1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-13 21:28:01 +02:00
Commit Graph

98078 Commits

Author SHA1 Message Date
Michael Niedermayer
7a92147f87 avcodec/iff: Fix several integer overflows
Fixes: negation of -2147483648 cannot be represented in type 'int32_t' (aka 'int'); cast to an unsigned type to negate this value to itself
Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int32_t' (aka 'int')
Fixes: 20492/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5764066459254784

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-05-11 00:45:09 +02:00
Michael Niedermayer
82d4c7b95e avcodec/g729postfilter: Clip gain before scaling with AGC_FAC1
The fixed point integer reference specifies the multiplication used
to have 16bit input and clips so we need to clip the input
The floating point implementation does not seem to do that.

Fixes: signed integer overflow: 6317568 * 410 cannot be represented in type 'int'
Fixes: 20492/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G729_fuzzer-5700189272932352

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-05-11 00:45:09 +02:00
Michael Niedermayer
22e51e95ac avcodec/alac: Fix integer overflow with 24/20bps samples
Fixes: signed integer overflow: 1020048 * 4096 cannot be represented in type 'int'
Fixes: 20492/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5753877751660544

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-05-11 00:45:09 +02:00
Michael Niedermayer
8ee264e684 avcodec/adpcm: Clip predictor for IMA_APM
Fixes: signed integer overflow: -2147483647 - 61436 cannot be represented in type 'int'
Fixes: 20492/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_IMA_APM_fuzzer-5092176004644864

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-05-11 00:45:09 +02:00
Lynne
fc99a24782
hwcontext_vulkan: convert to general layout and transfer queue when exporting
The specs note that images should be in the GENERAL layout when exporting
for maximum compatibility.
CUDA exported images are handled differently, and the queue is the same,
so we don't need to do that there.
2020-05-10 23:20:49 +01:00
Lynne
875c1707e5
hwcontext_vulkan: create all images with concurrent sharing mode
As it turns out, we were already assuming and treating all images as if they had
concurrent access mode. This just changes the flag to CONCURRENT, which has less
restrictions than EXCLUSIVE, and fixed validation messages on machines with
multiple queues.
The validation layer didn't pick this up because the machine I was testing on
had only a single queue.
2020-05-10 23:20:49 +01:00
Lynne
7c080dc190
hwcontext_vulkan: fix inverted condition when exporting images to drm_prime
Calling vkGetImageSubresourceLayout is only legal for linear and drm images.
2020-05-10 23:20:49 +01:00
Lynne
acfef378b7
hwcontext_vulkan: update debugging layer name 2020-05-10 23:20:48 +01:00
Lynne
030a565baf
hwcontext_vulkan: remove unused internal REQUIRED extension flag
This is a leftover from an old version which used the 1.0 Vulkan API
with the maintenance extensions being required.
2020-05-10 23:20:48 +01:00
Lynne
dccd07f66d
hwcontext_vulkan: expose enabled device and instance extensions
This solves a huge oversight - it lets users reliably use their own
AVVulkanDeviceContext. Otherwise, the extensions supplied and enabled
are not discoverable by anything outside of hwcontext_vulkan.
Also clarifies that any user-supplied VkInstance must be at least 1.1.
2020-05-10 23:20:48 +01:00
Lynne
3c5e5a5095
hwcontext_vulkan: let users enable device and instance extensions using options
Also documents all options supported by the hwdevice.
This lets users enable all extensions they need without writing their own
instance initialization code.
2020-05-10 23:20:47 +01:00
Andreas Rheinhardt
6db81e93a9 avformat/hlsenc: Simplify setting base_output_dirname
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-05-10 22:30:43 +02:00
Andreas Rheinhardt
21553d2082 avformat/hlsenc: Simplify setting basename with av_asprintf()
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-05-10 22:23:28 +02:00
Andreas Rheinhardt
6b44f6839d avformat/hlsenc: Simplify setting subtitle basename with av_asprintf
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-05-10 21:41:22 +02:00
Andreas Rheinhardt
940601616e avformat/hlsenc: Don't cast const away
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-05-10 21:40:56 +02:00
Andreas Rheinhardt
d41c93d155 avformat/hlsenc: Remove redundant initializations
For every variantstream vs, vs->packets_written is set to one, only to be
set to zero a few lines below. Given that the relevant structure has
been zeroed during the allocation, this commit removes both assignments.
A redundant initialization for vs->init_range_length has been removed as
well a few lines below. Given that the relevant structure has been
zeroed during the allocation, this commit removes both assignments. A
redundant initialization for vs->init_range_length has been removed as
well.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-05-10 21:40:41 +02:00
Andreas Rheinhardt
a90f2265fa avformat/hlsenc: Don't reset AVIOContext pointer manually a second time
ff_format_io_close() already does it for us.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-05-10 21:40:13 +02:00
Limin Wang
a058d81570 avfilter/vf_signalstats: reindent after last commit
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-05-10 22:32:34 +08:00
Limin Wang
25bb72af62 avfilter/vf_signalstats: make the alloc array used for any bit depth
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-05-10 22:32:34 +08:00
Limin Wang
764efda192 avfilter/vf_signalstats: add SignalstatsContext.maxsize variable
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-05-10 22:32:34 +08:00
Limin Wang
a8c762a17d avfilter/vf_signalstats: rename config_props -> config_output
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-05-10 22:32:34 +08:00
Limin Wang
5752e97b4e fate: add signalstats 8bit and 10bit test
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-05-10 22:32:34 +08:00
Limin Wang
3b8b6d837e avformat/http: Fix for invalid use of av_strtok
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-05-10 22:32:34 +08:00
Limin Wang
53c88355a5 avformat/ftp: Fix for invalid use of av_strtok
By the av_strtok() description:
 * On the first call to av_strtok(), s should point to the string to
 * parse, and the value of saveptr is ignored. In subsequent calls, s
 * should be NULL, and saveptr should be unchanged since the previous
 * call.

Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-05-10 22:32:34 +08:00
Limin Wang
026b3a9018 avformat/wavenc: simplify, use av_rescale_q() instead
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-05-10 22:32:34 +08:00
Limin Wang
386dbf5726 avformat/vividas: simplify, use av_rescale_q() instead
note it'll cause a small difference in accuracy for the pts, please see the testing result below:
 $ wget http://samples.ffmpeg.org/archive/all/unknown+unknown+unknown+unknown+5029_paramount_en_1250.viv
 $ ./ffmpeg -t 0.04 -i ./unknown+unknown+unknown+unknown+5029_paramount_en_1250.viv -f null -
 old:
 pts: 522
 pts: 1044
 pts: 1567
 pts: 3918
 pts: 8097
 pts: 12277
 pts: 16457
 ...

 new:
 pts: 522
 pts: 1045
 pts: 1567
 pts: 3918
 pts: 8098
 pts: 12278
 pts: 16457
 ...

Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-05-10 22:32:33 +08:00
Lynne
b69f5a72ce hwcontext_vulkan: optionally enable the VK_KHR_surface extension if available
This allows any phys_device derived to be used as a display rendering device.
2020-05-10 11:23:10 +01:00
Michael Niedermayer
5727b1f13f avcodec/dstdec: Check sample rate
Fixes: out of array access
Fixes: 20659/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DST_fuzzer-5735812071424000

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-05-10 09:55:57 +02:00
James Almer
6dd5da3f8b avcodec/decode: remove unused AVCodecInternal compat_decode field
Signed-off-by: James Almer <jamrial@gmail.com>
2020-05-09 21:02:20 -03:00
Andriy Gelman
c76b2bf0b4 avcodec/v4l2_context: Finish draining if V4L2_BUF_FLAG_LAST is set
V4L2 api can indicate that flushing of the capture buffers is completed
by setting the V4L2_BUF_FLAG_LAST flag.
Use guards because the flag was only defined in Linux v4.2.

