Fixes out of array access
Fixes: crash-huf.avi
Regression since: 6b41b4414934cc930468ccd5db598dd6ef643987
This could also be fixed by adding checks in the C code that calls the dsp
Found-by: Zhibin Hu and 连一汉 <lianyihan@360.cn>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Some V4L2 drivers fail to allocate buffers when sizeimage is not set
to a max value. This is indeed the case for s5p-mfc [1]
Most drivers should be able to calculate this value from the frame
dimensions and format - or at least have their own default.
However since this work around should not impact those drivers doing
the "right thing" this commit just provides such a default.
The calculations were extracted from the v4l2 driver used to develop
the ffmpeg v4l2_m2m support [2]. See venc.c and vdec.c
[1] linux.git/drivers/media/platform/s5p-mfc
[2] linux.git/drivers/media/platform/qcom/venus/
Fixes: runtime error: signed integer overflow: -1408475220 + -1408475220 cannot be represented in type 'int'
Fixes: 3336/clusterfuzz-testcase-minimized-5656839179993088
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
It is to fix https://trac.ffmpeg.org/ticket/6677. Actucally it is a
regression of commit 99e07a4453732058df90885f80b3db3b4f37cb3c which
always inserts a dummy frame when decode the first key field picture.
Signed-off-by: Zhong Li <zhong.li@intel.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: runtime error: left shift of negative value -255
Fixes: 3373/clusterfuzz-testcase-minimized-5604083912146944
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
It leaks memory and destroys the dst packet in case of failure, and it
ultimately duplicates functionality already existing in the saner
av_packet_copy_props().
Reviewed-by: wm4
Signed-off-by: James Almer <jamrial@gmail.com>
Correctly set the interlaced_frame and top_field_first fields when pic_struct
indicates paired fields.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Prevents int->float conversions on every loop.
Performance gain on synthetic benchmarks: 13%.
Suggested by kamedo2.
Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>
* commit '030de53e9cc225dc767458aedcc87efd457b4f3b':
libopenh264dec: Let the framework use the h264_mp4toannexb bitstream filter
Merged-by: James Almer <jamrial@gmail.com>
* commit 'ba30b74686f0cb6c9dd465ac4820059c48bf9d08':
aac: Validate the sbr sample rate before using the value
See cf5f4c5169639349262aa221ae485a0de188afb1
Merged-by: James Almer <jamrial@gmail.com>
This adds hardware decoding for H.264 / HEVC / VP8 / VP9 using the MPP
Rockchip API. It returns frames holding an AVDRMFrameDescriptor struct
in buf[0] that allows drm / dmabuf usage. Tested on RK3288 (TinkerBoard)
and RK3328.
Signed-off-by: Mark Thompson <sw@jkqxz.net>
Remove loops and unroll as block sizes are known.
Signed-off-by: Kaustubh Raste <kaustubh.raste@imgtec.com>
Reviewed-by: Manojkumar Bhosale <Manojkumar.Bhosale@imgtec.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Replace generic with block size specific function.
Signed-off-by: Kaustubh Raste <kaustubh.raste@imgtec.com>
Reviewed-by: Manojkumar Bhosale <Manojkumar.Bhosale@imgtec.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Replace generic with block size specific function.
Signed-off-by: Kaustubh Raste <kaustubh.raste@imgtec.com>
Reviewed-by: Manojkumar Bhosale <Manojkumar.Bhosale@imgtec.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
