1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-19 05:49:09 +02:00

99156 Commits

Author SHA1 Message Date
Andreas Rheinhardt
5ff2ff6bd9 avcodec/truemotion2: Avoid duplicating array, fix memleak
TrueMotion 2.0 uses Huffmann trees. To parse them, the decoder allocates
arrays for the codes, their lengths and their value; afterwards a VLC
table is initialized using these values. If everything up to this point
succeeds, a new buffer of the same size as the already allocated arrays
for the values is allocated and upon success the values are copied into
the new array; all the old arrays are then freed. Yet if allocating the
new array fails, the old arrays get freed, but the VLC table doesn't.

This leak is fixed by not allocating a new array at all; instead the old
array is simply reused, ensuring that nothing can fail after the
creation of the VLC table.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-08-29 18:49:51 +02:00
Harry Mallon
abd58a4192 libavformat/mxfenc: color_range should be inclusive
MXF CDCI color range was being set to (1<<sc->component_depth) - 1
for full range but it should be (1<<sc->component_depth) as 0 is
a valid value.

Signed-off-by: Harry Mallon <harry.mallon@codex.online>
2020-08-29 11:02:35 +02:00
Harry Mallon
719eb8a2e4 avformat/mxfdec: Read video range from CDCIEssenceDescriptor
* Capture black_ref, white_ref and color_range and recognise
  full and narrow range.

Signed-off-by: Harry Mallon <harry.mallon@codex.online>
2020-08-29 11:02:35 +02:00
James Almer
1a35fffaf2 x86/cfhddsp: zero extend int arguments
if taken from stack, they may have garbage in the upper bits otherwise.
Also, there are only 8 arguments, so don't attempt to load 11.

Fixes SIGSEV crashes in some targets.

Reviewed-by: durandal_1707
Signed-off-by: James Almer <jamrial@gmail.com>
2020-08-28 20:09:25 -03:00
Dale Curtis
2ff3c466ec avformat/mov: See if mfra makes up the difference for an incomplete sidx.
A few popular sites have started generating MP4 files which have a
sidx plus an mfra. The sidx accounts for all size except the mfra,
so the old code did not mark the fragment index as complete.

Instead we can just check if there's an mfra and if its size makes
up the difference we can mark the index as complete.

Bug: https://crbug.com/1107130
Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2020-08-28 15:58:47 +01:00
Paul B Mahol
ccc7120ee7 avcodec/flacdec: use designated initializers for AVClass 2020-08-28 01:16:55 +02:00
Andreas Rheinhardt
5c923ce668 avcodec/cfhd: Remove unused-but-set variable
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-08-28 00:43:28 +02:00
Paul B Mahol
f7deae7215 avfilter/af_arnndn: use memcpy for copying in compute_rnn() 2020-08-27 20:39:33 +02:00
Paul B Mahol
ace1cc6163 avfilter/af_arnndn: use scalarproduct_float() in dct function 2020-08-27 20:39:33 +02:00
Paul B Mahol
0d46043619 avfilter/af_compensationdelay: always initialize w_ptr with 0
It will be changed later anyway, and in case inlink have 0 channels
(should never happen) it will not pick some random value.
2020-08-27 18:10:24 +02:00
Paul B Mahol
1419bf0551 avfilter/vf_xfade: do not use alpha for average rgb color 2020-08-27 14:45:21 +02:00
Paul B Mahol
9ebde67f0b avfilter/vf_xfade: add corner wipe transforms 2020-08-27 14:45:21 +02:00
Limin Wang
71ec3e4583 Revert "avfilter/yadif: simplify the code for better readability"
This reverts commit 2a9b934675b9e2d3850b46f8a618c19b03f02551.
2020-08-27 07:30:30 +08:00
Andreas Rheinhardt
ca8e5dedc7 avfilter/af_headphone: Fix leak of channel layouts list on error
In case the multichannel HRIR mode was enabled, an error could happen
between allocating a channel layouts list and attaching it to its target
destination. If an error happened, the list would leak. This is fixed by
attaching the list to its target directly after its allocation.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-08-26 23:52:57 +02:00
Andreas Rheinhardt
0960da42f5 avfilter/af_headphone: Fix segfault upon allocation failure
The headphone filter uses a variable number of inpads and allocates them
in its init function; if all goes well, the number of inpads coincides
with a number stored in the filter's private context. Yet if allocating a
subsequent inpad fails, the uninit function nevertheless uses the number
stored in the private context to determine the number of inpads to free
and not the AVFilterContext's nb_inputs. This will lead to an access
beyond the end of the allocated AVFilterContext.input_pads array and
an invalid free.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-08-26 23:52:56 +02:00
Andreas Rheinhardt
e07541930a avfilter/vf_signature: Avoid cast from function pointer to void*
The signature filter uses qsort, but its compare function doesn't have
the signature required of such a function; therefore it casts the
function pointer to void. Yet this is wrong:
C90 only guarantees that one can convert a pointer to any incomplete
type or object type to void* and back with the result comparing equal
to the original which makes pointers to void generic pointers to
incomplete or object type. Yet C90 lacks a generic function pointer
type.
C99 additionally guarantees that a pointer to a function of one type may
be converted to a pointer to a function of another type with the result
and the original comparing equal when converting back.
This makes any function pointer type a generic function pointer type.
Yet even this does not make pointers to void generic function pointers.

