Currently the resource is only ever unregistered when the
registered_frames array is fully in use and an unmapped entry is re-used
and cleaned up.
I'm pretty sure the frame will have been cleaned up before that happens,
so I'm kinda surprised this never blew up.
Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
If some logic like vsync in ffmpeg.c duplicates frames, it might pass
the same frame twice, which will result in a crash due it being
effectively mapped and unmapped twice.
Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
I suspect that this can be limited tighter, but i failed to find anything
in the spec that would confirm that.
Fixes: 4833/clusterfuzz-testcase-minimized-5302840101699584
Fixes: runtime error: left shift of 134217730 by 4 places cannot be represented in type 'int'
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: runtime error: signed integer overflow: -65535 * 65312 cannot be represented in type 'int'
Fixes: 4900/clusterfuzz-testcase-minimized-5769019744321536
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
MediaSDK may fail to decode some frame, just skip it.
Otherwise, it will keep decoding the failure packet repeatedly
without processing any packet afterwards.
Signed-off-by: Ruiling Song <ruiling.song@intel.com>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Fixes: signed integer overflow: 1477974040 - -1877995504 cannot be represented in type 'int'
Fixes: 4861/clusterfuzz-testcase-minimized-4570316383715328
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes a warning on ppc:
libavcodec/svq3.c:1055:21: warning: passing argument 1 of ‘av_write_bswap32’ discards 'const' qualifier from pointer target type
During the initialization stage, the codec attempts to get free
buffers from the driver before any have been queued (this is to keep
the code simple and generic)
When the kernel driver detects this situation, it returns POLLERR in
revents and ffmpeg therefore raises a warning.
This commit disables the warning since no buffers were queued to the
driver yet.
Signed-off-by: Jorge Ramirez-Ortiz <jorge.ramirez-ortiz@linaro.org>
Qualcomm's db410c/db820 Venus driver currently present in mainline
kernel has a bug which mishandles the CMD_STOP requests causing the
decoder to block while draining [1].
This patch removes the workaround that was used to prevent that
situation.
Encoding/Decoding tested on db820c.
[1] on CMD_STOP, the driver is flushing all buffers and never raising
IPIPE which ends up in blocking on poll.
Refcount all of the context information. This also fixes a potential
segmentation fault when accessing freed memory (buffer returned after
the codec has been closed).
Tested-by: Jorge Ramirez-Ortiz <jorge.ramirez.ortiz@gmail.com>
Fixes: runtime error: signed integer overflow: -1094995529 * 2 cannot be represented in type 'int'
Fixes: 4828/clusterfuzz-testcase-minimized-5100849937252352
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* commit 'cbe28bc069dde1d53d937ee10700bb123279c7c8':
qsv: better to use alignment by 16 and HEVC 10b requires alignment by 32
Merged-by: Mark Thompson <sw@jkqxz.net>
* commit '34c113335b53d83ed343de49741f0823aa1f8cc6':
Add support for H.264 and HEVC hardware encoding for AMD GPUs based on AMF SDK
Most of this was already present from 9ea6607d294526688ab1b1342cb36ee159683e88,
this just applies some minor fixups and adds the general documentation.
Merged-by: Mark Thompson <sw@jkqxz.net>
add missing struct MpegEncContext, use make checkheaders
found this warning.
Signed-off-by: Jun Zhao <jun.zhao@intel.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: runtime error: signed integer overflow: 2146276249 + 1487583 cannot be represented in type 'int'
Fixes: 4823/clusterfuzz-testcase-minimized-4551896611160064
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: runtime error: signed integer overflow: 2147483520 + 128 cannot be represented in type 'int'
Fixes: 4800/clusterfuzz-testcase-minimized-6110372403609600
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Functionally identical to the old code, with less lines wasted.
Partially fixes the complete disregard for the 80 col/line guide.
Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>
The encoder didn't clean up if a malloc failed during init.
It also doesn't need any external tables to be initialized on init.
Finally, it didn't need to check for whether avctx->priv_data exists during
uninit.
Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>
The twoloop coder sounds decent at low bitrates, however at higher bitrates
it sounds worse than the fast coder (which used to be the old twoloop coder
before October 2015) and needs quite a lot more CPU.
Change the default to fast. It has been well tested and has had little changes
over the years so its been confirmed to be quite stable.
Also change its description (not valid for more than a year) and the
documentation.
Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>
Resulting bitstream was tested with a conformance checker
using the last draft of FFV1 specifications.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Also the files are already in the wild, and decoder support is
thus needed. And with decoders widely supporting it, there is no
advantage in not allowing it in the encoder.
The exact bitstream format may change in future versions of the
spec, if improvments are found.
AVX-512 support has been introduced, and even if no functions currently
use zmm registers (able to load as much as 64 bytes of consecutive data
per instruction), they will be added eventually.
Reviewed-by: Rostislav Pehlivanov <atomnuker@gmail.com>
Tested-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
Fixes: signed integer overflow: 512 + 2147483491 cannot be represented in type 'int'
Fixes: 4780/clusterfuzz-testcase-minimized-4709066174627840
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 4830/clusterfuzz-testcase-minimized-5255392054476800
Fixes: signed integer overflow: 2147483646 - -7 cannot be represented in type 'int'
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 2 + 2147483646 cannot be represented in type 'int'
Fixes: 4792/clusterfuzz-testcase-minimized-6322450775146496
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 46802 * -71230 cannot be represented in type 'int'
Fixes: 4756/clusterfuzz-testcase-minimized-4812495563784192
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: null pointer dereference
Fixes: 4698/clusterfuzz-testcase-minimized-5096956322906112
This testcase does not reproduce the issue before 03b82b3ab9883cef017e513c7d0b3b986b3b3e7b
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
