinhardt
a081a6d201 avcodec/mpc8huff: Make some arrays unsigned to prevent overflow 
mpc8_q4_syms is an array of int8_t that is initialized using
values not in the range of an int8_t and that is only accessed via
a pointer to uint8_t in ff_init_vlc_sparse. The latter applies to all
the other *_bits and *_syms tables in mpc8huff.h, so make them all
unsigned.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-07-24 15:32:15 +02:00
Andreas Rheinhardt
b56031b992 vp3data: Make some arrays unsigned to prevent overflow 
Some of the VP3 arrays (namely vp31_intra_y_dequant, vp31_intra_c_dequant
and vp31_inter_dequant) are currently declared as array of (const) int8_t
despite them being only used to directly initialize an array of uint8_t.
vp31_inter_dequant even contains the value 128 which is not
representible in int8_t and might generate overflow warnings by
compilers.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-07-24 15:32:15 +02:00
Paul B Mahol
3883c9d147 avfilter/vf_ciescope: add DCI-P3 2019-07-22 22:56:21 +01:00
Limin Wang
b696caba1a avformat/f_select: add support for more pixel formats for scene change score calculations 
This avoids automatic conversions to rgb if scene change score is used in the expression.

Below is the tested results for the new added pixel format without autoscale to rgb24:
1. AV_PIX_FMT_YUVJ420P
time ./ffprobe -of compact=p=0 -show_entries frame=pkt_pts:frame_tags -bitexact -f lavfi \
"sws_flags=+accurate_rnd+bitexact;movie=../fate-suite/svq3/Vertical400kbit.sorenson3.mov,select=gt(scene\,.25)"

master:
pkt_pts=1620|tag:lavfi.scene_score=1.000000
pkt_pts=4140|tag:lavfi.scene_score=0.875036
pkt_pts=5800|tag:lavfi.scene_score=1.000000
pkt_pts=6720|tag:lavfi.scene_score=0.461625
pkt_pts=8160|tag:lavfi.scene_score=1.000000
pkt_pts=9760|tag:lavfi.scene_score=1.000000
pkt_pts=14080|tag:lavfi.scene_score=0.838916
pkt_pts=15700|tag:lavfi.scene_score=1.000000
pkt_pts=18500|tag:lavfi.scene_score=0.474948
pkt_pts=20040|tag:lavfi.scene_score=0.379700
pkt_pts=21760|tag:lavfi.scene_score=1.000000
./ffprobe -of compact=p=0 -show_entries frame=pkt_pts:frame_tags -bitexact -f  0.71s user 0.01s system 99% cpu 0.721 total

patch applied:
pkt_pts=1620|tag:lavfi.scene_score=1.000000
pkt_pts=4140|tag:lavfi.scene_score=0.668643
pkt_pts=5800|tag:lavfi.scene_score=0.996721
pkt_pts=6720|tag:lavfi.scene_score=0.357390
pkt_pts=8160|tag:lavfi.scene_score=0.886268
pkt_pts=9760|tag:lavfi.scene_score=0.926219
pkt_pts=14080|tag:lavfi.scene_score=0.650033
pkt_pts=15700|tag:lavfi.scene_score=1.000000
pkt_pts=18500|tag:lavfi.scene_score=0.316402
pkt_pts=20040|tag:lavfi.scene_score=0.269509
pkt_pts=21760|tag:lavfi.scene_score=1.000000
./ffprobe -of compact=p=0 -show_entries frame=pkt_pts:frame_tags -bitexact -f  0.19s user 0.01s system 81% cpu 0.240 total

