Fixes: out of array access
Fixes: 40054/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SPEEX_fuzzer-6713285764841472
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 9223372036200463215 + 1109914409 cannot be represented in type 'long'
Fixes: 41480/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6553086177443840
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: division by zero
Fixes: 42198/clusterfuzz-testcase-minimized-ffmpeg_dem_MV_fuzzer-5054366405492736.fuzz
Fixes: 42222/clusterfuzz-testcase-minimized-ffmpeg_dem_MV_fuzzer-4561249331970048
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
If 'opts' could not be allocated, exiting the program to avoid crash when release it.
Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
Signed-off-by: Yu Yang <yuyang14@kuaishou.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Because the s->buffer has been freed by av_freep in avio_closep.
It should not av_freep the buffer in label fail after avio_closep.
Then just move the av_freep before avio_closep and remove the label fail.
Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
Reviewed-by: Zhao Zhili <zhilizhao@tencent.com>
Signed-off-by: Steven Liu <liuqi05@kuaishou.com>
This is possible by incrementing the counter of allocated rects
directly after said allocation succeeded.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Do this by actually incrementing the counter for the number
of rects at the right time.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Up until now, various subtitle decoders have not cleaned up
the AVSubtitle on error; this task must not be left to the user
because the documentation explicitly states that the AVSubtitle
"must be freed with avsubtitle_free if *got_sub_ptr is set"
(which it isn't on error).
Leaks happen upon failure in ff_ass_add_rect() or in
ass_decode_frame(); freeing generically also allows to remove
now redundant freeing code in pgssubdec and dvbsubdec.
While just at it, also reset got_sub_ptr generically on error.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
The caller of display_end_segment() frees the AVSubtitle on error
in case ENOMEM is returned or err_recognition is set to explode,
so display_end_segment() doesn't have to.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
This piece of code has been added as FFmpeg's answer to
infinite loops in try_decode_frame() in commit
6072a19b4f. There is no loop
around try_decode_frame() any more, so this code can be removed.
This code is only triggered in case a) the codec parameter could
not be determined, b) the decode delay could not be guessed or
c) no packet was ever encountered and the encoder has the
AV_CODEC_CAP_CHANNEL_CONF. In these cases the new code will
no longer emit a "decoding for stream %d failed" message, which is
prima facie false. In case a) an additional "Could not find codec
parameters" message is (and will be) emitted. No warning will be
emitted any more in case b) (this happens e.g. with some
h264-conformance FATE-files).
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
When flushing, try_decode_frame() itself loops until the desired
properties have been found or the decoder is drained.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
This puts it directly near the NALU type which is more natural
and furthermore reduces the size of the structure because it
can be placed in padding (on 64-bit systems).
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Forgotten in 03b82b3ab9.
(Moving data to the front is only done to make existing
initializations like H2645NAL nal = { NULL } not emit int->pointer
conversion warnings.)
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Fixes so that fate under 64 bit Windows passes.
These functions replace all ff_hscale8to15_*_ssse3 when avx2 is available.
Signed-off-by: James Almer <jamrial@gmail.com>
This was renamed upstream quite a while ago (v3.112.0). Rename the
option name as well for consistency (and expand the description just
slightly).
Signed-off-by: Niklas Haas <git@haasn.dev>
Support for mapping/unmapping hardware frames has been added into
libplacebo itself, so we can scrap this code in favor of using the new
functions. This has the additional benefit of being forwards-compatible
as support for more complicated frame-related state management is added
to libplacebo (e.g. mapping dolby vision metadata).
It's worth pointing out that, technically, this would also allow
`vf_libplacebo` to accept, practically unmodified, other frame types
(e.g. vaapi or drm), or even software input formats. (Although we still
need a vulkan *device* to be available)
To keep things simple, though, retain the current restriction to vulkan
frames. It's possible we could rethink this in a future commit, but for
now I don't want to introduce any more potentially breaking changes.
LSX and LASX is loongarch SIMD extention.
They are enabled by default if compiler support it, and can be disabled
with '--disable-lsx' '--disable-lasx'.
Change-Id: Ie2608ea61dbd9b7fffadbf0ec2348bad6c124476
Reviewed-by: Shiyou Yin <yinshiyou-hf@loongson.cn>
Reviewed-by: guxiwei <guxiwei-hf@loongson.cn>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Because the hls_ts_options will be misunderstand by user,
and then user can use hls_segment_options instead of hls_ts_options.
Signed-off-by: Steven Liu <liuqi05@kuaishou.com>
Because the hls_ts_options will be misunderstand by user that only can
be used in mpegts segments option. So add this option for segments.
Signed-off-by: Steven Liu <liuqi05@kuaishou.com>
Possible now that the child_class_next API is gone.
Tested-by: Cameron Gutman <aicommander@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
ffmal_add_packet() basically duplicated the logic in
av_packet_make_refcounted() with the added twist that it always
created a reference even if one is already available.
This commit stops doing this.
Tested-by: Cameron Gutman <aicommander@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
extra_data and normal packets (from ff_decode_get_packet) processing do
not overlap, thus we can re-use the spare AVPacket to send to
ffmmal_add_packet.
Furthermore, this removes allocation of AVPacket on the stack and stops
using deprecated av_init_packet.
Tested-by: Cameron Gutman <aicommander@gmail.com>
Signed-off-by: Ho Ming Shun <cyph1984@gmail.com>
MMAL is an fundamentally an asynchronous decoder, which was a bad fit
for the legacy dataflow API. Often multiple packets are enqueued before
a flood of frames are returned from MMAL.
The previous lockstep dataflow meant that any delay in returning packets
from the VPU would cause ctx->queue_decoded_frames to grow with no way
of draining the queue.
Testing this with mpv streaming from a live RTSP source visibly reduced
latency introduced by frames waiting in queue_decoded_frames from
roughly 2s to 0.
Tested-by: Cameron Gutman <aicommander@gmail.com>
Signed-off-by: Ho Ming Shun <cyph1984@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>