instead of get_ue_golomb(). The difference between the two is that the
latter also has to take into account the case in which the read code is
more than 9 bits (four preceding zeroes + at most five value bits) long,
leading to more code.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Fix#6591
The content has no rbsp_stop_one_bit for ending the SPS, that
causes the decoding SPS failure, results decoding frame failure as well.
The patch is just adding a retry with complete NALU, copied from the retry in decode_nal_unit()
Signed-off-by: James Almer <jamrial@gmail.com>
Fixes: signed integer overflow: -2142516591 + -267814575 cannot be represented in type 'int'
Fixes: 14450/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5716105319940096
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This is robust for some corner case there is incorrect list1 count
in pps header, but it's a P slice and can be decoded well.
Signed-off-by: Decai Lin <decai.lin@intel.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This is in preparation for a patch for cbs_h2645. Now the packet's
rbsp_buffer can be owned by an AVBuffer.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@googlemail.com>
Fixes: 6037/clusterfuzz-testcase-minimized-5030249784934400
Fixes: signed integer overflow: 256 * 16992036 cannot be represented in type 'int'
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
When parsing a monochrome file, chroma_log2_weight_denom was used without
being initialized, which could lead to a bogus error message being printed, e.g.
[h264 @ 0x61a000026480] chroma_log2_weight_denom 24576 is out of range
It also could led to warnings using AddressSanitizer.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: runtime error: index 49 out of bounds for type 'int [48][2][2]'
Fixes: 2159/clusterfuzz-testcase-minimized-5267945972301824
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The parser changes have lost the support for the needed padding, this adds it back
Fixes out of array reads
Fixes: 03ea21d271abc8acf428d42ace51d8b4/asan_heap-oob_3358eef_5692_16f0cc01ab5225e9ce591659e5c20e35.mkv
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* commit 'f638b67e5790735f34620bf82025c9b9d6fc7216':
h264: move the parameter set definitions to a new header file
Conflicts:
libavcodec/h264_parse.h
libavcodec/h264_ps.c
libavcodec/h264dec.h
Merged-by: James Almer <jamrial@gmail.com>
Move the NAL unit types into it. This will allow to stop including the
whole decoder-specific h264dec.h in some code that is unrelated to the
decoder and only needs some enum values.
* commit '98c97994c5b90bdae02accb155eeceeb5224b8ef':
h264: decouple extradata parsing from the decoder
Main changes:
- move get_avc_nalsize() inside h264_parser.c and make it use
H264ParseContext instead of H264Context. This helps fixing
fate-flv-demux.
- Also use is_avc/nal_length_size from the H264ParseContext in various
places instead of the H264Context one as that's the fields now filled
by ff_h264_decode_extradata()
- h264_parse: dont fail decode_extradata_ps() due to nal split failure.
Change by Michael to fix decoding of h264/ref_10.avi.
Merged-by: Clément Bœsch <u@pkh.me>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Currently it's done in the code that initialises the ref list for
MBAFF, which is not a logical place for it. Move it to the function that
parses the pred table from the bitstream, which is analogous to what is
done for the implicit weight table as well.
* commit 'c8dcff0cdb17d0aa03ac729eba12d1a20f1f59c8':
h264: factor out calculating the POC count into a separate file
Merged-by: Clément Bœsch <u@pkh.me>
* commit '71d3305c2711d4f6ec8b92db09ff64cf4e19a58e':
h264_parse: make sure the ref count is zeroed on all failure paths
Merged-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
* commit 'a6e27f7add2698fdd89911632b570c3d0c3f2aaa':
h264: factor out parsing the reference count into a separate file
Merged-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
* commit 'e481458bc308ee838deaeacac51929514762e7a7':
h264: factor out pred weight table parsing into a separate file
Merged-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