2. AV_PIX_FMT_YUV420P
time ./ffprobe -of compact=p=0 -show_entries frame=pkt_pts:frame_tags -bitexact -f lavfi \
"sws_flags=+accurate_rnd+bitexact;movie=../Passengers_Breakfast_1080-sdr.mkv,select=gt(scene\,.2)"
master:
pkt_pts=3587|tag:lavfi.scene_score=0.462364
pkt_pts=4838|tag:lavfi.scene_score=0.419519
pkt_pts=6548|tag:lavfi.scene_score=0.397027
pkt_pts=9968|tag:lavfi.scene_score=0.419245
pkt_pts=12471|tag:lavfi.scene_score=0.413084
pkt_pts=16225|tag:lavfi.scene_score=0.506370
pkt_pts=19645|tag:lavfi.scene_score=0.507538
pkt_pts=22314|tag:lavfi.scene_score=0.504319
pkt_pts=24817|tag:lavfi.scene_score=0.417544
pkt_pts=25651|tag:lavfi.scene_score=0.413916
pkt_pts=26652|tag:lavfi.scene_score=0.487707
18.58s user 0.07s system 99% cpu 18.663 total

patch applied:
pkt_pts=3587|tag:lavfi.scene_score=0.272173
pkt_pts=4838|tag:lavfi.scene_score=0.247841
pkt_pts=6548|tag:lavfi.scene_score=0.233134
pkt_pts=9968|tag:lavfi.scene_score=0.247253
pkt_pts=12471|tag:lavfi.scene_score=0.244129
pkt_pts=16225|tag:lavfi.scene_score=0.302531
pkt_pts=19645|tag:lavfi.scene_score=0.303560
pkt_pts=22314|tag:lavfi.scene_score=0.301861
pkt_pts=24817|tag:lavfi.scene_score=0.249331
pkt_pts=25651|tag:lavfi.scene_score=0.247096
pkt_pts=26652|tag:lavfi.scene_score=0.287728
10.90s user 0.06s system 99% cpu 10.967 total

3. AV_PIX_FMT_YUV422P

time ./ffprobe -of compact=p=0 -show_entries frame=pkt_pts:frame_tags -bitexact -f lavfi \
"sws_flags=+accurate_rnd+bitexact;movie=../Passengers_Breakfast_1080-sdr.mkv,format=yuv422p,select=gt(scene\,.2)"
master:

patched applied:
pkt_pts=3587|tag:lavfi.scene_score=0.224017
pkt_pts=4838|tag:lavfi.scene_score=0.204225
pkt_pts=9968|tag:lavfi.scene_score=0.204636
pkt_pts=12471|tag:lavfi.scene_score=0.202772
pkt_pts=16225|tag:lavfi.scene_score=0.248765
pkt_pts=19645|tag:lavfi.scene_score=0.250144
pkt_pts=22314|tag:lavfi.scene_score=0.248802
pkt_pts=24817|tag:lavfi.scene_score=0.208362
pkt_pts=25651|tag:lavfi.scene_score=0.205777
pkt_pts=26652|tag:lavfi.scene_score=0.230742

4.  AV_PIX_FMT_YUV420P10
time ./ffprobe -of compact=p=0 -show_entries frame=pkt_pts:frame_tags -bitexact -f lavfi \
"sws_flags=+accurate_rnd+bitexact;movie=../Passengers_Breakfast_4k.mkv,select=gt(scene\,.2)"

master:
pkt_pts=3587|tag:lavfi.scene_score=0.269890
pkt_pts=4838|tag:lavfi.scene_score=0.248957
pkt_pts=6548|tag:lavfi.scene_score=0.234619
pkt_pts=9969|tag:lavfi.scene_score=0.224912
pkt_pts=12471|tag:lavfi.scene_score=0.225158
pkt_pts=16225|tag:lavfi.scene_score=0.289809
pkt_pts=19645|tag:lavfi.scene_score=0.285013
pkt_pts=22314|tag:lavfi.scene_score=0.280295
pkt_pts=24817|tag:lavfi.scene_score=0.206486
pkt_pts=25651|tag:lavfi.scene_score=0.208556
pkt_pts=26652|tag:lavfi.scene_score=0.249577
./ffprobe -of compact=p=0 -show_entries frame=pkt_pts:frame_tags -bitexact -f  76.03s user 0.22s system 99% cpu 1:16.27 total