Both GCC and Clang emit warnings for this when in pedantic mode.

This commit fixes this by modifying the compare function to comply with
the expected signature.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-08-26 23:52:56 +02:00
Andreas Rheinhardt
16ea88778e avfilter/vf_signature: Fix leak of string upon error
If an error happens between allocating a string intended to be used as
an inpad's name and attaching it to its input pad, the string leaks.
Fix this by inserting the inpad directly after allocating its string.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-08-26 23:52:56 +02:00
Andreas Rheinhardt
37838417b8 avfilter/vf_signature: Fix leak of inpads' names
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-08-26 23:52:56 +02:00
Andreas Rheinhardt
4c5d6e87ac avfilter/af_afir: Avoid allocating AVFilterPad names
If the names are always the same, they need not be duplicated; doing so
saves allocations, checks for the allocations as well as frees.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-08-26 23:52:56 +02:00
Andreas Rheinhardt
97b1a2c564 avfilter/af_aiir: Fix segfault and leak upon allocation failure
The aiir filter adds output pads in its init function. Each of these
output pads had a name which was allocated and to be freed in the uninit
function. Given that the aiir filter has between one and two outputs,
one output pad's name was freed unconditionally and a second was freed
conditionally.

Yet if adding output pads fails, there are no output pads at all and
trying to free a nonexistent pad's name will lead to a segfault.

Furthermore, if the name could be successfully allocated, yet adding the
new pad fails, the name would leak.

