This will not error but the API allows errors so we should check it
Fixes: CID1489999 Unchecked return value
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6df8bd64ffa5ea3864a433c5e78b8d8f642c1305)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This will not overflow for normal values
Fixes: CID1500280 Unintentional integer overflow
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bfc22f364d31d8f2dc2acae1bd03d5894a00b8c5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
related: CID1497114 Missing break in switch
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3f9daf1c18c2f0fb9e6d0b94af8e92cafc0cf010)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This is test code after all so it should test things
Fixes: CID1518990 Unchecked return value
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e3481730ed9b3b781a0d85370826bcc57d601958)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Failure is possible due to strdup()
Fixes: CID1516764 Dereference null return value
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e8a1e1899d9ededd78f8ec4722fe80c345bbf8f7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c4004605b2fa6e2ecbd1cfc2a1da382e4f5237a5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: CID1473512 Unused value
Fixes: CID1529228 Unused value
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 33da5f4e2717cc947cf44ad9a52668694ea4ee82)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Helps: CID1518967 Unchecked return value
Helps: CID1518968 Unchecked return value
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e7775973f037724f26676015a364134fd728babf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Helps: CID1524598 Improper use of negative value
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b6fa2ed77e57e82f3155b83ca4f4b3be8da5ff5c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Clause 3.11.1 of IAMF[1] states the Opus ID Header should conform to ChannelMappingFamily == 0.
[1]https://aomediacodec.github.io/iamf/#opus-specific
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 2aab4e4cc0b4a666c7e5a752b25a337710b20bdb)
Ensure the values are spec complaint and that no integer overflow can happen.
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 9ce065c90decf1a07a810ccb699a491d41a720d2)
The semantics for the field are different than the one in AVCodecParameters,
so use the name defined in the IAMF spec to prevent confusion.
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 54b8d5e201c97464625cfb6cfd851ed80976aa44)
The value was swapped from what's defined in clause 3.11.4 of IAMF[1]
[1]https://aomediacodec.github.io/iamf/#lpcm-specific
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 709a5687ed13a153b7ccbe096c1fa8783733f1d9)
Fixes: member access within null pointer of type 'IAMFSubStream' (aka 'struct IAMFSubStream')
Fixes: 69795/clusterfuzz-testcase-minimized-ffmpeg_dem_IAMF_fuzzer-6216287009701888
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b248dace929e97b10de17663caab32fbb1c42f0f)
Fixes: out of array access
Fixes: 68863/clusterfuzz-testcase-minimized-ffmpeg_dem_IAMF_fuzzer-4833546039525376
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 0ae157b3603f27d8057febd8f2680ac1030722ee)
Fixes: out of array access
Fixes: 68302/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4665793796177920
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7fab9b97613e5ec6954fb8118f9ca43f04847cfe)
Fixes: out of array access
Fixes: 68584/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6256656668229632
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c69e6cccd7e14fc6ee9df179f19e9de2cecba3d8)
Fixes: CID1559546 Logically dead code
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c21fb3624bb7e10f9ee5a182bf9cfbf64990c78e)
If the sBIT chunk size is invalid, we should print a more informative
error message rather than return an error and print nothing.
Signed-off-by: Leo Izen <leo.izen@gmail.com>
Indexed color images use three colors for sBIT, but the function
ff_png_get_nb_channels returns 1 in this case. We should avoid erroring
out on valid files in this scenario.
Regression since 84b454935fae2633a8a5dd075e22393f3e8f932f.
Signed-off-by: Leo Izen <leo.izen@gmail.com>
Reported-by: Ramiro Polla <ramiro.polla@gmail.com>
Reviewed-by: Marton Balint <cus@passwd.hu>
When mDCv support was added, there was a typo in both variable names
and also the MKTAG itself, incorrectly listing it as mDVc. The tag name
stands for Mastering Display Color Volume so mDCv is correct.
Typo originally introduced in 78949041417caaef0c82b2b23d7defdd88aa2378.
Signed-off-by: Leo Izen <leo.izen@gmail.com>
Reported-by: Ramiro Polla <ramiro.polla@gmail.com>
When mDCv support was added, there was a typo in both variable names
and also the MKTAG itself, incorrectly listing it as mDVc. The tag name
stands for Mastering Display Color Volume so mDCv is correct. See other
files such as av1dec.c which uses mdcv.
Typo originally introduced in c7a57b0f70f8d1574aa0f0dbe98db85d8ac91c76.
