Fixes: 5567/clusterfuzz-testcase-minimized-5769966247739392
Fixes: runtime error: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ab6f571ef7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e34fe61bf4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6019d721d4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This avoids potential undefined behavior in debug mode while still allowing
developers which want to check for potential additional overflows to do so
by manually enabling this.
Reviewed-by: wm4
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a44b3abb4c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Add dxva2_pool_release_dummy() and use it in call to
av_buffer_create() in dxva2_pool_alloc().
Prior to this change, av_buffer_create() was called with NULL for the
third argument, which indicates that av_buffer_default_free() should
be used to free the buffer's data. Eventually, it gets to
buffer_pool_free() and calls buf->free() on a surface object (which is
av_buffer_default_free()).
This can result in a crash when the debug version of the C-runtime is
used on Windows. While it doesn't appear to result in a crash when
the release version of the C-runtime is used on Windows, it likely
results in memory corruption, since av_free() is being called on
memory that was allocated using
IDirectXVideoAccelerationService::CreateSurface().
Signed-off-by: Aaron Levinson <alevinsn@aracnet.com>
Reviewed-by: wm4 <nfxjfg@googlemail.com>
Reviewed-by: Steven Liu <lingjiujianke@gmail.com>
Reviewed-by: Mark Thompson <sw@jkqxz.net>
(cherry picked from commit 0c1c514643)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 277e397eb5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 1352/clusterfuzz-testcase-minimized-5757565017260032
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 35f3df0d76)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* commit 'e18ba2dfd2d19aedc8afccf011d5fd0833352423':
hwcontext_dxva2: make sure the sw frame format is the right one during transfer
Merged-by: Hendrik Leppkes <h.leppkes@gmail.com>
* commit '9d7026574bbbe67d004a1c32911da75375692967':
hwcontext_dxva2: fix handling of the mapping flags
Merged-by: Hendrik Leppkes <h.leppkes@gmail.com>
* commit '0d3176e32f351d18d6174d8b05796829a75a4c6b':
hwcontext_dxva2: do not assume the destination format during mapping is always the right one
Merged-by: Hendrik Leppkes <h.leppkes@gmail.com>
* commit '8ea15afbf2c1ec89b5d4bac1f0b8345e4b906a5d':
hwcontext_qsv: transfer data through the child context when VPP fails
Merged-by: Mark Thompson <sw@jkqxz.net>
* commit 'b91ce4860054430d3712deb0d9487cac2fcb7d68':
hwcontext_qsv: do not fail when download/upload VPP session creation fails
Merged-by: Mark Thompson <sw@jkqxz.net>
* commit '99434f4df81b6801b2b535d5b9143305595784f6':
float_dsp: Have implementation match function pointer prototype
Merged-by: Clément Bœsch <cboesch@gopro.com>
USE_ATOMICS is only set if there is no thread implementation enabled, in
which case you can't expect any lock mechanism from FFmpeg.
This is also conflicting with the incoming use of stdatomic.
* commit '4fb311c804098d78e5ce5f527f9a9c37536d3a08':
Drop memalign hack
Merged, as this may indeed be uneeded since
46e3936fb0.
Merged-by: Clément Bœsch <u@pkh.me>
* commit 'f01f7a7846529b7c3ef343f117eaa2c0a1457af0':
hwcontext_dxva2: use the special UC copy for downloading frames
Merged-by: Clément Bœsch <u@pkh.me>
* commit 'd7bc52bf456deba0f32d9fe5c288ec441f1ebef5':
imgutils: add a function for copying image data from GPU mapped memory
Merged-by: Clément Bœsch <u@pkh.me>