1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-08 13:22:53 +02:00
Commit Graph

99470 Commits

Author SHA1 Message Date
Andreas Rheinhardt
432f291dff avformat/movenc: Free old vos_data before overwriting it
Otherwise the old data leaks whenever extradata needs to be rewritten
(e.g. when encoding FLAC with our encoder that sends an updated
extradata packet at the end).

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-05 00:49:11 +02:00
Andreas Rheinhardt
0336bbf68a avformat/movenc: Don't free AVCodecParameters manually
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-05 00:48:55 +02:00
Andreas Rheinhardt
c9ceec1f1f avcodec/qsv: Fix leak of options on error
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-05 00:48:47 +02:00
Andreas Rheinhardt
e6cdd23bc7 avformat/movenc: Make some AVCodecTag tables static
They are not used anywhere else.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-04 23:41:26 +02:00
Andreas Rheinhardt
22c3cd1760 avformat/movenc: Fix segfault when remuxing rtp hint stream
When remuxing an rtp hint stream (or any stream with the tag "rtp "),
the mov muxer treats this as one of the rtp hint tracks it creates
internally when ordered to do so; yet this track lacks the
AVFormatContext for the hinting rtp muxer, leading to segfaults in
mov_write_udta_sdp() if a "trak" atom is written for this stream; if not,
the stream's codecpar is freed by mov_free() as if the mov muxer owned
it (it does for the internally created "rtp " tracks), but without
resetting st->codecpar, leading to double-frees lateron. This commit
therefore ignores said tag which makes rtp hint streams unremuxable.

This fixes tickets #8181 and #8186.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-04 23:38:43 +02:00
Andreas Rheinhardt
6770057ac9 avcodec/dvenc: Fix undefined left shift of negative numbers
The earlier code was based on the assumption that AVFrame.linesize can
not be negative.

Fixes ticket #8280.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-04 23:36:50 +02:00
Paul B Mahol
3a035a8cd2 avfilter/vf_v360: fix possible out of range values 2020-10-04 19:23:52 +02:00
Paul B Mahol
eaba6cecfb avfilter/vf_v360: add mitchell interpolation 2020-10-04 19:23:52 +02:00
Michael Niedermayer
acd735efaf avformat/moflex: Check m->size before seeking
Fixes: Infinite loop
Fixes: 26016/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-6195663833137152

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-04 16:54:11 +02:00
Michael Niedermayer
3291d994b7 avcodec/dxtory: Fix negative stride shift in dx2_decode_slice_420()
Fixes: left shift of negative value -640
Fixes: 26044/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXTORY_fuzzer-5631057602543616

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-04 16:54:11 +02:00
James Almer
05872c67a4 avcodec/av1dec: partially clean state on frame decoding errors
Fixes: member access within null pointer of type 'TileGroupInfo' (aka 'struct TileGroupInfo')
Fixes: 25725/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AV1_fuzzer-5166692706287616

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: James Almer <jamrial@gmail.com>
2020-10-04 10:34:15 -03:00
Paul B Mahol
069d2b4a50 avformat: add tri-ACE demuxer 2020-10-03 21:50:59 +02:00
Paul B Mahol
e0d0565425 avformat/adxdec: demux multiple blocks at once
Improves decoding speed by 24x
2020-10-03 21:49:39 +02:00
Lynne
45070eec4c
libwavpackenc: remove libwavpackenc wrapper
The manual states "there is virtually no reason to use that encoder.".

It supports less sample formats than the native encoder, is less efficient
than the native encoder and is also slower and pretty much remains untested.
libwavpack also isn't being fuzzed, which given that we plug the parameters
without any sanitizing them looks concerning.
2020-10-02 17:43:15 +02:00
Jan Ekström
d9e812797c avformat/movenc: handle tracks w/o AVStreams in calculate_mpeg4_bit_rates
The generated text streams for chapters lack an AVStream since they
are but an internal concept within movenc.

Fixes #8910
2020-10-02 16:49:44 +03:00
Michael Niedermayer
686f015190 avformat/asfdec_f: Change order or operations slightly
Fixes: signed integer overflow: 20 * 5184056935931942919 cannot be represented in type 'long'
Fixes: 25466/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4798660247552000

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-02 14:59:53 +02:00
Michael Niedermayer
c313089fbe avformat/dxa: Use av_rescale() for duration computation
Fixes: signed integer overflow: 8224000000 * 1629552639 cannot be represented in type 'long'
Fixes: 24908/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4658478506049536

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-02 14:59:53 +02:00
Michael Niedermayer
3056e19e68 avcodec/vc1_block: Fix integer overflow in ac value
Fixes: signed integer overflow: 25488 * 87381 cannot be represented in type 'int'
Fixes: 24765/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1_fuzzer-5108259565076480

