1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-19 05:49:09 +02:00

95946 Commits

Author SHA1 Message Date
Andreas Rheinhardt
710ab13693 avfilter/vf_unsharp: Don't dereference NULL
The unsharp filter uses an array of arrays of uint32_t, each of which is
separately allocated. These arrays also need to freed separately; but
before doing so, one needs to check whether the array of arrays has
actually been allocated, otherwise one would dereference a NULL pointer.
This fixes #8408.

Furthermore, the array of arrays needs to be zero-initialized so that
no uninitialized pointer will be freed in case an allocation of one of
the individual arrays fails.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-03 09:50:00 +01:00
James Almer
968c4cbf22 fate/cbs: add svc AV1 tests
Signed-off-by: James Almer <jamrial@gmail.com>
2019-12-02 14:45:02 -03:00
James Almer
5985ca0436 avcodec/av1_parser: skip frames with spatial_id > 0
This fixes marking keyframes in svc samples.

Signed-off-by: James Almer <jamrial@gmail.com>
2019-12-02 14:38:52 -03:00
Zhao Zhili
f9d4366912 avfilter/buffersrc: remove write-only variable 2019-12-02 17:28:16 +01:00
James Almer
637742b45d fate/cbs: add a decode model AV1 test
Signed-off-by: James Almer <jamrial@gmail.com>
2019-12-01 16:53:11 -03:00
James Almer
af7ab32b89 fate/cbs: add a switch frame AV1 test
Signed-off-by: James Almer <jamrial@gmail.com>
2019-12-01 16:53:11 -03:00
James Almer
553c1431ac Revert "avcodec/cbs_av1_syntax_template: Check ref_frame_idx before use"
This reverts commit 8174e5c77d8a94b57b6b1bcbb90728cf8b08ab6b.

It's no longer needed after the previous commit.

Signed-off-by: James Almer <jamrial@gmail.com>
2019-12-01 16:53:11 -03:00
James Almer
eced91afa5 avcodec/cbs_av1: implement missing set_frame_refs() function
Defined in Section 7.8

This finishes implementing support for frames using
frame_refs_short_signaling.

Signed-off-by: James Almer <jamrial@gmail.com>
2019-12-01 16:53:11 -03:00
Michael Niedermayer
a11aa5f3ed avcodec/alsdec: Discard frames for which no channel could be decoded
Fixes: Timeout (80sec -> 33sec)
Fixes: 18668/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5710836719157248

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-01 17:17:04 +01:00
Michael Niedermayer
fd3c34ff30 avcodec/alsdec: Avoid 1 layer of pointer dereferences in INTERLEAVE_OUTPUT()
This optimizes the code slightly (116 -> 80sec)
Testcase: 18668/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5710836719157248

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-01 17:17:04 +01:00
Michael Niedermayer
0ddef00457 avcodec/g729dec: Avoid one multiply by using init_get_bits8()
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-01 17:17:04 +01:00
Michael Niedermayer
336f9461df avcodec/g729dec: Avoid using buf_size
buf_size is not updated as buf is advanced so it is wrong after the first
iteration

Fixes: Timeout (160sec -> 27sec)
Fixes: 18658/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G729_fuzzer-5729784269373440

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-01 17:17:04 +01:00
Michael Niedermayer
576746b4e3 avcodec/g729dec: Factor block_size out
This will be used in the next commit

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-01 17:17:04 +01:00
Michael Niedermayer
f64be9da4c avcodec/g729dec: require buf_size to be non 0
The 0 case was added with the support for multiple packets. It
appears unintended and causes extra complexity and out of array
accesses (though within padding)

No testcase

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-01 17:17:04 +01:00
Michael Niedermayer
d468da8d79 avcodec/g729dec: Check for KELVIN && 6k4
This combination would assume different block sizes throughout the code so its
better to error out.

Fixes: signed integer overflow: -1082385168 * 2 cannot be represented in type 'int'
Fixes: 19110/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ACELP_KELVIN_fuzzer-5643993950191616

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-01 17:17:04 +01:00
Michael Niedermayer
7686ba1f14 avcodec/alac: Fix integer overflow in lpc_prediction() with sign
Fixes: signed integer overflow: -2147483648 * -1 cannot be represented in type 'int'
Fixes: 18643/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5672182449700864

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-01 17:17:04 +01:00
Michael Niedermayer
589cb44498 avcodec/wmaprodec: Fix buflen computation in save_bits()
Fixes: Assertion failure
Fixes: 18630/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAPRO_fuzzer-5201588654440448

