1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-11-26 19:01:44 +02:00
Commit Graph

112496 Commits

Author SHA1 Message Date
Stefano Sabatini
6f421d9d4e lavc: clarify meaning of avctx.level option 2023-10-06 09:49:47 +02:00
Leo Izen
f7ac3512f5
avcodec/jpegxl_parser: fix various memory issues
The spec caps the prefix alphabet size to 32768 (i.e. 1 << 15) so we
should check for that and reject alphabets that are too large, in order
to prevent over-allocating.

Additionally, there's no need to allocate buffers that are as large as
the maximum alphabet size as these aren't stack-allocated, they're heap
allocated and thus can be variable size.

Added an overflow check as well, which fixes leaking the buffer, and
capping the alphabet size fixes two potential overruns as well.

Fixes: out of array access
Fixes: 62089/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-
    5437089094959104.fuzz

Found-by: continuous fuzzing process
    https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Found-by: Hardik Shah of Vehere (Dawn Treaders team)
Co-authored-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Leo Izen <leo.izen@gmail.com>
2023-10-05 19:28:55 -04:00
Leo Izen
ec74553205
avcodec/jpegxl_parser: add some icc profile checks
This patch will cause the parser to abort if it detects an icc profile
with an invalid size. This is particularly important if the icc profile
is entropy-encoded with zero bits per symbol, as it can prevent a
seemingly infinite loop during parsing.

Fixes: infinite loop
Fixes: 62374/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer
    -5551878085410816

Found-by: continuous fuzzing process
    https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reported-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Leo Izen <leo.izen@gmail.com>
2023-10-05 19:28:50 -04:00
Stefano Sabatini
d2d3a83ad9 ffprobe: introduce section type, use for the compact output
Also, avoid spurious end-of-line after side data entries, and improve
rendering of compact output, by adding an indication of the side data
type for each entry.

Also fixes issue:
http://trac.ffmpeg.org/ticket/9266
2023-10-06 00:17:02 +02:00
Stefano Sabatini
8eecd52d8b ffprobe: correct section name for side data piece 2023-10-06 00:17:01 +02:00
Stefano Sabatini
01edb505c6 ffprobe: factorize side data printing to dedicated function 2023-10-06 00:17:01 +02:00
Paul B Mahol
d7579189f7 avcodec/mlpenc: restructure code and resolve several bugs
Do not use put_sbits() where only unsigned is stored.
Reduce size of data_check_present field.
Reduce size of table of codebook_extremes[].
Avoid anonymously typedeffed structs.
Use encoder private context to store parameters.
Fix wrapping when calculating offsets.
Restructure arrays in encoder private context so to keep
arrays belonging to same subblock into separate structure.
Disable matrix coefficients as they are sometimes
producing wrong results.
2023-10-06 00:05:56 +02:00
Lynne
81cc0e1345
hwcontext_vulkan: properly support STORAGE usage for mutliplane images
Fixes multiplane support on Nvidia.

Also, remove the ENCODE usage, even if the driver signals it as supported.
Currently, it's not used, and when it is used, it'll be gated behind
two extension checks.
2023-10-05 23:50:30 +02:00
Benjamin Cheng
2a36e44af3
vulkan_hevc: handle non-contiguous SPS/PPS/VPS ids
Some clips (i.e. SLIST_B_Sony_9) will use PPS 0 and 8, before PPS 1-7.
vulkan_hevc expects {sps,pps,vps}_list to be filled in order, which
causes PPS 8 to not be added to the Vulkan session params when it is
being used by a picture.

This removes the expectation that these lists are filled in order. The
indicies into vps_list are saved since there are multiple usages of it.

This also fixes a bug with some clips (i.e. PPS_A_qualcomm_7) which use
all 64 available PPS slots, causing the old loop to think there are more
than 64 PPS-es.
2023-10-05 23:50:26 +02:00
Vignesh Venkatasubramanian via ffmpeg-devel
e8465aa5dd avcodec/svt-av1: Set force_key_frames only when gop_size == 1
SVT-AV1 does not support requesting keyframes at arbitrary points
by setting pic_type to EB_AV1_KEY_PICTURE. So set force_key_frames
to 1 only when gop_size == 1.