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-02 14:59:53 +02:00
Mark Reid
453004fde6 libswcale/input: use more accurate rgbf32 yuv conversions
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-02 14:59:52 +02:00
Mark Reid
6bf57c6a2a libswscale/tests: add floatimg_cmp test
changes since v1:
- made into fate test
- fixed c90 warnings
- tests more intermediate formats
- tested on BE mips too

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-10-02 14:59:52 +02:00
Zhao Zhili
a191d4166f avformat/rtsp: fix parse_rtsp_message
1. Remove the assumption that the message method is TEARDOWN.
2. Don't ignore the error code of ff_rtsp_parse_streaming_commands.

Signed-off-by: Martin Storsjö <martin@martin.st>
2020-10-02 09:11:24 +03:00
Martin Storsjö
0b1d8468c4 rtsp: Fix infinite loop in listen mode with UDP transport
In listen mode with UDP transport, once the sender has sent
the TEARDOWN and closed the connection, poll will indicate that
one can read from the connection (indicating that the socket has
reached EOF and should be closed by the receiver as well). In this
case, parse_rtsp_message won't try to parse the command (because
it's no longer in state STREAMING), but previously just returned
zero.

Prior to f6161fccf8, this caused
udp_read_packet to return zero, which is treated as EOF by
read_packet. But after that commit, udp_read_packet would continue
if parse_rtsp_message didn't return an explicit error code.

To keep the original behaviour from before that commit, more
explicitly return an error in parse_rtsp_message when in the wrong
state.

Fixes: #8840
Signed-off-by: Martin Storsjö <martin@martin.st>
2020-10-02 09:09:17 +03:00
James Almer
979cc0c7cb avutil/pixdesc: add missing FF_API_PSEUDOPAL check
Signed-off-by: James Almer <jamrial@gmail.com>
2020-10-02 00:18:13 -03:00
James Almer
a7489c0fbd avformat/utils: add missing FF_API_LAVF_AVCTX check
Signed-off-by: James Almer <jamrial@gmail.com>
2020-10-01 22:47:51 -03:00
James Almer
10c01c3779 avformat/sdp: add missing FF_API_LAVF_AVCTX check
Signed-off-by: James Almer <jamrial@gmail.com>
2020-10-01 22:45:34 -03:00
James Almer
137a36bdfc avcodec/utils: add missing FF_API_TAG_STRING check
Signed-off-by: James Almer <jamrial@gmail.com>
2020-10-01 22:43:28 -03:00
James Almer
0191f2d29c avcodec/options: add missing FF_API_COPY_CONTEXT checks
Signed-off-by: James Almer <jamrial@gmail.com>
2020-10-01 22:43:03 -03:00
James Almer
bd52b41444 avcodec/libvpxenc: add missing FF_API_ERROR_FRAME check
Signed-off-by: James Almer <jamrial@gmail.com>
2020-10-01 22:42:37 -03:00
Timo Rothenpieler
13c74291ec avcodec/cuviddec: avoid copy of uninitialized extradata pointer 2020-10-01 21:28:55 +02:00
Timo Rothenpieler
c75756d047 avcodec/cuviddec: use correct type for extradata_size 2020-10-01 20:49:59 +02:00
Timo Rothenpieler
bba6262080 avcodec/cuviddec: fix copy&paste error 2020-10-01 20:20:48 +02:00
Andreas Rheinhardt
22a2386a56 avformat/movenc: Fix stack overflow when remuxing timecode tracks
There are two possible kinds of timecode tracks (with tag "tmcd") in the
mov muxer: Tracks created internally by the muxer and timecode tracks
sent by the user. If any of the latter exists, the former are
deactivated. The former all belong to another track, the source
track; the latter don't have a source track set, but the index of the
source track is initially zeroed by av_mallocz_array(). This is a
problem since 3d894db700: Said commit added
a function that calculates the duration of tracks and the duration of
timecode tracks is calculated by rescaling the duration (calculated by
the very same function) of the source track. This gives an infinite
recursion if the first track (the one that will be treated as source
track for all timecode tracks) is a timecode track itself, leading to a
stack overflow.

This commit fixes this by not using the nonexistent source track
when calculating the duration of timecode tracks not created internally
by the mov muxer.