This commit fixes this by not allocating the pads' names at all any
more: They are constant anyway. This allows to remove the code to free
them and hence fixes the aforementioned bugs.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-08-26 23:52:56 +02:00
Andreas Rheinhardt
281b8187e3 avfilter/avf_aphasemeter: Don't allocate outpad names
These names are always the same, so not using duplicates saves
allocations, checks for the allocations as well as frees.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-08-26 23:52:56 +02:00
Andreas Rheinhardt
3ac3f39314 avfilter/vf_bm3d: Don't allocate inpad names
These names are always the same, so not using duplicates saves
allocations, checks for the allocations as well as frees.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-08-26 23:52:56 +02:00
Andreas Rheinhardt
9b34600bd2 avfilter/f_ebur128: Don't allocate outpad names
These names are mostly the same, so not using duplicates saves
allocations, checks for the allocations as well as frees.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-08-26 23:52:56 +02:00
Andreas Rheinhardt
925d2f4f5b avfilter/vf_decimate: Don't allocate inpad names
These names are always the same, so not using duplicates saves
allocations, checks for the allocations as well as frees.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-08-26 23:52:56 +02:00
Andreas Rheinhardt
2d349631b1 avfilter/vf_fieldmatch: Don't allocate inpad names
These names are always the same, so not using duplicates saves
allocations, checks for the allocations as well as frees.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-08-26 23:52:56 +02:00
Andreas Rheinhardt
7e736cd38a avfilter/vf_premultiply: Fix leak of names of inpads
These names leak because freeing them in the uninit function has been
forgotten. Instead of adding the freeing code, this commit stops
allocating these names. They are constants anyway.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-08-26 23:52:56 +02:00
Andreas Rheinhardt
080d2c67f5 avfilter/af_anequalizer: Don't allocate outpad names
These names are always the same, so not using duplicates saves
allocations, checks for the allocations as well as frees.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-08-26 23:52:56 +02:00
Andreas Rheinhardt
fdbd579fd1 avfilter/af_anequalizer: Fix memleak when inserting pad fails
It has been forgotten to free the name of the second outpad if attaching
the first one to the AVFilterContext fails. Fixing this is easy: Only
prepare the second outpad after (and if) the first outpad has been
successfully attached to the AVFilterContext.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-08-26 23:52:56 +02:00
Paul B Mahol
4aac742505 avcodec/x86/cfhddsp: try to fix build on x32 2020-08-26 23:39:58 +02:00
Paul B Mahol
e13eb58941 avfilter/vf_xfade: add fadegrays transition 2020-08-26 23:25:10 +02:00
Paul B Mahol
389cc142fb avcodec/cfhd: add x86 SIMD
Overall speed changes for 1920x1080, yuv422p10le, 60fps from: 0.19x to 0.343x
2020-08-26 21:13:38 +02:00
Michael Niedermayer
b9ea493afe avcodec/tiff: Check jpeg context against jpeg frame parameters
Fixes: out of array access
Fixes: 24825/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-6326925027704832

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-08-26 20:31:09 +02:00
Michael Niedermayer
ad29f9e47c avcodec/tiff: Restrict tag order based on specification
"The entries in an IFD must be sorted in ascending order by Tag. Note that this is
 not the order in which the fields are described in this document."

This way various dimensions, sample and bit sizes cannot be changed at
arbitrary times which reduces the potential for bugs.
The tag reading code also on various places assumes that numerically previous
tags have already been parsed, so this needs to be enforced one way or another.

If this commit causes problems with real world files which are not easy to fix
then some other form of checks are needed to ensure the various dependencies
in the tag reading are not violated.

Fixes: out of array access
Fixes: 24825/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-6326925027704832

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-08-26 20:31:09 +02:00
Michael Niedermayer
ca47402a06 avcodec/tiff: Avoid abort with DNG RAW TIFF with YA8
Fixes: Assertion failure
Fixes: 24707/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5179910197608448

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-08-26 20:31:09 +02:00
Michael Niedermayer
7577f8332a avcodec/tiff: Check the linearization table size
Fixes: out of array access
Fixes: 24604/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4843529818603520

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-08-26 20:31:09 +02:00
Derek Buitenhuis
649a6969f7 avcodec/libdav1d: Call ff_set_sar in addition to setting the frame SAR
Similar to what we do in libaomdec.c.

Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2020-08-26 16:44:03 +01:00
Limin Wang
2a9b934675 avfilter/yadif: simplify the code for better readability
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-08-26 14:21:11 +08:00
Limin Wang
9bb4707b1f avformat/mpegtsenc: reindent the code
Reviewed-by: Marton Balint <cus@passwd.hu>
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-08-26 14:20:10 +08:00
Limin Wang
4aa6eda76e avformat/mpegtsenc: add registration descriptor for AC-3 and EAC3
Some DVB and ATSC captures are using the official MPEG2 registration
descriptor in addition to using the correct stream type and the
AC-3_audio_stream_descriptor/AC3_descriptor. So let's add it even if it is not
strictly needed for DVB/ATSC.

