Fixes: freeing of uninitialized pointers
Fixes: part of 58299
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Tomas Härdin <git@haerdin.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Use the bytestream2-API instead.
Should also fix Coverity issue #1473536 (which is about an unchecked
init_get_bits8()).
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
nvenc_store_frame_data() is always called with frame != NULL
(checked at the beginning of nvenc_send_frame());
in fact, frame is dereferenced unconditionally after the block
guarded by the check for frame. Therefore Coverity complains
about this in issue #1538295.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
The code currently presumes that a return value of AVERROR(ENOMEM)
implies that ac3hdr could not be allocated, so it need not be freed.
Yet any avpriv_ac3_parse_header() might allocate more than the
AC3HeaderInfo internally (it doesn't currently), so simply free
it unconditionally.
Fixes Coverity issues #1492870 and #1492868.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
The discrepancy between the actual definition and the declarations
in hwaccels.h is actually UB.
Reviewed-by: Timo Rothenpieler <timo@rothenpieler.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
We've been fuzzing torchvision with [sydr-fuzz](https://github.com/ispras/oss-sydr-fuzz)
and found out of bounds error in ffmpeg project at audioconvert.c:151.
To prevent error we need to fix checks for in and out fmt in swr_init.
Signed-off-by: Eli Kobrin <kobrineli@ispras.ru>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes Coverity issue #1524491.
Regression since e6126abc69.
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
libavutil/hwcontext_qsv.c: In function ‘qsv_map_to’:
libavutil/hwcontext_qsv.c:1905:47: warning: cast from pointer to integer
of different size [-Wpointer-to-int-cast]
Signed-off-by: Haihao Xiang <haihao.xiang@intel.com>
These functions allow not only to read and write unsigned values,
but also to check ranges and to emit trace output which can be
beautified when processing arrays (indices like "[i]" are replaced
by their actual numbers).
Yet lots of callers actually only need something simpler:
Their range is only implicitly restricted by the amount
of bits used and they are not part of arrays, hence don't
need this beautification.
This commit adds specializations for these callers;
this is very beneficial size-wise (it reduced the size
of .text by 23312 bytes here), as a call is now cheaper.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
The H.264 decoder, the only codec with which this code
is ever called, does not set AVCodec.pix_fmts.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Change some internal APIs a bit to make it harder to make
such mistakes.
In particular, have the read chunk functions return an error
when the result is incomplete.
This might be less flexible, but since there has been no
use-case for that so far, avoiding coding mistakes seems better.
Add a function to queue a AVBPrint directly (ff_subtitles_queue_insert_bprint).
Also fixes a leak in lrcdec when ff_subtitles_queue_insert fails.
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
ret can be given an argument instead.
This is also consistent with how other assembler code
in FFmpeg does it.
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
Pointers to these functions are used in comparisons.
Currently the compiler has to presume the worst for these,
namely that the functions are from another DSO and therefore
loads their addresses from the GOT (which also entails a
relocation entry that is processed at runtime, regardless
of whether the code using them is run or not). This changes
after these functions are declared as hidden.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
It is the more proper place for them given that this is
the only API using them.
Also use a forward-declaration of AVCodecContext in fdctdsp.h
to avoid including avcodec.h in jfdct(fst|int).c.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
libavcodec/vulkan_video_codec_av1std.h currently does not pass
checkheaders: It is missing stdint.h and vulkan/vulkan_core.h.
The comment "This header is NOT YET generated from the Khronos Vulkan
XML API Registry." as well as the fact that it does not use our standard
inclusion guards makes the file appear as if it is to be treated
like a third-party header and not one of our own. This commit
therefore "fixes" the issue by unconditionally skipping said header.
Reviewed-by: Lynne <dev@lynne.ee>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
The contents are full TTML XML documents. TTML writing tests'
results are updated as the streams are now properly identified
as TTML ones.
Signed-off-by: Jan Ekström <jan.ekstrom@24i.com>
The commits eac4324bfb and
cd8211527e renamed the examples, but the
targets were not updated. Hence, the builds are missing -lm.
Signed-off-by: Sebastian Ramacher <sramacher@debian.org>
Signed-off-by: James Almer <jamrial@gmail.com>
The hevc parser parses the diagonal scan order in bitstream into raster
scan order. However, the Vulkan spec wants it as specified in H265 spec,
which is diagonal scan order.
Tested on RADV.
v2: fix copy-paste typo with PPS.
Fixes: out of array write
Fixes: 60798/clusterfuzz-testcase-minimized-ffmpeg_BSF_EVC_FRAME_MERGE_fuzzer-4633529766772736
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
A POLLERR occurs when libavcodec attempts to dequeue output buffers
before enqueuing capture buffers. This could happen to an application
deciding to send the first coded packet. Suppress these POLLERRs when
the buffers are uninitialized and avoid crashing because of enumerating
uninitialized buffers.
See https://trac.ffmpeg.org/ticket/9957 for the original bug report.
Signed-off-by: Richard Acayan <mailingradian@gmail.com>
Signed-off-by: Marton Balint <cus@passwd.hu>
This allows this common H.274 SEI to be parsed from both H.264
as well as HEVC, as well as probably from VVC in the future.
Generally attempts to keep the original code as similar as possible.
FATE test refererence changes only change the order of side data
export within a single frame. Nothing else seems to have changed.
This allows this common H.274 SEI to be parsed from both H.264
as well as HEVC, as well as probably from VVC in the future.
Generally attempts to keep the original code as similar as possible.
FATE test refererence changes only change the order of side data
export within a single frame. Nothing else seems to have changed.
The unchecked read caused the 2nd subsequent tell call to move backward resulting
in a negative length
Fixes: assertion failure
Fixes: 60276/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5434126636023808
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>