Reference:
linux/Documentation/media/uapi/v4l/dev-decoder.rst

    "The client must continue to handle both queues independently,
     similarly to normal decode operation. This includes:
     ...
     - queuing and dequeuing CAPTURE buffers, until a buffer marked with
       the V4L2_BUF_FLAG_LAST flag is dequeued"

Reviewed-by: Ming Qian <ming.qian@nxp.com>
Signed-off-by: Andriy Gelman <andriy.gelman@gmail.com>
2020-05-09 19:35:05 -04:00
Andriy Gelman
e3b49aaa4e avcodec/v4l2_context: Drop empty packet while draining
v4l2_m2m devices may send an empty packet/frame while draining
to indicate that all capture buffers have been flushed.

Currently, the empty packet/frame is not handled correctly:
When encoding, the empty packet is forwarded to the muxer, usually
creating warnings.
When decoding, a reference to the memory is created anyway. Since in
the past this memory contained a decoded frame, it results in an extra
frame being decoded.

This commit discards the empty packet/frame.

References:
linux/Documentation/media/uapi/v4l/dev-decoder.rst:

    "The last buffer may be empty (with :c:type:`v4l2_buffer` bytesused = 0)
     and in that case it must be ignored by the client, as it does not
     contain a decoded frame."

linux/Documentation/media/uapi/media/v4l/vidioc-encoder-cmd.rst:

    "...This buffer may be empty, indicated by the
     driver setting the ``bytesused`` field to 0."

Reviewed-by: Ming Qian <ming.qian@nxp.com>
Signed-off-by: Andriy Gelman <andriy.gelman@gmail.com>
2020-05-09 19:34:41 -04:00
Michael Niedermayer
785f194cd4 avcodec/aacdec_template: Pass AVCodecContext seperatly to set_default_channel_config()
Regression since 4d9b9c5e46
Fixes: Null pointer dereference
Fixes: 21642/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_LATM_fuzzer-5670101358739456

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-05-10 01:09:13 +02:00
Michael Niedermayer
97c78caf3e avformat/thp: Require a video stream
The demuxer code assumes the existence of a video stream

Fixes: assertion failure
Fixes: 21512/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5699660783288320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-05-10 01:09:13 +02:00
Michael Niedermayer
20f7b4dfc9 avformat/mpeg: Decrease score by 1 for files with very little valid data
Fixes: 8233/PPY6574574605_cut.mp3

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-05-10 01:09:13 +02:00
Michael Niedermayer
79e5c2ee2b avcodec/pngdec: Check length in fdAT
Fixes: 21089/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APNG_fuzzer-5135981419429888
Fixes: out of array read

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-05-10 01:09:13 +02:00
Michael Niedermayer
4f54982773 tools/target_dec_fuzzer: Adjust threshold for PNG and APNG
Fixes: Timeout (84sec -> 2sec)
Fixes: 21127/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APNG_fuzzer-5098412367413248

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-05-10 01:09:13 +02:00
Michael Niedermayer
5501bb28dd avcodec/g2meet: Check tile_width in epic_jb_decode_tile()
Fixes: out of array access
Fixes: 21469/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G2M_fuzzer-5199357982015488

Alternatively the arrays can be made bigger or the index can be clipped.
In case a real file with such huge tiles exist we ask the user to upload it.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-05-10 01:09:13 +02:00
Michael Niedermayer
81fe316ad9 avcodec/hapdec: Check tex_size more strictly and before using it
Fixes: OOM
Fixes: 20774/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HAP_fuzzer-5678608951803904
Fixes: 20956/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HAP_fuzzer-5713643025203200

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-05-10 01:09:13 +02:00
James Almer
9624b76f75 configure: add missing bsf dependencies to muxers
Signed-off-by: James Almer <jamrial@gmail.com>
2020-05-09 19:01:25 -03:00
James Almer
ea5887b568 configure: fix pcm_rechunk_bsf dependency for MXF and GXF muxers
Signed-off-by: James Almer <jamrial@gmail.com>
2020-05-09 18:44:24 -03:00
David Manouchehri
d0705ecb2b avdevice/v4l2enc: Allow writing non-rawvideos to v4l2.
Signed-off-by: David Manouchehri <david.manouchehri@riseup.net>
2020-05-09 15:44:43 +01:00
Andreas Rheinhardt
d0bd00c8eb avformat/oggenc: Avoid allocating and copying when writing page data
When the Ogg muxer writes a page, it has to do three things: It needs to
write a page header, then it has to actually copy the page data and then
it has to calculate and write a CRC checksum of both header as well as
data at a certain position in the page header.