patch applied
pkt_pts=3587|tag:lavfi.scene_score=0.269890
pkt_pts=4838|tag:lavfi.scene_score=0.248957
pkt_pts=6548|tag:lavfi.scene_score=0.234619
pkt_pts=9969|tag:lavfi.scene_score=0.224912
pkt_pts=12471|tag:lavfi.scene_score=0.225158
pkt_pts=16225|tag:lavfi.scene_score=0.289809
pkt_pts=19645|tag:lavfi.scene_score=0.285013
pkt_pts=22314|tag:lavfi.scene_score=0.280295
pkt_pts=24817|tag:lavfi.scene_score=0.206486
pkt_pts=25651|tag:lavfi.scene_score=0.208556
pkt_pts=26652|tag:lavfi.scene_score=0.249577
./ffprobe -of compact=p=0 -show_entries frame=pkt_pts:frame_tags -bitexact -f  50.27s user 0.20s system 99% cpu 50.476 total

5. AV_PIX_FMT_RGBA, AV_PIX_FMT_ABGR, AV_PIX_FMT_BGRA, AV_PIX_FMT_GRAY8
are tested by format= with the fate sample: Vertical400kbit.sorenson3.mov like below:
time ./ffprobe -of compact=p=0 -show_entries frame=pkt_pts:frame_tags -bitexact -f lavfi \
"sws_flags=+accurate_rnd+bitexact;movie=../fate-suite/svq3/Vertical400kbit.sorenson3.mov,format=rgba,select=gt(scene\,.25)"

patch applied:
pkt_pts=1620|tag:lavfi.scene_score=1.000000
pkt_pts=4140|tag:lavfi.scene_score=0.656277
pkt_pts=5800|tag:lavfi.scene_score=1.000000
pkt_pts=6720|tag:lavfi.scene_score=0.346218
pkt_pts=8160|tag:lavfi.scene_score=0.987686
pkt_pts=9760|tag:lavfi.scene_score=1.000000
pkt_pts=14080|tag:lavfi.scene_score=0.629187
pkt_pts=15700|tag:lavfi.scene_score=1.000000
pkt_pts=18500|tag:lavfi.scene_score=0.356211
pkt_pts=20040|tag:lavfi.scene_score=0.284775
pkt_pts=21760|tag:lavfi.scene_score=1.000000

6. AV_PIX_FMT_YUVJ422P
time ./ffprobe -of compact=p=0 -show_entries frame=pkt_pts:frame_tags -bitexact -f lavfi \
"sws_flags=+accurate_rnd+bitexact;movie=../fate-suite/svq3/Vertical400kbit.sorenson3.mov,format=yuvj422p,select=gt(scene\,.25)"

patch applied:
pkt_pts=1620|tag:lavfi.scene_score=0.838281
pkt_pts=4140|tag:lavfi.scene_score=0.541382
pkt_pts=5800|tag:lavfi.scene_score=0.780588
pkt_pts=6720|tag:lavfi.scene_score=0.298274
pkt_pts=8160|tag:lavfi.scene_score=0.699106
pkt_pts=9760|tag:lavfi.scene_score=0.730136
pkt_pts=14080|tag:lavfi.scene_score=0.537742
pkt_pts=15700|tag:lavfi.scene_score=0.811946
pkt_pts=18500|tag:lavfi.scene_score=0.263382
pkt_pts=21760|tag:lavfi.scene_score=0.880773

Reviewed-by: Marton Balint <cus@passwd.hu>
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
 2019-07-22 22:54:51 +02:00
Limin Wang
d75c7dd45e fate: change the scenecut fate threshold 
why change .4 to .25, it's for:
one scenecut(pkt_pts=20040) isn't detected by 0.4 threshold

why not change to 0.3 instead of 0.25:
it will miss the scenecut(pkt_pts=20040) after applying the next
patch which enables yuvj420

for fate testing, it's better to catch all scenecut scenes.

Reviewed-by: Marton Balint <cus@passwd.hu>
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
 2019-07-22 22:54:51 +02:00
Limin Wang
53462cea2f avformat/f_select: support scenecut with more pixel formats 
This patch does not make other pixel formats usable yet to make sure the test
result is the same with rgb32 format.

