Fixes: 1355/clusterfuzz-testcase-minimized-6662205472768000
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c535436cbeeab89be64e9f3fd652bc736f2f3245)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: -1094995529 * 131 cannot be represented in type 'int'
Fixes: 1353/clusterfuzz-testcase-minimized-5208180449607680
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 523205ce1ed9415183c162998c68f573479e78fe)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 1352/clusterfuzz-testcase-minimized-5757565017260032
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 35f3df0d76e28969fa77f2b865e2e40b3ba69722)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of array read
Fixes: 1349/clusterfuzz-testcase-minimized-5370707196248064
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a8ad83b793e883b8c6d114f81073a4e40c0308a3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 1346/clusterfuzz-testcase-minimized-5776732600664064
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a234b5ade3ca6cde805b92b8b6ecacf693460a8c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of array access
Fixes: 1345/clusterfuzz-testcase-minimized-6062963045695488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f52fbf4f3ed02a7d872d8a102006f29b4421f360)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 1342/clusterfuzz-testcase-minimized-5490842129137664
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0953736b7e97f6e121a0587a95434bf1857a27da)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 1341/clusterfuzz-testcase-minimized-5441502618583040
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1002932a3b16d35c46a08455f76462909eebb5aa)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 1340/clusterfuzz-testcase-minimized-4669892148068352
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f55df62998681c7702f008ce7c12a00b15e33f53)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 1339/clusterfuzz-testcase-minimized-4614671485108224
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 38152d9368beb080b4acd6cd9e5ccc89b3f733bf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 1338/clusterfuzz-testcase-minimized-6485546354343936
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9fac508ca46f93450ec232299dfd15ac70b6f326)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: out of array access
Fixes: 1348/clusterfuzz-testcase-minimized-6195673642827776
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ce551a3925a1cf9c7824e26a246b99b6773bda4b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 943/clusterfuzz-testcase-5114865297391616
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a78ae465fda902565ed041d93403e04490b4be0d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 1335/clusterfuzz-testcase-minimized-5566961566089216
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a0e5f7f363555d2befafb1c9e1579dbe0a2fbca7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 1080/clusterfuzz-testcase-5353236754071552
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ce7098b8f2b59c62b5abdb3d74819db75cf67698)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This avoids intermediates from overflowing (the final values are checked)
Fixes: runtime error: signed integer overflow: -167712 + -2147352576 cannot be represented in type 'int'
Fixes: 1298/clusterfuzz-testcase-minimized-5955580877340672
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c1c3a14073b33f790075f2884ea5c64451a6c876)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 1214/clusterfuzz-testcase-minimized-6130606599569408
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fc8cff96ed45dfdb91ed03e9942845f28be0e770)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9244b839b788e4677019041907ff5a4378a23490)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The code does use 16bit sized arrays later so larger deltas would not work
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 48b3117844177d8442bc9fa3ede1d31ce82ae6fc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 1280/clusterfuzz-testcase-minimized-6102353767825408
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 382b4fc9b5f3102f59743bf9c8619b31dd8ede1b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Decreases the time spend decoding junk.
May fix: 1283/clusterfuzz-testcase-minimized-6221126759874560
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2f00300b779e7b247c85db0d7daef448225105ff)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Suggested-by: "Ronald S. Bultje" <rsbultje@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b706ddbae3f4a11c58560b914807931556108b55)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of memory
Fixes: 1282/clusterfuzz-testcase-minimized-5400131681648640
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 63b8d4146d78595638417e431ea390aaf01f560f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
compilers doing DCE at -O0 do not necessarily understand "complex" boolean expressions
Build succeeds with this change, this was the only failure
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fa8fd0808f1086fc85abba5cf123faf41da49305)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e46d63745215c04637e7797228bad36bce49d881)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
It should not be a value larger than the number of streams we have,
or it will cause invalid reads and/or SIGSEGV.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ec07efa70012845e8642df67a4a773f510a17088)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This seems to be non-optional, and if the muxer is run without it,
strlen() is run on NULL, causing a segfault.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cbd3a68f3e1c2d1679370301eb5e1a32a2df64fe)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Because write_packet() fakely writes packets to muxer by queueing
them when muxer hasn't been initialized, it should also increment
frame_number fakely.