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-01 17:17:04 +01:00
Michael Niedermayer
0e010e489b avcodec/vc1_block: Fix integer overflow in AC rescaling in vc1_decode_i_block_adv()
Fixes: signed integer overflow: 50176 * 262144 cannot be represented in type 'int'
Fixes: 18629/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5182370286403584

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-01 17:17:04 +01:00
Michael Niedermayer
47d963335e avcodec/vmdaudio: Check chunk counts to avoid integer overflow
Fixes: signed integer overflow: 4 * 538976288 cannot be represented in type 'int'
Fixes: 18622/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VMDAUDIO_fuzzer-5092166174507008

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-01 17:17:04 +01:00
Michael Niedermayer
13816a1d08 avformat/mxfdec: Clear metadata_sets_count in mxf_read_close()
This avoids problems if the function is called twice

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-01 17:17:04 +01:00
Andreas Rheinhardt
5946243fa8 avformat/flac_picture: Return directly if nothing has been allocated
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-01 17:17:04 +01:00
Andreas Rheinhardt
84a4261cd8 avformat/flac_picture: Switch to bytestream2 API
ff_flac_parse_picture() parses a buffer containing a flac metadata
picture block by wrapping it in an AVIOContext and using the AVIOContext
API. Consequently, when not enough data could be read AVERROR(EIO) was
returned although reading didn't really fail: A block that contains a
subfield whose size field indicates that it is so big as to extend
beyond the buffer is just invalid.

This commit changes this by using the bytestream2 API instead;
furthermore, the checks for whether there is enough data left are
performed before allocating a buffer for said data.

Finally, if the length of the picture description is bigger than
INT_MAX, it will now raise an error.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-01 17:17:04 +01:00
Andreas Rheinhardt
35005a4af1 avformat/flac_picture: Simplify checks
During parsing a flac picture metadata block, the mimetype is read as
follows: Its 32b size field is read and checked for being in the range
1..63; afterwards, the actual mimetype-string is read into a buffer of
size 64, where the length to read is the minimum of the length field and
the size of the destination buffer -1. Then an assert guards that length
is indeed < the size of the destination buffer before the string in the
buffer is zero-terminated.

The FFMIN as well as the assert are actually redundant, as it has
been checked that the string (even after terminating) fits into the
buffer. In order to make this clear, reword the check "len >= 64" to
"len >= sizeof(mimetype)" and drop the FFMIN as well as the assert.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-01 17:17:04 +01:00
Steven Liu
9cc88ed4b7 avformat/smoothstreamingenc: removed unused check of avformat_free_context
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Reviewed-by: Jun Zhao <barryjzhao@tencent.com>
Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
2019-12-02 00:08:31 +08:00
Steven Liu
0f79a71353 avformat/rtpenc_mpegts: removed unused check of avformat_free_context
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Reviewed-by: Jun Zhao <barryjzhao@tencent.com>
Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
2019-12-02 00:08:21 +08:00
Steven Liu
e880f4fb38 avformat/hdsenc: removed unused check of avformat_free_context
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Reviewed-by: Jun Zhao <barryjzhao@tencent.com>
Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
2019-12-02 00:08:14 +08:00
Steven Liu
b26225a3c7 avformat/dashenc: remove unused check of avformat_free_context
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Reviewed-by: Jun Zhao <barryjzhao@tencent.com>
Reviewed-by: Jeyapal, Karthick <kjeyapal@akamai.com>
Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
2019-12-02 00:08:07 +08:00
James Almer
e5db2e96c0 avformat/avc: add missing return error value
Signed-off-by: James Almer <jamrial@gmail.com>
2019-11-30 11:34:58 -03:00
Andriy Gelman
99d78e4f42 lavc/extract_extradata: Use bytestream api
Signed-off-by: Andriy Gelman <andriy.gelman@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
2019-11-30 11:34:51 -03:00
Andreas Rheinhardt
76e0ecec0b avcodec/extract_extradata_bsf: Don't unref uninitialized buffers
This happens if allocating extradata fails and s->remove is unset.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
2019-11-30 09:59:30 -03:00
James Almer
18507b4882 avformat/avc: fix sps buffer offset when calling ff_avc_decode_sps()
Skip the avcC specific size bytes and the NAL header bits.

Signed-off-by: James Almer <jamrial@gmail.com>
2019-11-29 23:17:43 -03:00
James Almer
0d67af34c2 fate/demux: add an AV1 Annex B test
Signed-off-by: James Almer <jamrial@gmail.com>
2019-11-29 18:58:42 -03:00
James Almer
378065f08f avcodec/av1_parser: export stream dimensions in avctx
This is required to demux annexb samples when a decoder isn't available.

