1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-12 19:18:44 +02:00
Commit Graph

94641 Commits

Author SHA1 Message Date
Paul B Mahol
9e78c73d86 avfilter/vf_readeia608: implement lowpass operation prior to processing lines 2019-07-08 19:21:59 +02:00
Paul B Mahol
dc481105a1 avfilter/vf_tinterlace: re-enable lowpass option 2019-07-08 17:57:31 +02:00
Paul B Mahol
2a801e8856 avfilter/af_aiir: implement mix option 2019-07-08 16:48:10 +02:00
Paul B Mahol
034a9d2507 avfilter/af_biquads: clip gain picked from command to sane values 2019-07-08 16:29:15 +02:00
Paul B Mahol
7b2d39fc27 avfilter/af_biquads: implement mix option to all filters 2019-07-08 16:20:57 +02:00
Michael Niedermayer
019d729039 avcodec/ilbcdec: Simplify use of unsigned and fix more undefined overflows
Fixes: signed integer overflow: 2147475672 + 8192 cannot be represented in type 'int'
Fixes: 15415/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ILBC_fuzzer-5712074128228352

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-07-08 10:00:41 +02:00
Michael Niedermayer
1bb3b3f11c avcodec/golomb: Correct the doxy about get_ue_golomb() and errors
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-07-08 09:56:29 +02:00
Michael Niedermayer
f57e97dfd9 avformat/utils: Check timebase before use in estimate_timings()
Fixes: division by 0
Fixes: 15480/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5746727434321920

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-07-08 09:56:09 +02:00
Michael Niedermayer
a6229fcd40 avcodec/hq_hqa: Use ff_set_dimensions()
Fixes: 15530/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HQ_HQA_fuzzer-5637370344374272
Fixes: signed integer overflow: 65312 * 65312 cannot be represented in type 'int'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-07-08 09:56:08 +02:00
Michael Niedermayer
14fcf42958 avcodec/rv10: Fix integer overflow in aspect ratio compare
Fixes: signed integer overflow: 2040 * 1187872 cannot be represented in type 'int'
Fixes: 15368/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RV20_fuzzer-5681657136283648

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-07-08 09:54:55 +02:00
Michael Niedermayer
17209e48e2 avcodec/tta: Limit decoder to 16 channels
libtta 2.3 has a limit of 6 channels, so 16 is substantially above the "official" already

Fixes: OOM
Fixes: 15249/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5643988125614080

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-07-08 09:54:24 +02:00
Michael Niedermayer
936ca7f101 avcodec/sanm: Optimize fill_frame() with av_memcpy_backptr()
Fixes: Timeout (76 sec -> 24 sec)
Fixes: 15043/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SANM_fuzzer-5699856238116864

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-07-08 09:53:24 +02:00
Michael Niedermayer
e69106e70c avformat/vividas: Check for input length in get_v()
Fixes: out of array read
Fixes: 15286/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5658245101780992

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-07-08 09:50:00 +02:00
Michael Niedermayer
2bbea155bf avcodec/4xm: Fix signed integer overflows in idct()
Fixes: signed integer overflow: 20242 * 121095 cannot be represented in type 'int'
Fixes: 15310/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5737051745419264

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-07-08 09:49:45 +02:00
Michael Niedermayer
7b2ebf89a4 avcodec/qdm2: Check checksum_size for 0
Fixes: Infinite loop
Fixes: 15337/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDM2_fuzzer-5757428949319680

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-07-08 09:44:36 +02:00
Michael Niedermayer
694be24bd6 avcodec/qdm2: error out of qdm2_fft_decode_tones() before entering endless loop
Fixes: signed integer overflow: 2147483646 + 2 cannot be represented in type 'int'
Fixes: infinite loop
Fixes: 15396/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDM2_fuzzer-5116605501014016

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-07-08 09:44:35 +02:00
Michael Niedermayer
ae021c1239 avcodec/qdm2: Do not read out of array in fix_coding_method_array()
Instead we ask for a sample, its unclear what to do in this case.