Please see the comments in
https://gitlab.com/AOMediaCodec/SVT-AV1/-/issues/2076 for a bit more
details.

Signed-off-by: Vignesh Venkatasubramanian <vigneshv@google.com>
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2023-10-05 16:05:59 -04:00
Andreas Rheinhardt
f0f6acde1a avcodec/h261dec, mpeg12dec, vc1dec: Remove setting write-only flags
These flags will be overwritten later in ff_mpv_frame_start().

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2023-10-05 22:05:21 +02:00
Andreas Rheinhardt
951bcc3c03 avcodec/rv10: Replace switch by LUT
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2023-10-05 22:05:21 +02:00
Andreas Rheinhardt
cd08bace55 avcodec/rv10: Remove dead code
Dead since 248a1aa54c.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2023-10-05 22:05:21 +02:00
Andreas Rheinhardt
ca3dea8a36 avcodec/h263dec, mpeg4videodec: Parse extradata during init
Possible now that the IDCT is already initialized at this point.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2023-10-05 22:05:21 +02:00
Andreas Rheinhardt
49b4ed7237 avcodec/mpegvideo_dec: Always initialize IDCTDSPContext during init
It has currently not been done for H263, H263P and MPEG4.
Doing so avoids having to initialize the IDCT permutation
lateron when decoding packets in order to be able to parse
a quant matrix; it means that every mpegvideo decoder always
has an initialized IDCTDSPContext after init.
Initializing is done generically in ff_mpv_decode_init().

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2023-10-05 22:05:21 +02:00
Andreas Rheinhardt
d86f7603cf avcodec/mpegvideo_dec: Don't zero context on init failure
Up until now, ff_mpeg_update_thread_context() zeroes
the context to initialize on initialization failure.
This has been added in e1d7d4bd13.

Just as now, ff_mpeg_update_thread_context() simply
copied the src MpegEncContext over the dst MpegEncContext
to initialize it, but clear_context() was only added in
b160fc290c, so that cleaning up
on init failure was a minefield if performed.

It was not always performed, namely not before the first
allocation needed to be freed. In the fuzzer sample that
led to e1d7d4bd13, the call
to av_image_check_size() failed and before said commit,
the context contained lots of pointers from the src context,
leading to assert violations lateron.

Of course, the proper fix for this is resetting the pointers
(or even better, not copying them in the first place), so
this zeroing is unnecessary since commit
b160fc290c. It is also harmful,
because it makes initializing something only once during init
more complicated; See the h264chroma handling in the diff
for an example. Therefore it is removed.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2023-10-05 22:05:21 +02:00
Andreas Rheinhardt
bc7de8b63c avcodec/mpeg12dec: Don't initialize IDCT more than once
Before 998c9f15d1, the IDCTDSPContext
has only been initialized in ff_mpv_common_init() which is deferred
until immediately before decoding a picture; to nevertheless parse
the quant matrices in sequence headers or quant matrix extensions,
a dummy (identity) permutation has been stored in the codec's init
function; after ff_mpv_common_init() which could change the permutation
the matrices were repermutated.

Yet since said commit, the IDCTDSPContext is initialized during init
and does not change afterwards (unless the user forces different CPU
flags), so there is no need to reinitialize it; the repermutation code
can be removed as well.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2023-10-05 22:05:21 +02:00
Rémi Denis-Courmont
89c10d8d20 lavc/ac3: add R-V Zbb extract_exponents 2023-10-05 18:13:00 +03:00
James Almer
9078dc0c52 avcodec/hcadec: add a flush callback
Fixes unexpected behavior during seeking and with fuzzed samples.

