Fixes: runtime error: index 49 out of bounds for type 'int [48][2][2]'
Fixes: 2159/clusterfuzz-testcase-minimized-5267945972301824
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The parser changes have lost the support for the needed padding, this adds it back
Fixes out of array reads
Fixes: 03ea21d271abc8acf428d42ace51d8b4/asan_heap-oob_3358eef_5692_16f0cc01ab5225e9ce591659e5c20e35.mkv
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* commit 'f638b67e5790735f34620bf82025c9b9d6fc7216':
h264: move the parameter set definitions to a new header file
Conflicts:
libavcodec/h264_parse.h
libavcodec/h264_ps.c
libavcodec/h264dec.h
Merged-by: James Almer <jamrial@gmail.com>
Fixes use of freed memory
Should fix valgrind failures of fate-h264-skip-nointra
Found-by: logan
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Move the NAL unit types into it. This will allow to stop including the
whole decoder-specific h264dec.h in some code that is unrelated to the
decoder and only needs some enum values.
* commit '98c97994c5b90bdae02accb155eeceeb5224b8ef':
h264: decouple extradata parsing from the decoder
Main changes:
- move get_avc_nalsize() inside h264_parser.c and make it use
H264ParseContext instead of H264Context. This helps fixing
fate-flv-demux.
- Also use is_avc/nal_length_size from the H264ParseContext in various
places instead of the H264Context one as that's the fields now filled
by ff_h264_decode_extradata()
- h264_parse: dont fail decode_extradata_ps() due to nal split failure.
Change by Michael to fix decoding of h264/ref_10.avi.
Merged-by: Clément Bœsch <u@pkh.me>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* commit '728d90a0c1973661a9e73da697bf4f90c9d19577':
h264: decouple h264_sei from the h264 decoder
Main changes:
- SEI decoding doesn't have access to the debug flag in the codec context so a
few logging are dropped.
- naming of quincunx_sampling_flag and frame_packing_arrangement_type are kept
as they are in FFmpeg instead of respectively quincunx_subsampling and
arrangement_type used in Libav because the former match the specifications.
- don't reset the x264 build info once read in order to fix
fate-h264-lossless (change by Hendrik)
- H264Context.has_recovery_point and deprecated
AVCodecContext.dtg_active_format are set after ff_h264_sei_decode()
based on the SEI state since ff_h264_sei_decode() doesn't have access
to H264Context anymore.
- frame_packing_arrangement_type is not checked against <= 0 in
decode_postinit() since it is always read as a positive value with
get_bits(). This fixes a -Wtype-limits warning by GCC spotted by
Michael.
Side Notes:
- tested that ffprobe on the file from ticket #3652 still returns 4
keyframes
- tested that playback from ticket #3063 still works
Merged-by: Clément Bœsch <clement@stupeflix.com>
Signed-off-by: Hendrik Leppkes <h.leppkes@gmail.com>
* commit 'c8dcff0cdb17d0aa03ac729eba12d1a20f1f59c8':
h264: factor out calculating the POC count into a separate file
Merged-by: Clément Bœsch <u@pkh.me>
* commit '113aeee6aed35cb786a9f6d69b0cb210f498b9da':
h264_parser: move the H264DSPContext to the parser context
H264Context is kept locally as it is currently needed for logging
(h->avctx as log context) and for is_avc and nal_length_size. These
later fields will later be obtained when the extradata parsing is
decoupled from the decoder. This code will be updated accordingly when
that commit is merged.
Merged-by: Clément Bœsch <u@pkh.me>
* commit '3176217c60ca7828712985092d9102d331ea4f3d':
h264: decouple h264_ps from the h264 decoder
Main changes:
- a local GetBitContext is created for the various
ff_h264_decode_seq_parameter_set() attempts
- just like the old code, remove_sps() is adjusted so it doesn't remove
the pps.
Fixes decode with Ticket #631http://ffmpeg.org/pipermail/ffmpeg-user/attachments/20111108/dae58f17/attachment.mp4
but see next point as well.
- ff_h264_update_thread_context() is updated to work even when SPS
isn't set as it breaks current skip_frame code. This makes sure we
can still decode the sample from ticket #631 without the need for
-flags2 +chunks. (Thanks to Michael)
- keep {sps,pps}_ref pointers that stay alive even when the active
pps/sps get removed from the available lists (patch by michaelni with
additionnal frees in ff_h264_free_context() from mateo)
- added a check on sps in avpriv_h264_has_num_reorder_frames() to fix
crashes with mpegts_with_dvbsubs.ts from Ticket #4074http://samples.ffmpeg.org/ffmpeg-bugs/trac/ticket4074/mpegts_with_dvbsubs.ts
- in h264_parser.c:h264_parse(), after the ff_h264_decode_extradata() is
called, the pps and sps from the local parser context are updated with
the pps and sps from the used h264context. This fixes fate-flv-demux.
- in h264_slice.c, "PPS changed between slices" error is not triggered
anymore in one condition as it makes fate-h264-xavc-4389 fails with
THREADS=N (Thanks to Michael)
Merged-by: Clément Bœsch <clement@stupeflix.com>
Merged-by: Michael Niedermayer <michael@niedermayer.cc>
Merged-by: Matthieu Bouron <matthieu.bouron@stupeflix.com>
* commit 'a6e27f7add2698fdd89911632b570c3d0c3f2aaa':
h264: factor out parsing the reference count into a separate file
Merged-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
* commit '8d0cc8ca97678f4ca87948ebabcbaab5a4f4c1f6':
h264_parser: switch to h2645_parse for NAL unescaping
Merged-by: Hendrik Leppkes <h.leppkes@gmail.com>
* commit 'e481458bc308ee838deaeacac51929514762e7a7':
h264: factor out pred weight table parsing into a separate file
Merged-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
* commit 'a7da517f6a5c472f46f67dd33bb6b95ccc919923':
h264data: Move all data tables from a header to a .c file
Merged-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Make the SPS/PPS parsing independent of the H264Context, to allow
decoupling the parser from the decoder. The change is modelled after the
one done earlier for HEVC.
Move the dequant buffers to the PPS to avoid complex checks whether they
changed and an expensive copy for frame threads.