Fixes: index 30 out of bounds for type 'int8_t [30][64]'
Fixes: 15339/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDM2_fuzzer-5749441484554240

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-07-08 09:41:47 +02:00
Michael Niedermayer
85cbd042ff avcodec/simple_idct_template: Fix integer overflow in idctSparseColAdd()
Fixes: signed integer overflow: 1106434976 + 1041773512 cannot be represented in type 'int'
Fixes: 15421/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV2_fuzzer-5669209314426880

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-07-08 09:38:05 +02:00
Michael Niedermayer
b5f2cfd2ad avcodec/simple_idct_template: Fix integer overflow in idctSparseCol()
Fixes: signed integer overflow: -1027919784 + -1120041624 cannot be represented in type 'int'
Fixes: 15406/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3_fuzzer-5700646528876544

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-07-08 09:38:04 +02:00
Michael Niedermayer
7b114d7687 avcodec/svq3: Use ff_set_dimension()
Fixes: OOM
Fixes: 15410/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SVQ3_fuzzer-5659464805384192

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-07-08 09:38:03 +02:00
Michael Niedermayer
f76d7352e0 avcodec/iff: Check ham vs bpp
This checks the ham value much stricter and avoids hitting cases which cannot be reached
with data from the libavformat demuxer.

Fixes: out of array access
Fixes: 15320/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5080476840099840
Fixes: 15423/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5630765833912320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-07-08 09:00:21 +02:00
Michael Niedermayer
e9dd3c7126 avcodec/ffwavesynth: use uint32_t to compute difference, it is enough
Fixes: signed integer overflow: 6494225984479297536 - -6043795377581187040 cannot be represented in type 'long'
Fixes: 15285/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5632780307791872

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-07-08 08:57:53 +02:00
Michael Niedermayer
8c02209935 avcodec/ffwavesynth: Simplify lcg_seek(), avoid negative case
Fixes: negation of -9223372036854775808 cannot be represented in type 'int64_t' (aka 'long'); cast to an unsigned type to negate this value to itself
Fixes: 15289/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5709034499342336

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-07-08 08:57:40 +02:00
Michael Niedermayer
cf2bd3ce79 avcodec/ffwavesynth: Fix backward lcg_seek()
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-07-08 08:57:21 +02:00
Michael Niedermayer
37708cbae8 avcodec/flicvideo: Fix off by 1 error in flic_decode_frame_24BPP()
Fixes: out of array access
Fixes: 15360/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLIC_fuzzer-5653837190266880
Fixes: 15412/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLIC_fuzzer-5740537648250880

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-07-08 08:44:24 +02:00
Michael Niedermayer
79204a1fc8 avcodec/vc1_block: Check for vlc error in vc1_decode_ac_coeff()
Fixes: index -1 out of bounds for type 'const uint8_t [185][2]'
Fixes: 15250/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3IMAGE_fuzzer-5648992869810176

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-07-08 08:42:41 +02:00
Michael Niedermayer
a6474b899c avcodec/alac: Check lpc_quant
lpc_quant of 0 produces undefined behavior, thus disallow this.
If valid samples use this then such a sample would be quite
usefull to confirm the correct&lossles handling of this.

Fixes: libavcodec/alac.c:218:25: runtime error: shift exponent -1 is negative
Fixes: 15273/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5656388535058432
Fixes: 15276/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5761238417539072
Fixes: 15315/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5767260766994432

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-07-08 08:27:18 +02:00
Michael Niedermayer
e96b7a8ba6 avcodec/dxv: Initialize tex_funct to NULL
Fixes: Various anomalies
Fixes: 14493/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXV_fuzzer-5071018000908288
Fixes: 14630/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXV_fuzzer-5714888963391488

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-07-08 08:21:03 +02:00
Andreas Rheinhardt
98b122cdb9 vp9_metadata: Avoid allocations and copies of packet structures
This commit changes vp9_metadata to (a) use ff_bsf_get_packet_ref
instead of ff_bsf_get_packet (thereby avoiding one malloc and free per
filtered packet) and (b) to use only one packet structure at all,
thereby avoiding a call to av_packet_copy_props.

(b) has been made possible by the recent changes to ff_cbs_write_packet.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2019-07-07 23:04:33 +01:00
Andreas Rheinhardt
42114094da mpeg2_metadata: Localize inserting of sequence display extensions
If a new sequence display extension had to be added, this was up until
now done at two places: One where a sequence display extension was
initialized with default values and one where the actual sequence
display extension was inserted into the fragment. This division of
labour is unnecessary and pointless; it has been changed.