Signed-off-by: Leo Izen <leo.izen@gmail.com>
Reported-by: Ramiro Polla <ramiro.polla@gmail.com>
In intra-only mode, frameIntervalP is 0, which means the frame
data array is smaller than the number of surfaces.
Together with using the wrong size on deallocation of the
frame_data_array, this lead to a crash.
Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
(cherry picked from commit c9151ea50715c4ce47ad1c8df519781565db01f6)
Video devices categorized by AVFoundation as
'AVCaptureDeviceTypeExternal(Unknown)' (like USB video streams) were not
recognized by libavdevice.
Signed-off-by: Theo Fabi <fabi.theo@gmail.com>
Signed-off-by: Brad Smith <brad@comstyle.com>
(cherry picked from commit 41190da9e11f536cb590df45ce9839974e5e6777)
Signed-off-by: Brad Smith <brad@comstyle.com>
Fixes: The warnings from CID1598553 Uninitialized scalar variable
Passing partly initialized structs is ugly and asking for hard to rieproduce bugs,
The uninitialized fields where not used
Reviewed-by: "Xiang, Haihao" <haihao.xiang-at-intel.com@ffmpeg.org>
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c841cb45e81ebece26768c820c459b085668a37a)
There is no bsf for other codecs to modify crop info except H.265.
For H.265, the assumption that FFALIGN(width, 16)xFFALIGN(height, 16)
is the video resolution can be wrong, since the encoder can use CTU
larger than 16x16. In that case, use FFALIGN(width, 16) - width
as crop_right is incorrect. So disable the workaround for H.265 now.
Signed-off-by: Zhao Zhili <zhilizhao@tencent.com>
Fields under the segmentation switch are never reset on a new frame, and
retain the value from the previous frame. This bugs out a bunch of
hwaccel drivers when segmentation is disabled but update_map isn't
reset because they don't ignore values behind switches. This commit also
resets the temporal field, though it may not be required.
We also do this for vp8 [1] so this commit is just mirroring the vp8
logic.
This fixes an issue with certain samples [2] that causes blocky
artifacts with vaapi, d3d11va and cuda (and possibly others).
Mesa worked around [3] this by ignoring these fields if
segmentation.enabled is 0, but d3d11va still displays blocky artifacts.
[1] 2e877090f9:/libavcodec/vp8.c#l797
[2] https://github.com/mpv-player/mpv/issues/13533
[3] https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/27816
Signed-off-by: llyyr <llyyr.public@gmail.com>
Signed-off-by: Brad Smith <brad@comstyle.com>
(cherry picked from commit 43b1a956789bf0d5796769427d40c78e460c247f)
Signed-off-by: Brad Smith <brad@comstyle.com>
Since the SBR noise application optimisations are currently restricted
to hardware with 128-bit vectors, and use a quadruple multipler, they
can load up to 16 32-bit elements. But the "loads" are of 2 segments,
or 16 pairs of single precision float.
Thus we need to expand the dupiclated section of the noise table from
2x8 to 2x16 to avoid overflows.
(cherry picked from commit e6b38c944f0ed1f28f78fcf0055708c7d208db07)
Signed-off-by: Rémi Denis-Courmont <remi@remlab.net>
This loop correctly assumes that VLMAX=16 (4x128-bit vectors
with 32-bit elements) and 32 >= pred_order > 16. We need to alternate
between VL=16 and VL=t2=pred_order-16 elements to add up to pred_order.
The current code requests AVL=a2=pred_order elements. In QEMU and on
thte K230 hardware, this sets VL=16 as we need. But the specification
merely guarantees that we get: ceil(AVL / 2) <= VL <= VLMAX. For
instance, if pred_order equals 27, we could end up with VL=14 or VL=15
instead of VL=16. So instead, request literally VLMAX=16.
(cherry picked from commit f8837465875205207bd281ecad9e4b9a12638c7e)
Signed-off-by: Rémi Denis-Courmont <remi@remlab.net>
The documentation of av_adts_header_parse() does not require
the buffer to be padded at all.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit 6c812a80ddfadb3e69018971a2e92ace5326db36)
Regression since e1ba00ac8f755f37ebc8448d3dbea906d7b79da2.
Reviewed-by: Ronald S. Bultje <rsbultje@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit 67c7c44c7956c4ecde0d36652f3d34bca13bffdb)
As defined in Section 8.7.3.2.1 of ISO 14496-12.
Any unsupported value will be rejected in mov_build_index() without outright
aborting demuxing.
Fixes ticket #11005.
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 3146b77a7d314f55b8ec5d8ce6fda2c5db049a27)