Signed-off-by: James Almer <jamrial@gmail.com>
2023-10-04 15:40:57 -03:00
Rémi Denis-Courmont
19baf4e009 swscale/rgb2rgb: R-V V deinterleaveBytes 2023-10-03 22:53:20 +03:00
Rémi Denis-Courmont
ede3215115 swscale/rgb2rgb: fix extra iteration in R-V V interleave
There was an additional iteration doing nothing for each line,
due to checking the selected vector length instead of the available
vector length.
2023-10-03 22:53:20 +03:00
Rémi Denis-Courmont
9240035c0e lavu/float_dsp: avoid reg-stride in R-V V fmul_window 2023-10-03 22:48:10 +03:00
Michael Niedermayer
fe6d46490f
avcodec/escape124: Do not return random numbers
Fixes: out of array access
Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ESCAPE124_fuzzer-6035022714634240
Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ESCAPE124_fuzzer-6422176201572352

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-03 20:09:27 +02:00
Michael Niedermayer
515c0247a3
avcodec/apedec: Fix an integer overflow in predictor_update_filter()
Fixes: signed integer overflow: -2147483506 + -801380 cannot be represented in type 'int'
Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-6578985923117056

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-03 20:09:27 +02:00
Michael Niedermayer
bb9f8a1cb7
tools/target_dec_fuzzer: Adjust wmapro threshold
Fixes: Timeout
Fixes: 62266/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAPRO_fuzzer-5125460729921536

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-03 20:09:27 +02:00
Michael Niedermayer
9cef555bc5
avcodec/wavarc: Check k in decode_5elp()
regression since 18b2ecc247

Fixes: assertion failure
Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVARC_fuzzer-6280165808013312

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-03 20:09:27 +02:00
Michael Niedermayer
dbcf285abd
avcodec/wavarc: Allocate AV_INPUT_BUFFER_PADDING_SIZE
Fixes: overread
Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVARC_fuzzer-5963163952349184
Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVARC_fuzzer-6048030137909248

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-03 20:09:27 +02:00
Michael Niedermayer
f3c986200d
avcodec/wavarc: Fix integer overflwo in do_stereo()
Fixes: signed integer overflow: 148676193 - -2006512262 cannot be represented in type 'int'
Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVARC_fuzzer-5963163952349184

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-03 20:09:27 +02:00
Michael Niedermayer
c42a89309a
avutil/tx_template: Fix some signed integer overflows in DECL_FFT5()
Fixes: signed integer overflow: -1364715454 + -1468954671 cannot be represented in type 'int'
Fixes: 62093/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5538774254485504

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-03 20:09:27 +02:00
Michael Niedermayer
7f4fed5216
avcodec/aacdec_template: Better avoidance of signed integer overflow in imdct_and_windowing_eld()
Fixes: 62171/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5644657180409856
Fixes: signed integer overflow: 2 * 1079352273 cannot be represented in type 'int'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-03 20:09:27 +02:00
Michael Niedermayer
6359b2ce03
tools/target_dec_fuzzer: Adjust threshold for MVHA
Fixes: Timeout
Fixes: 62120/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MVHA_fuzzer-5647877768347648

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-03 20:09:27 +02:00
Michael Niedermayer
52d666edec
avformat/avs: Check if return code is representable
Fixes: leak
Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_dem_AVS_fuzzer-6738814988320768

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-03 20:09:27 +02:00
Michael Niedermayer
53948d6200
avcodec/utvideodec: move allocation to the end of init
Fixes: mem leak
Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_UTVIDEO_fuzzer-6666804266926080

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-03 20:09:27 +02:00
Michael Niedermayer
112a077d06
avcodec/flacdec: Fix integer overflow in "33bit" DECODER_SUBFRAME_FIXED_WIDE()
Fixes: signed integer overflow: 4 * 2307917133220067266 cannot be represented in type 'long'
Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLAC_fuzzer-6307690022043648

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-03 20:09:27 +02:00
Michael Niedermayer
35e6960a6b
avcodec/flacdec: Fix overflow in "33bit" decorrelate
Fixes: signed integer overflow: 538976288 - -9223372036854775808 cannot be represented in type 'long'
Fixes: 62164/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLAC_fuzzer-6275845531238400

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-03 20:09:27 +02:00
Michael Niedermayer
d11b8bd0c6
avcodec/lcldec: Make PNG filter addressing match the code afterwards
Also update check accordingly