This is required because code in do_streamcopy() rely on
frame_number.
Should fix Ticket6227
Reviewed-by: James Almer <jamrial@gmail.com>
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Muhammad Faiz <mfcc64@gmail.com>
(cherry picked from commit c4be288fdbe1993110f1abd28ea57587cb2bc221)
There appears to be no need to treat interlaced videos differently,
also that code is flawed, as for at least one input cur_field would
be always 0.
Fixes ticket #6344.
Signed-off-by: Paul B Mahol <onemda@gmail.com>
(cherry picked from commit ac30754a148df58822a272555d1f6f860e42037e)
The av_log() is done outside the lock, but this way the accesses to the
field (reads and writes) are always protected by a mutex. The av_log()
is not run inside the lock context because it may involve user callbacks
and doing that in performance-sensitive code is probably not a good idea.
This should fix occasional tsan warnings when running fate-h264, like:
WARNING: ThreadSanitizer: data race (pid=10916)
Write of size 4 at 0x7d64000174fc by main thread (mutexes: write M2313):
#0 update_context_from_user src/libavcodec/pthread_frame.c:335 (ffmpeg+0x000000df7b06)
[..]
Previous read of size 4 at 0x7d64000174fc by thread T1 (mutexes: write M2311):
#0 ff_thread_await_progress src/libavcodec/pthread_frame.c:592 (ffmpeg+0x000000df8b3e)
(cherry picked from commit 2e664b9c1e73c80aab91070c1eb7676f04bdd12d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This tries to handle cases where separate invocations of decode_frame()
(each running in separate threads) write to respective fields in the
same AVFrame->data[]. Having per-field owners makes interaction between
readers (the referencing thread) and writers (the decoding thread)
slightly more optimal if both accesses are field-based, since they will
use the respective producer's thread objects (mutex/cond) instead of
sharing the thread objects of the first field's producer.
In practice, this fixes the following tsan-warning in fate-h264:
WARNING: ThreadSanitizer: data race (pid=21615)
Read of size 4 at 0x7d640000d9fc by thread T2 (mutexes: write M1006):
#0 ff_thread_report_progress pthread_frame.c:569 (ffmpeg:x86_64+0x100f7cf54)
[..]
Previous write of size 4 at 0x7d640000d9fc by main thread (mutexes: write M1004):
#0 update_context_from_user pthread_frame.c:335 (ffmpeg:x86_64+0x100f81abb)
(cherry picked from commit 083300bea935d125b83f60d7030f78a7ffb0f3df)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes tsan warnings like this in fate-vp8-test-vector-007:
WARNING: ThreadSanitizer: data race (pid=65909)
Write of size 4 at 0x7d8c0000e088 by thread T1:
#0 vp8_decode_mb_row_sliced vp8.c:2519 (ffmpeg:x86_64+0x100995ede)
[..]
Previous write of size 4 at 0x7d8c0000e088 by thread T2:
#0 vp8_decode_mb_row_sliced vp8.c:2519 (ffmpeg:x86_64+0x100995ede)
(cherry picked from commit fed92adbb3fc6cbf735e3df9a2f7d0a2917fcfbd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes tsan warnings like this in fate-vp8-test-vector-007:
WARNING: ThreadSanitizer: data race (pid=3590)
Write of size 4 at 0x7d8c0000e07c by thread T2:
#0 decode_mb_row_no_filter src/libavcodec/vp8.c:2330 (ffmpeg+0x000000ffb59e)
[..]
Previous write of size 4 at 0x7d8c0000e07c by thread T1:
#0 decode_mb_row_no_filter src/libavcodec/vp8.c:2330 (ffmpeg+0x000000ffb59e)
(cherry picked from commit 9a54c6f243412f62bae498ddcac337cb18ae6290)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes the following tsan warning when running fate-vsynth_lena-ffvhuff:
WARNING: ThreadSanitizer: data race (pid=6484)
Write of size 8 at 0x7d64000154b8 by main thread (mutexes: write M1331):
#0 update_context_from_user src/libavcodec/pthread_frame.c:331 (ffmpeg+0x000000dca887)
[..]