Reviewed-by: Marton Balint <cus@passwd.hu>
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
 2019-07-22 22:54:51 +02:00
Baptiste Coudurier
9e24b98b15 avformat/mxfenc: fix index byte count in partition header 2019-07-22 13:17:42 -07:00
Gyan Doshi
d51d71c1e3 avformat/mov: fix return code for trun box with no sample entries 
A value of zero for sample_count in trun box is not
prohibited by 14496-12 section 8.8.8. 4a9d32baca
disallowed this which led the demuxer to error out
when reading the header of valid files.
 2019-07-22 22:38:09 +05:30
Matthieu Bouron
817235b195 avcodec/mediacodec_wrapper: remove unused local variables in ff_AMediaCodec_getCodecNameByType() 2019-07-22 08:57:33 +02:00
Matthieu Bouron
3f232d713d avcodec/mediacodec_wrapper: fix a potential local reference leak in ff_AMediaCodec_getCodecNameByType() 2019-07-22 08:57:33 +02:00
Matthieu Bouron
9cb8875c16 avcodec/mediacodec_wrapper: fix a local reference leak in ff_AMediaCodec_getName() 2019-07-22 08:57:33 +02:00
Matthieu Bouron
6251ad89a7 avcodec/mediacodec_wrapper: add missing "avcodec.h" include 2019-07-22 08:57:33 +02:00
Leo Zhang
116303cd24 avformat/dashenc: add descriptor which is useful to the scheme defined by ISO/IEC 23009-1:2014/Amd.2:2015. 
Signed-off-by: leozhang <leozhang@qiyi.com>
 2019-07-22 07:57:39 +05:30
Michael Niedermayer
18928e2bb4 RELEASE: Update value for post 4.2 branch 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-07-21 18:37:32 +02:00
Michael Niedermayer
80bb65fafa Bump minor versions again on master to keep 4.2 versions separate from master 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
n4.3-dev 		2019-07-21 18:36:31 +02:00
Michael Niedermayer
22db337a40 Bump minor versions to separate 4.2 from master 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-07-21 18:36:18 +02:00
Michael Niedermayer
27aa04c1cd Changelog: Add 4.2 cut marker 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-07-21 18:25:21 +02:00
Michael Niedermayer
d4cb9b8f24 doc/APIchanges: Fill in missing Fields, add 4.2 cut marker 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-07-21 18:24:41 +02:00
Michael Niedermayer
8df6884832 avcodec/utils: Check close before calling it 
Fixes: NULL pointer dereference
Fixes: 15733/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IDF_fuzzer-5658616977162240

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-07-21 12:39:42 +02:00
Michael Niedermayer
508ce5839e tools/target_dec_fuzzer: Free parser in case of avcodec_open2() failure 
Fixes: memleak
Fixes: part of 15529/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LIBVPX_VP8_fuzzer-5140143700180992

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-07-21 12:33:35 +02:00
Michael Niedermayer
99f95f39c6 avcodec/vorbisdec: Check vlc for floor0 dec vector offset 
Fixes: out of array access
Fixes: 15649/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VORBIS_fuzzer-5729191309344768

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-07-21 12:33:35 +02:00
Michael Niedermayer
308771a738 avcodec/vorbisdec: amplitude bits can be more than 25 bits 
Fixes: assertion failure, invalid shift
Fixes: 15583/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VORBIS_fuzzer-5640157484548096

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-07-21 11:26:36 +02:00
Michael Niedermayer
82e389d066 avutil/softfloat_ieee754: Fix odd bit position for exponent and sign in av_bits2sf_ieee754() 
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-07-21 11:26:36 +02:00
Michael Niedermayer
b880b3b236 avcodec/alsdec: fix undefined shift in multiply() 
Fixes: left shift of negative value -6
Fixes: 15564/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5701655938465792

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-07-21 11:26:36 +02:00
Michael Niedermayer
9cd0d94f59 avcodec/alsdec: Fix 2 integer overflows 
Fixes: signed integer overflow: 1270564968 + 904828220 cannot be represented in type 'int'
Fixes: 15402/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5755426823471104

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-07-21 11:26:36 +02:00
Michael Niedermayer
240bf0e596 avcodec/apedec: Fix various integer overflows 
Fixes: signed integer overflow: -538976267 * 31 cannot be represented in type 'int'
Fixes: left shift of 65312 by 16 places cannot be represented in type 'int'
Fixes: 15255/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5718831688843264
Fixes: 15547/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5691384901664768