Reviewed-by: Marton Balint <cus@passwd.hu>
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-08-26 14:20:10 +08:00
Andreas Rheinhardt
8f2c1f2cbe avfilter/af_amerge: Fix segfault upon allocation failure
The amerge filter uses a variable number of inpads and allocates them
in its init function; if all goes well, the number of inpads coincides
with a number stored in the filter's private context. Yet if allocating a
subsequent inpad fails, the uninit function nevertheless uses the number
stored in the private context to determine the number of inpads to free
and not the AVFilterContext's nb_inputs. This will lead to an access
beyond the end of the allocated AVFilterContext.input_pads array and
an invalid free.

Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-08-26 00:20:50 +02:00
Andreas Rheinhardt
ae5369128a avfilter/avfilter: Fix indentation
Forgotten after fdd93eabfb2644f541f7aac9943abce26776ea73.

Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-08-26 00:15:14 +02:00
James Almer
98f7e0081b avcodec/cbs_av1: fix setting FrameWidth in frame_size_with_refs()
Section 5.9.7 of the spec states

    UpscaledWidth = RefUpscaledWidth[ ref_frame_idx[ i ] ]
    FrameWidth    = UpscaledWidth
    FrameHeight   = RefFrameHeight[ ref_frame_idx[ i ] ]
    RenderWidth   = RefRenderWidth[ ref_frame_idx[ i ] ]
    RenderHeight  = RefRenderHeight[ ref_frame_idx[ i ] ]

Meaning FrameWidth must not be set to RefFrameWidth[ ref_frame_idx[ i ] ]
like we're currently doing.

Reviewed-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
2020-08-25 18:46:06 -03:00
James Almer
0892b04509 avcodec/av1_parser: fix parsing show_existing_frame headers
Regression since c8716b5029

Signed-off-by: James Almer <jamrial@gmail.com>
2020-08-25 15:01:43 -03:00
James Almer
97819f15a8 avcodec/cbs_av1: use a more appropiate AV1ReferenceFrameState pointer variable name
frame is more commonly used for AV1RawFrameHeader and AV1RawFrame.

Signed-off-by: James Almer <jamrial@gmail.com>
2020-08-25 14:53:42 -03:00
James Almer
e76b4b2a6b avcodec/cbs_av1: fix handling reference frames on show_existing_frame frames
Implement Section 7.21 "Reference frame loading process" and Section 7.20
"Reference frame update process" for show_existing_frame frames, as required by
the definition in Section 7.4 "Decode frame wrapup process".

Signed-off-by: James Almer <jamrial@gmail.com>
2020-08-25 14:49:33 -03:00
James Almer
afbe9ebac7 avcodec/cbs_av1: infer frame_type in show_existing_frame frames earlier
This follows the spec and will come in handy in the next commit.

Signed-off-by: James Almer <jamrial@gmail.com>
2020-08-25 14:49:33 -03:00
James Almer
e3ed0ce32a avcodec/cbs_av1: add OrderHint to CodedBitstreamAV1Context
This follows the spec and will come in handy in a following commit.

Signed-off-by: James Almer <jamrial@gmail.com>
2020-08-25 14:49:33 -03:00
Carl Eugen Hoyos
09e260f69a lavf/rtpdec_jpeg: Fix JFIF version.
See also b1931321
2020-08-25 19:29:34 +02:00
Carl Eugen Hoyos
68f637b6f9 doc/examples: Always open files as "binary", not "text".
Fixes ticket #8638.
2020-08-25 18:54:50 +02:00
Ting Fu
c8ba0daf8d dnn/native: add log error message
Signed-off-by: Ting Fu <ting.fu@intel.com>
2020-08-25 13:03:46 +08:00