Previous read of size 8 at 0x7d64000154b8 by thread T2 (mutexes: write M1334):
#0 draw_slice src/libavcodec/huffyuvdec.c:857 (ffmpeg+0x000000bcc86f)
(cherry picked from commit 7c7e7c44a6eb68eca861e45cb2ce78f582b12c69)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes tsan warnings in fate-apng:
WARNING: ThreadSanitizer: data race (pid=51230)
Read of size 4 at 0x7d50000042fc by main thread (mutexes: write M1000):
#0 frame_copy_props frame.c:302 (ffmpeg:x86_64+0x1019a35d6)
[..]
Previous write of size 4 at 0x7d50000042fc by thread T1 (mutexes: write M997):
#0 decode_idat_chunk pngdec.c:708 (ffmpeg:x86_64+0x100f5562a)
(cherry picked from commit eff2861a757b8a46398e6fcb844b960b4775daad)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes a reported (but false) race condition in tsan for fate-apng:
WARNING: ThreadSanitizer: data race (pid=6274)
Read of size 4 at 0x7d680001ec78 by main thread (mutexes: write M1338):
#0 update_thread_context src/libavcodec/pngdec.c:1456 (ffmpeg+0x000000dacf0c)
[..]
Previous write of size 4 at 0x7d680001ec78 by thread T1 (mutexes: write M1335):
#0 decode_idat_chunk src/libavcodec/pngdec.c:737 (ffmpeg+0x000000dae951)
(cherry picked from commit 478f1c3d5e5463a284ea7efecfc62d47ba3be11a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Values from subsequent values are guaranteed to be identical (since
poc and nal_unit_type are checked to be the same between slices), so
this doesn't affect output in any way, but does resolve the remaining
reported race conditions (by tsan) in fate-hevc.
In practice, this fixes tsan warnings like this:
WARNING: ThreadSanitizer: data race (pid=25334)
Read of size 4 at 0x7d9c0001adcc by main thread (mutexes: write M1386):
#0 hevc_update_thread_context src/libavcodec/hevcdec.c:3310 (ffmpeg+0x000000b41c7c)
[..]
Previous write of size 4 at 0x7d9c0001adcc by thread T1 (mutexes: write M1383):
#0 hls_slice_header src/libavcodec/hevcdec.c:596 (ffmpeg+0x000000b43a22)
(cherry picked from commit 1f50baa2b2da7fdbfccf0662883f38a763ff6619)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Otherwise the thread may still be in the middle of decoding a previous
frame, which would effectively trigger a race condition on any field
concurrently read and written.
In practice, this fixes tsan warnings like the following:
WARNING: ThreadSanitizer: data race (pid=17380)
Write of size 4 at 0x7d64000160fc by main thread:
#0 update_context_from_user src/libavcodec/pthread_frame.c:335 (ffmpeg+0x000000dca515)
[..]
Previous read of size 4 at 0x7d64000160fc by thread T2 (mutexes: write M1821):
#0 ff_thread_report_progress src/libavcodec/pthread_frame.c:565 (ffmpeg+0x000000dcb08a)
(cherry picked from commit 1269cd5b6f540bef5913bf134d2f461aac50d70b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Should fix tsan warnings in fate-fifo-muxer-h264/wav:
WARNING: ThreadSanitizer: data race (pid=26552)
Write of size 4 at 0x000001e0d7c0 by main thread:
#0 transcode_init src/ffmpeg.c:3761 (ffmpeg+0x00000050ca1c)
[..]
Previous read of size 4 at 0x000001e0d7c0 by thread T1:
#0 decode_interrupt_cb src/ffmpeg.c:460 (ffmpeg+0x0000004fde19)
(cherry picked from commit 76d8c77430e9e0110623705bfb54d922cc2ac3ea)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>