Signed-off-by: James Almer <jamrial@gmail.com>
2019-11-29 18:58:34 -03:00
James Almer
13ed243594 fate/lavf-container: add an H264 mp4 remux test
This uses a raw h264 bitstream as source, in order to test the avcC
generation code.

Signed-off-by: James Almer <jamrial@gmail.com>
2019-11-29 18:24:01 -03:00
James Almer
de557eb191 fate/lavf-container: add an AV1 mp4 remux test
Signed-off-by: James Almer <jamrial@gmail.com>
2019-11-29 18:23:49 -03:00
Zhao Zhili
19956d01cc libavdevice/lavfi: check avfilter_graph_dump return value
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-11-29 19:58:35 +01:00
Andreas Rheinhardt
2205fb2810 avformat/avio: Use ffurl_closep
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-11-29 19:58:35 +01:00
Paul B Mahol
8c2f81a17a avfilter/vf_hqdn3d: add support for commands 2019-11-29 17:28:59 +01:00
Paul B Mahol
3a61297a67 avfilter/vf_hqdn3d: add support for 12bit and 14bit yuv formats 2019-11-29 17:28:59 +01:00
Jun Zhao
2952d9c5dc lavc/mvha: Check init_get_bits8() for failure
fix potential null pointer dereference

Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
2019-11-29 10:10:52 +08:00
Jun Zhao
d965589022 lavf/vividas: check avformat_new_stream() return
check avformat_new_stream() return.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
2019-11-29 10:09:29 +08:00
Limin Wang
c1ed00fd18 avfilter/vf_yadif: rename config_props -> config_output, link -> outlink
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-11-29 00:03:28 +01:00
Andreas Rheinhardt
ff5c8e57e7 avformat/vividas: Avoid allocation of AVIOContext
Put an AVIOContext whose lifetime doesn't extend beyond the function where
it is allocated on the stack instead of allocating and freeing it. This
also avoids the need to free it, which in this case fixes possible
memleaks on error.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-11-29 00:03:28 +01:00
James Almer
16fa513392 avformat/avc: write the missing bits in the AVC Decoder Configuration Box
Signed-off-by: James Almer <jamrial@gmail.com>
2019-11-28 15:20:37 -03:00
Andreas Rheinhardt
4d97b2ad2f avformat/movenc: Avoid allocation for small dynamic buffers
By using avio_get_dyn_buf() + ffio_free_dyn_buf() instead of
avio_close_dyn_buf() + av_free() one can avoid an allocation + copy for
small dynamic buffers.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2019-11-28 15:20:37 -03:00
Andreas Rheinhardt
3a58ec7c77 avformat/matroskaenc: Avoid allocation for small dynamic buffers
By using avio_get_dyn_buf() + ffio_free_dyn_buf() instead of
avio_close_dyn_buf() + av_free() one can avoid an allocation + copy for
small dynamic buffers (i.e. small master elements).

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2019-11-28 15:20:37 -03:00
Andreas Rheinhardt
aad82270b6 avformat/id3v2enc: Avoid allocation for small tags
By using avio_get_dyn_buf() + ffio_free_dyn_buf() instead of
avio_close_dyn_buf() + av_free() one can avoid an allocation + copy for
small tags. Furthermore, it simplifies freeing.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2019-11-28 15:20:37 -03:00
Andreas Rheinhardt
c36a3df676 avformat/avc: Avoid allocation for small SPS/PPS arrays
By using avio_get_dyn_buf() + ffio_free_dyn_buf() instead of
avio_close_dyn_buf() + av_free() one can avoid an allocation + copy for
small extradata. Furthermore, it simplifies freeing.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2019-11-28 15:20:37 -03:00
Andreas Rheinhardt
a31f68fb44 avformat/av1: Avoid allocation for small headers
By using avio_get_dyn_buf() + ffio_free_dyn_buf() instead of
avio_close_dyn_buf() + av_free() one can avoid an allocation + copy for
small headers. Furthermore, it simplifies freeing.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2019-11-28 15:20:37 -03:00
Andreas Rheinhardt
67ce9e0463 avformat/apetag: Avoid allocation for small tags
By using avio_get_dyn_buf() + ffio_free_dyn_buf() instead of
avio_close_dyn_buf() + av_free() one can avoid an allocation + copy for
small tags. Furthermore, it simplifies freeing.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2019-11-28 15:20:36 -03:00