Reviewed-by: Martin Storsjö <martin@martin.st>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-01 14:30:34 +02:00
Andreas Rheinhardt
66eadb3926 avcodec/utils: Reindentation
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-01 13:35:28 +02:00
Andreas Rheinhardt
b8e0ceda11 avcodec/utils: Also free encoder extradata on avcodec_open2() error
It is owned by libavcodec for encoders.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-01 13:34:57 +02:00
Andreas Rheinhardt
d1dcc20126 avcodec/utils: Don't forget cleaning up when allocating priv_data fails
Allocating an AVCodecContext's priv_data used to be the first object
allocated in avcodec_open2(), so it was unnecessary to goto free_and_end
(which does the cleanup) upon error here. But this is no longer so since
f3a29b750a.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-01 13:19:42 +02:00
Andreas Rheinhardt
c6e54d14c5 avcodec/utils: Improve check for freeing codec private options
Don't check for AVCodec.priv_data_size (which is always true if
AVCodec.priv_class is set). Instead check for AVCodecContext.priv_data
to actually exist.

(Note: av_opt_free(NULL) is a no-op.)

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-01 13:18:18 +02:00
Andreas Rheinhardt
502c5fe101 avcodec/utils: Remove always-true check
The first thing avcodec_open2() allocates is the AVCodecInternal. If
allocating it fails, a jump to end occurs; but if an error happens after
its allocation, a jump to free_and_end happens which frees all
allocations performed so far and then jumps to end. Yet free_and_end
contained a check for AVCodecInternal (after having already dereferenced
it to check whether ff_thread_free() needs to be called) which is of
course always true. So remove it.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-10-01 12:50:57 +02:00
Anton Khirnov
33b4b788aa opusdec: do not fail when LBRR frames are present
Decode and discard them.

Fixes ticket 4641.
2020-10-01 11:16:17 +02:00
Nicolas George
3bf5cc9c58 fate: add scale filters for big-endian architectures.
Filters mostly work in native endianness, but they must output
a specified endianness, usually little: that requires a final
conversion for big endian.

I do not know what's the deal with gif-deal: inserting explicitly
the filters that are implicitly inserted result in less frames in
output. Probably a strange problem of duration.
2020-09-30 16:39:34 +02:00
Andreas Rheinhardt
9d8f9b2e40 swresample/audioconvert: Fix left shift of negative value
Fixes ticket #8219.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-09-30 10:50:45 +02:00
James Almer
aa5e49e46d avcodec/av1dec: call ff_cbs_flush() on decoder flush
Signed-off-by: James Almer <jamrial@gmail.com>
2020-09-29 21:38:27 -03:00
James Almer
3392c1b05e avcodec/av1dec: fix check for active sequence header
We clear the AV1RawSequenceHeader pointer on flush, not the relevant AVBufferRef.

Signed-off-by: James Almer <jamrial@gmail.com>
2020-09-29 21:38:27 -03:00
James Almer
ea4b10249d avcodec/av1dec: parse dimensions from the sequence header in extradata
Signed-off-by: James Almer <jamrial@gmail.com>
2020-09-29 21:38:27 -03:00
James Almer
421906dddb avcodec/cbs_vp9: implement a CodedBitstreamType.flush() callback
Signed-off-by: James Almer <jamrial@gmail.com>
2020-09-29 21:38:27 -03:00
James Almer
0c84253353 avcodec/cbs_h2645: implement CodedBitstreamType.flush() callbacks
Signed-off-by: James Almer <jamrial@gmail.com>
2020-09-29 21:38:27 -03:00
James Almer
dfd184eed5 avcodec/cbs_av1: implement a CodedBitstreamType.flush() callback
Signed-off-by: James Almer <jamrial@gmail.com>
2020-09-29 21:38:27 -03:00
James Almer
515b6419ca avcodec/cbs: add a flush callback to CodedBitstreamType
Used to reset the codec's private internal state.

Signed-off-by: James Almer <jamrial@gmail.com>
2020-09-29 21:38:27 -03:00
Paul B Mahol
23d0754165 avfilter/vf_v360: stop using floats variables in xyz_to_octahedron
Use proper integer variables.
2020-09-30 00:09:22 +02:00
Timo Rothenpieler
a96743a05c avcodec/cuviddec: handle arbitrarily sized extradata 2020-09-29 23:29:04 +02:00
Andreas Rheinhardt
5bc74d06da avcodec/utils: Only call codec->close if init has been called
avcodec_open2() also called the AVCodec's close function if an error
happened before init had ever been called if the AVCodec has the
FF_CODEC_CAP_INIT_CLEANUP flag set. This is against the documentation of
said flag: "The codec allows calling the close function for deallocation
even if the init function returned a failure."

E.g. the SVQ3 decoder is not ready to be closed if init has never been
called.

Fixes: NULL dereference
Fixes: 25762/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SVQ3_fuzzer-5716279070294016

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-09-29 21:18:19 +02:00