Fixes: tickets/10237/mszh_306_306_yuv422_nocompress.avi
Fixes: tickets/10237/mszh_306_306_yuv411_nocompress.avi

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-03 20:09:27 +02:00
Michael Niedermayer
5c0df3da0b
avformat/westwood_vqa: Check chunk size
the type is also changed to int as it is interpreted as int in av_get_packet()

Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_WSVQA_fuzzer-6593408795279360
Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_WSVQA_fuzzer-4613908817903616

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-03 20:09:27 +02:00
Michael Niedermayer
a9137110ed
avformat/sbgdec: Check for period overflow
Fixes: signed integer overflow: 4481246996173000000 - -4778576820000000000 cannot be represented in type 'long'
Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-5063670588899328

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-03 20:09:51 +02:00
Michael Niedermayer
dedc78b4b5
avformat/concatdec: Check in/outpoint for overflow
Fixes: signed integer overflow: 91542414454000000 - -9154241494546000000 cannot be represented in type 'long'
Fixes: 51896/clusterfuzz-testcase-minimized-ffmpeg_dem_CONCAT_fuzzer-4739147999084544

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-10-03 20:09:27 +02:00
Rémi Denis-Courmont
446b0090cb lavu/float_dsp: avoid reg-stride in R-V V reverse_fmul
This revectors the inner loop to reverse vectors element in vectors,
thus eliminating the negative register stride. Note that RVV does not
have a vector reverse instruction, so this uses a gather.
2023-10-03 20:48:47 +03:00
Rémi Denis-Courmont
d14130aea3 swscale/rgb2rgb: unroll R-V V interleave_bytes 2023-10-03 20:48:47 +03:00
Rémi Denis-Courmont
6269c4a440 swscale/rgb2rgb: unroll RISC-V V uyvytoyuv422 2023-10-03 20:48:39 +03:00
Rémi Denis-Courmont
e50f8e861b swscale/rgb2rgb: avoid S-regs in RISC-V V uyvytoyuv422
We can make do with callee-clobbered registers only now.
As an added bonus, this makes the code XLEN-independent.
2023-10-03 20:48:39 +03:00
Rémi Denis-Courmont
be37a2e364 swscale/rgb2rgb: rework RISC-V V uyvytoyuv422
This avoids using relatively slow register strides.
2023-10-03 20:48:39 +03:00
Andreas Rheinhardt
e1f3041b93 avcodec/h264_slice: Don't keep AVCodecContext props in sync manually
It is already done generically in update_context_from_thread()
before this function is called.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2023-10-03 18:53:25 +02:00
Andreas Rheinhardt
06388250d9 avcodec/mpegvideo_dec: Don't memset twice
This has been done for the luma plane of missing FLV1 and H263
references.
Also remove code duplication by reusing gray_frame(), which
has been renamed to color_frame() for this purpose.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2023-10-03 18:53:25 +02:00
Andreas Rheinhardt
3ede6cc0f1 avcodec/mpegvideo_dec: Check for existence of planes before accesses
Fixes segfaults with -debug +nomc -flags +gray (presuming
a build with --enable-gray).

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2023-10-03 18:53:25 +02:00
Anton Khirnov
8d12762b42 fftools/ffmpeg: move derivation of frame duration from filter framerate
From ffmpeg_enc to ffmpeg_filter, which is a more appropriate
place for it.
2023-10-03 16:57:02 +02:00
Anton Khirnov
9d4ca76c08 fftools/ffmpeg_enc: do not round frame durations prematurely
Changes the results of fate-idroq-video-encode and fate-lavf* tests,
where different frames now get duplicated by framerate conversion code.
2023-10-03 16:57:02 +02:00
Anton Khirnov
303f10d4dd fftools/ffmpeg_dec: disregard demuxer timestamps for NOTIMESTAMPS formats
In this case any timestamps are guessed by compute_pkt_fields() in
libavformat. Since we are decoding the stream, we have more accurate
information from the decoder and do not need any guesses.

Eliminates spurious PTS gaps in a number of FATE tests.

Also avoids dropping the majority of frames in fate-dirac*
2023-10-03 16:57:02 +02:00