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-07-21 11:26:35 +02:00
Michael Niedermayer
0af08cb803 avcodec/apedec: Fix multiple integer overflows in predictor_update_filter() 
Fixes: signed integer overflow: -829262115 + -1410750414 cannot be represented in type 'int'
Fixes: 15251/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5651742252859392

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-07-21 11:26:35 +02:00
Michael Niedermayer
54bd47f861 avcodec/flicvideo: Make line_packets int 
Fixes: signed integer overflow: -32768 * 196032 cannot be represented in type 'int'
Fixes: 15300/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLIC_fuzzer-5733319519502336

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-07-21 11:26:35 +02:00
Jun Zhao
4373bb411c lavf/avio: remove ffio_open2_wrapper function 
Remove the function ffio_open2_wrapper, it's not being used anymore.

Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
 2019-07-21 10:05:40 +08:00
Jun Zhao
7eec3d22fc lavfi/showinfo: support regions of interest sidedata 
support regions of interest sidedata

Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
 2019-07-21 10:05:27 +08:00
James Almer
881e1f5a62 avformat/aacdec: resync to the next adts frame on invalid data instead of aborting 
Should fix ticket #6634

Signed-off-by: James Almer <jamrial@gmail.com>
 2019-07-20 21:47:55 -03:00
James Almer
a38eab8b75 avformat/aacdec: factorize the adts frame resync code 
Signed-off-by: James Almer <jamrial@gmail.com>
 2019-07-20 21:47:23 -03:00
Michael Niedermayer
5941b7f615 avcodec/dvbsubdec: Use ff_set_dimensions() 
Fixes: signed integer overflow: 65313 * 65313 cannot be represented in type 'int'
Fixes: 15740/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DVBSUB_fuzzer-5641749164195840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-07-20 19:05:02 +02:00
Michael Niedermayer
65bac4a782 avcodec/ffwavesynth: Check if there is enough extradata before allocation 
Fixes: OOM
Fixes: 15750/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5702090367696896

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-07-20 19:05:02 +02:00
Michael Niedermayer
f4605770af avcodec/ffwavesynth: More correct cast in wavesynth_seek() 
Fixes: signed integer overflow: 553590816 - -9223372036315799520 cannot be represented in type 'long'
Fixes: 15743/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5705835377852416

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-07-20 19:05:02 +02:00
Michael Niedermayer
c95857a423 avcodec/ffwavesynth: Check sample rate before use 
Fixes: division by zero
Fixes: 15725/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5641231956180992

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-07-20 19:05:02 +02:00
James Almer
23599834bd avcodec/tak_parser: don't return error values 
The API does not allow it.

Also set poutbuf and poutbuf_size to NULL/0 on error.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
 2019-07-20 13:43:06 -03:00
James Almer
e460dcc832 avcodec/cbs_h265: add support for Alpha Channel Info SEI messages 
As defined in sections F.14.2.8 and F.14.3.8

Reviewed-by: Mark Thompson <sw@jkqxz.net>
Signed-off-by: James Almer <jamrial@gmail.com>
 2019-07-20 11:28:09 -03:00
Andreas Rheinhardt
d4035ca849 cbs_h2645: Fix infinite loop in more_rbsp_data 
cbs_h2645_read_more_rbsp_data does not handle malformed input very well:
1. If there were <= 8 bits left in the bitreader, these bits were read
via show_bits. But show_bits requires the number of bits to be read to
be > 0 (internally it shifts by 32 - number of bits to be read which is
undefined behaviour if said number is zero; there is also an assert for
this, but it is only an av_assert2). Furthermore, in this case a shift
by -1 was performed which is of course undefined behaviour, too.
2. If there were > 0 and <= 8 bits left and all of them were zero
(this can only happen for defective input), it was reported that there
was further RBSP data.