To do this, the muxer used a dynamic buffer for both writing as well as
calculating the checksum via an AVIOContext's feature to automatically
calculate checksums on the data it writes. This entails an allocation of
an AVIOContext, of the opaque specific to dynamic buffers and of the
buffer itself (which may be reallocated multiple times) as well as
memcopying the data (first into the AVIOContext's small write buffer,
then into the dynamic buffer's big buffer).

This commit changes this: The page header is no longer written into a
dynamic buffer any more; instead the (small) page header is written into
a small buffer on the stack. The CRC is then calculated directly via
av_crc() on both the page header as well as the page data. Then both the
page header and the page data are written.

Finally, ogg_write_page() can now no longer fail, so it has been
modified to return nothing; this also fixed a bug in the only caller of
this function: It didn't check the return value.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-05-09 16:18:39 +02:00
Limin Wang
de7b690300 avcodec/mpegvideo: return more specific error codes for init_duplicate_context()
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-05-09 09:33:49 +08:00
Limin Wang
18e2c0e732 avcodec/mpegvideo: return more specific error codes for ff_mpv_common_init()
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-05-09 09:33:49 +08:00
Limin Wang
0032ca45ff avcodec/mpeg12enc: return more specific error codes for encode_init()
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-05-09 09:33:49 +08:00
Limin Wang
14285e4ca2 avcodec/mpegvideo_enc: return more specific error codes for ff_mpv_encode_init()
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-05-09 09:33:49 +08:00
Lou Logan
d163e0ecbc doc/encoders: remove unsubstantiated ffaacenc > fdk-aac claim
After this claim was made in e34e361 kamedo2 did an in-depth ABX
test comparing these encoders:

https://hydrogenaud.io/index.php?topic=111085.0

Result: FFmpeg AAC wasn't as good as libfdk_aac on average.

I know some things have changed since then such as, "use the fast
coder as the default" (fcb681ac) for example, so maybe the situation
is different now.

However, I am unaware of any recent comparison. So without any
substantiation we shouldn't make such a blantant claim.

Signed-off-by: Lou Logan <lou@lrcd.com>
Signed-off-by: Gyan Doshi <ffmpeg@gyani.pro>
2020-05-08 11:10:01 -08:00
Andreas Rheinhardt
6db97188d8 avcodec/(null|opus_metadata)_bsf: Use ff_bsf_get_packet_ref() directly
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-05-08 20:55:49 +02:00
Andreas Rheinhardt
47cd3c88c5 avcodec/bsf: Restrict ff_bsf_get_packet_ref() return values to <= 0
Up until now the documentation of ff_bsf_get_packet_ref() allowed return
values >= 0 in case of success, whereas av_bsf_receive_packet() only
allows 0 on success. Given that for some bitstream filters the return
value of ff_bsf_get_packet_ref() is forwarded to the caller of
av_bsf_receive_packet() without any filtering, there would be a problem
if ff_bsf_get_packet_ref() actually returned values > 0. But it
currently doesn't and there is no reason why it should ever do so.
Therefore this commit aligns the return values of these functions by
restricting ff_bsf_get_packet_ref() to always returns 0 on success.

Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-05-08 20:54:15 +02:00
Andreas Rheinhardt
345158aea1 avformat/hlsenc: Cosmetics
Mainly includes reindentation and returning directly (i.e. without
a goto fail when possible).

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-05-08 15:51:43 +02:00