Furthermore, if a sequence display extension has to be added, the
earlier code set some fields to their default value twice. This has been
changed, too.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2019-07-07 23:04:27 +01:00
Andreas Rheinhardt
dd5ce54d2a mpeg2_metadata: Avoid allocations and copies of packet structures
This commit changes mpeg2_metadata to (a) use ff_bsf_get_packet_ref
instead of ff_bsf_get_packet (thereby avoiding one malloc and free per
filtered packet) and (b) to use only one packet structure at all,
thereby avoiding a call to av_packet_copy_props.

(b) has been made possible by the recent changes to ff_cbs_write_packet.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2019-07-07 22:59:25 +01:00
Andreas Rheinhardt
bc8b623b83 h265_metadata: Correct error check
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2019-07-07 22:59:22 +01:00
Andreas Rheinhardt
ddd53ef66d h265_metadata: Avoid allocations and copies of packet structures
This commit changes h265_metadata to (a) use ff_bsf_get_packet_ref
instead of ff_bsf_get_packet (thereby avoiding one malloc and free per
filtered packet) and (b) to use only one packet structure at all,
thereby avoiding a call to av_packet_copy_props.

(b) has been made possible by the recent changes to ff_cbs_write_packet.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2019-07-07 22:59:20 +01:00
Andreas Rheinhardt
9362f1a982 h264_redundant_pps: Fix looping over an access unit's units
When looping over an access unit's units in positive direction and
deleting some of them, one needs to make sure that a unit that is at
the position of a unit that just got deleted gets checked, too.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2019-07-07 22:59:16 +01:00
Andreas Rheinhardt
d78553cc4c h264_redundant_pps: Avoid allocations and copies of packet structures
This commit changes h264_redundant_pps to (a) use ff_bsf_get_packet_ref
instead of ff_bsf_get_packet (thereby avoiding one malloc and free per
filtered packet) and (b) to use only one packet structure at all,
thereby avoiding a call to av_packet_copy_props.

(b) has been made possible by the recent changes to ff_cbs_write_packet.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2019-07-07 22:57:55 +01:00
Andreas Rheinhardt
3f81cc8c94 av1_metadata: Error out if fragment is empty
If the fragment is empty after parsing (i.e. it contains no OBUs), then
the check for the type of the fragment's first OBU is nonsensical; so
error out in this case just as h264_metadata and hevc_metadata do.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2019-07-07 22:40:55 +01:00
Andreas Rheinhardt
3c8a2a1180 h264_metadata: Localize code for display orientation
The recent changes to h264_metadata (enabled by the recent changes to
ff_cbs_write_packet) made it possible to add side_data to the output
packet at any place, not only after the output packet has been written
and the properties of the input packet copied. This means that one can
now localize the code to add display orientation side-data to the packet
to the place dealing with said display-orientation.

Furthermore, the documentation of av_display_rotation_set states that
the matrix will be fully overwritten by it, so there is no need to
allocate it with av_mallocz.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2019-07-07 22:17:07 +01:00
Andreas Rheinhardt
a72cc47a27 h264_metadata: Avoid allocations and copies of packet structures
This commit changes h264_metadata to (a) use ff_bsf_get_packet_ref
instead of ff_bsf_get_packet (thereby avoiding one malloc and free per
filtered packet) and (b) to use only one packet structure at all,
thereby avoiding a call to av_packet_copy_props.

(b) has been made possible by the recent changes to ff_cbs_write_packet.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2019-07-07 22:17:07 +01:00
Andreas Rheinhardt
36fcdc3fbe av1/h264_metadata, filter_units: Count down when deleting units
When testing whether a particular unit should be kept or discarded, it
is best to start at the very last unit of a fragment and count down,
because that way a unit that will eventually be deleted won't be
memmoved during earlier deletions; and frag/au->nb_units need only be
evaluated once in this case and the counter is automatically correct
when a unit got deleted.

It also works for double loops, i.e. when looping over all SEI messages
in all SEI units of an access unit.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2019-07-07 22:17:07 +01:00
Andreas Rheinhardt
b0810454e4 filter_units: Avoid allocations and copies of packet structures
This commit changes filter_units to (a) use ff_bsf_get_packet_ref
instead of ff_bsf_get_packet (thereby avoiding one malloc and free per
filtered packet) and (b) to use only one packet structure at all,
thereby avoiding a call to av_packet_copy_props (or, in case of
passthrough, to av_packet_move_ref).