This can lead to an infinite loop in H.265's cbs_h265_read_extension_data
corresponding to the [vsp]ps_extension_data_flag syntax elements. If the
relevant flag indicates the (potential) occurence of these syntax elements,
while all bits after this flag are zero, cbs_h2645_read_more_rbsp_data
always returns 1 on x86. Given that a checked bitstream reader is used,
we are also not "saved" by an overflow in the bitstream reader's index.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
 2019-07-20 12:48:18 +01:00
Gyan Doshi
c104701b6c avformat/mux: correct error msg for when BSF filtering fails 2019-07-20 15:41:28 +05:30
Michael Niedermayer
1123331f59 avcodec/flashsv: add FF_CODEC_CAP_INIT_CLEANUP to flashsv2 
Fixes: memleaks on error paths during init
Fixes: 15548/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLASHSV2_fuzzer-6324019382452224

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-07-19 21:42:38 +02:00
Michael Niedermayer
76af425159 avcodec/flashsv: add FF_CODEC_CAP_INIT_CLEANUP to flashsv1 
Fixes: memleaks on error paths during init
Fixes: 15533/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLASHSV_fuzzer-5647977168764928

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-07-19 21:42:38 +02:00
Michael Niedermayer
5c46fdf305 avformat/utils: Check rfps_duration_sum for overflow 
Fixes: signed integer overflow: 9151595917793558550 + 297519050751678697 cannot be represented in type 'long'
Fixes: 15496/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5722866475073536

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-07-19 21:42:38 +02:00
Michael Niedermayer
6ebbfb377f avcodec/agm: Fix overflow of signed shift 
Fixes: left shift of 1 by 31 places cannot be represented in type 'int'
Fixes: 15328/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AGM_fuzzer-5637545171353600

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-07-19 21:42:38 +02:00
Michael Niedermayer
7d3581e6bb avcodec/h264_refs: Also check reference in ff_h264_build_ref_list() 
Fixes: out of array read
Fixes: 15409/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5758846959616000

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-07-19 21:42:38 +02:00
Michael Niedermayer
b789ebf681 avcodec/h264_cavlc: Fix integer overflows with motion vector residual addition 
Fixes: signed integer overflow: 14 + 2147483647 cannot be represented in type 'int'
Fixes: 14794/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5677380695228416

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-07-19 21:42:38 +02:00
Michael Niedermayer
c5f265bb24 avcodec/atrac9dec: Check conditions before apply_band_extension() to avoid out of array read in initialization of unused variables 
Fixes: global-buffer-overflow
Fixes: 15247/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC9_fuzzer-5671602181636096

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-07-19 12:59:50 +02:00
Michael Niedermayer
ed4c6ce750 tools/target_dem_fuzzer: ignore avformat_find_stream_info() failure 
Such a failure should not be fatal and its worth testing this path too

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-07-19 11:27:55 +02:00
Shiyou Yin
153c607525 avutil/mips: refactor msa load and store macros. 
Replace STnxm_UB and LDnxm_SH with new macros ST_{H/W/D}{1/2/4/8}.
The old macros are difficult to use because they don't follow the same parameter passing rules.
Changing details as following:
1. remove LD4x4_SH.
2. replace ST2x4_UB with ST_H4.
3. replace ST4x2_UB with ST_W2.
4. replace ST4x4_UB with ST_W4.
5. replace ST4x8_UB with ST_W8.
6. replace ST6x4_UB with ST_W2 and ST_H2.
7. replace ST8x1_UB with ST_D1.
8. replace ST8x2_UB with ST_D2.
9. replace ST8x4_UB with ST_D4.
10. replace ST8x8_UB with ST_D8.
11. replace ST12x4_UB with ST_D4 and ST_W4.

Examples of new macro: ST_H4(in, idx0, idx1, idx2, idx3, pdst, stride)
ST_H4 store four half-word elements in vector 'in' to pdst with stride.
About the macro name:
1) 'ST' means store operation.
2) 'H/W/D' means type of vector element is 'half-word/word/double-word'.
3) Number '1/2/4/8' means how many elements will be stored.
About the macro parameter:
1) 'in0, in1...' 128-bits vector.
2) 'idx0, idx1...' elements index.
3) 'pdst' destination pointer to store to
4) 'stride' stride of each store operation.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
 2019-07-19 01:23:23 +02:00