(b) has been made possible by the recent changes to ff_cbs_write_packet.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2019-07-07 22:17:07 +01:00
Andreas Rheinhardt
57f9bc90ae filter_units: Reindent after previous commit
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2019-07-07 22:17:07 +01:00
Andreas Rheinhardt
83be17cfcd filter_units: Don't use fake loop
According to the BSF API, when a BSF is finished with an input packet,
it should return AVERROR(EAGAIN) to signal that another packet should be
sent to the BSF via av_bsf_send_packet that the actual BSF can receive
via ff_bsf_get_packet[_ref]. filter_units on the other hand simply called
ff_bsf_get_packet again if the first packet received didn't result in
any output. This call of course returned AVERROR(EAGAIN) which was
returned, but it is nevertheless better to not include a fake loop.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2019-07-07 22:17:07 +01:00
Andreas Rheinhardt
45fd7e44a4 filter_units: Unref packet on failure
According to the API, the packet structure a bsf receives must not be
touched on failure, yet filter_units nevertheless did it.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2019-07-07 22:17:07 +01:00
Andreas Rheinhardt
7549f0ac1b av1_metadata: Avoid allocations and copies of packet structures
This commit changes av1_metadata to (a) use ff_bsf_get_packet_ref
instead of ff_bsf_get_packet (thereby avoiding one malloc and free per
filtered packet) and (b) to use only one packet structure at all,
thereby avoiding a call to av_packet_copy_props.

(b) has been made possible by the recent changes to ff_cbs_write_packet.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2019-07-07 22:17:06 +01:00
Andreas Rheinhardt
1e93f5060f cbs: Allow non-blank packets in ff_cbs_write_packet
Up until now, ff_cbs_write_packet always initialized the packet
structure it received without documenting this behaviour; furthermore,
the packet's buffer would (on success) be overwritten with the new
buffer without unreferencing the old. This meant that the input packet
had to be either clean (otherwise there would be memleaks) in which case
the initialization is redundant or uninitialized. ff_cbs_write_packet
was never used with uninitialized packets, so the initialization was
redundant. Worse yet, it forced callers to use more than one packet and
made it difficult to add side-data to a packet designated for output,
because said side-data could only be attached after the call to
ff_cbs_write_packet.

This has been changed. It is now allowed to use a non-blank packet.
The currently existing buffer will be unreferenced and replaced by
the new one, as will be the accompanying fields (i.e. data and size).
The rest isn't touched at all.

This change will enable us to use only one packet in the bitstream
filters that rely on CBS.

This commit also updates the documentation of ff_cbs_write_extradata
and ff_cbs_write_packet (to better describe existing behaviour and in
the latter case to also describe the new behaviour).

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2019-07-07 22:17:06 +01:00
Amir Pauker
f6dece864d avcodec/h264dec: set AVFrame decode_error_flags in case of decoding error
set AVFrame decode_error_flags in case h->slice_ctx->er.error_occurred is set
after the call to ff_h264_execute_decode_slices. This allows the user to detect
concealed decoding errors in the call to avcodec_receive_frame

Signed-off-by: Amir Pauker <amir@livelyvideo.tv>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-07-07 22:34:05 +02:00
Amir Pauker
70ba8e2fa0 avcodec/error_resilience: set AVFrame decode_error_flags in case of decoding error
Signed-off-by: Amir Pauker <amir@livelyvideo.tv>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-07-07 22:34:05 +02:00
Mark Thompson
f6c572bd89 libx265: Update ROI behaviour to match documentation
Equivalent to the previous patch for libx264.
2019-07-07 19:19:26 +01:00
Mark Thompson
d76e2aaf08 libx264: Update ROI behaviour to match documentation
Fix the quantisation offset - use the whole range, and don't change the
offset size based on bit depth.

Iterate the list in reverse order.  The first region in the list is the one
that applies in the case of overlapping regions.
2019-07-07 19:19:26 +01:00
Mark Thompson
451a51124d lavu/frame: Improve ROI documentation
Clarify and add examples for the behaviour of the quantisation offset,
and define how multiple ranges should be handled.
2019-07-07 19:19:26 +01:00