Fixes: runtime error: signed integer overflow: 2147421862 - -33624063 cannot be represented in type 'int'
Fixes: 12885/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5733516975800320
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Do not use the one in the SEI directly as that is reset at certain
points.
Inspired by patches from Michael Niedermayer <michaelni@gmx.at> and
Anton Mitrofanov <BugMaster@narod.ru>.
CC: libav-stable@libav.org
The value must be identical between slices, since mbaff depends on
picture_structure and sps, both of which are checked to be identical
to the first slice before this point.
In practice, this silences some tsan warnings in fate-h264.
Fixes: 864/clusterfuzz-testcase-4774385942528000
See: [FFmpeg-devel] [PATCH 1/2] avcodec/h264_direct: Fix runtime error: signed integer overflow: 2147483647 - -14133 cannot be represented in type 'int'
See: [FFmpeg-devel] [PATCH 2/2] avcodec/h264_direct: Fix runtime error: signed integer overflow: -9 - 2147483647 cannot be represented in type 'int'
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 755/clusterfuzz-testcase-5369072516595712
See: [FFmpeg-devel] [PATCH 1/2] avcodec/h264_direct: Fix runtime error: signed integer overflow: 2147483647 - -14133 cannot be represented in type 'int'
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Not from the underlying frame. Fixes races with frame threading in
field-coded files, where decoding would wait for the wrong field (e.g.
random failures in mixed-nal-coding).
Bug-Id: 954
* commit 'f638b67e5790735f34620bf82025c9b9d6fc7216':
h264: move the parameter set definitions to a new header file
Conflicts:
libavcodec/h264_parse.h
libavcodec/h264_ps.c
libavcodec/h264dec.h
Merged-by: James Almer <jamrial@gmail.com>
* commit '728d90a0c1973661a9e73da697bf4f90c9d19577':
h264: decouple h264_sei from the h264 decoder
Main changes:
- SEI decoding doesn't have access to the debug flag in the codec context so a
few logging are dropped.
- naming of quincunx_sampling_flag and frame_packing_arrangement_type are kept
as they are in FFmpeg instead of respectively quincunx_subsampling and
arrangement_type used in Libav because the former match the specifications.
- don't reset the x264 build info once read in order to fix
fate-h264-lossless (change by Hendrik)
- H264Context.has_recovery_point and deprecated
AVCodecContext.dtg_active_format are set after ff_h264_sei_decode()
based on the SEI state since ff_h264_sei_decode() doesn't have access
to H264Context anymore.
- frame_packing_arrangement_type is not checked against <= 0 in
decode_postinit() since it is always read as a positive value with
get_bits(). This fixes a -Wtype-limits warning by GCC spotted by
Michael.
Side Notes:
- tested that ffprobe on the file from ticket #3652 still returns 4
keyframes
- tested that playback from ticket #3063 still works
Merged-by: Clément Bœsch <clement@stupeflix.com>
Signed-off-by: Hendrik Leppkes <h.leppkes@gmail.com>
* commit '3176217c60ca7828712985092d9102d331ea4f3d':
h264: decouple h264_ps from the h264 decoder
Main changes:
- a local GetBitContext is created for the various
ff_h264_decode_seq_parameter_set() attempts
- just like the old code, remove_sps() is adjusted so it doesn't remove
the pps.
Fixes decode with Ticket #631http://ffmpeg.org/pipermail/ffmpeg-user/attachments/20111108/dae58f17/attachment.mp4
but see next point as well.
- ff_h264_update_thread_context() is updated to work even when SPS
isn't set as it breaks current skip_frame code. This makes sure we
can still decode the sample from ticket #631 without the need for
-flags2 +chunks. (Thanks to Michael)
- keep {sps,pps}_ref pointers that stay alive even when the active
pps/sps get removed from the available lists (patch by michaelni with
additionnal frees in ff_h264_free_context() from mateo)
- added a check on sps in avpriv_h264_has_num_reorder_frames() to fix
crashes with mpegts_with_dvbsubs.ts from Ticket #4074http://samples.ffmpeg.org/ffmpeg-bugs/trac/ticket4074/mpegts_with_dvbsubs.ts
- in h264_parser.c:h264_parse(), after the ff_h264_decode_extradata() is
called, the pps and sps from the local parser context are updated with
the pps and sps from the used h264context. This fixes fate-flv-demux.
- in h264_slice.c, "PPS changed between slices" error is not triggered
anymore in one condition as it makes fate-h264-xavc-4389 fails with
THREADS=N (Thanks to Michael)
Merged-by: Clément Bœsch <clement@stupeflix.com>
Merged-by: Michael Niedermayer <michael@niedermayer.cc>
Merged-by: Matthieu Bouron <matthieu.bouron@stupeflix.com>
Make the SPS/PPS parsing independent of the H264Context, to allow
decoupling the parser from the decoder. The change is modelled after the
one done earlier for HEVC.
Move the dequant buffers to the PPS to avoid complex checks whether they
changed and an expensive copy for frame threads.
* commit 'a12d3188cbec15e22070e139fa5cc541da07e2c3':
h264: use a smaller struct for the ref lists
Conflicts:
libavcodec/h264_direct.c
libavcodec/h264_mb.c
libavcodec/h264_picture.c
libavcodec/h264_refs.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '7747726667c86877feed30c9e18460cb8e63f551':
h264: move map_col_to_list0[_field] into the per-slice context
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'ee0d774dfa94655e44707ff3e02f4a4d282c1963':
h264: move dist_scale_factor[_field] into the per-slice context
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'be69f0a800903b7573b18d9287d18b2f368b8b11':
h264: move col_{parity,fieldoff} into the per-slice context
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '56febc993b928ccc039a32158ca60b234c311875':
h264: move the slice type variables into the per-slice context
Conflicts:
libavcodec/h264.c
libavcodec/h264_cabac.c
libavcodec/h264_cavlc.c
libavcodec/h264_slice.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '9abc80f1ed673141326341e26a05c3e1f78576d0':
libavcodec: Make use of av_clip functions
Conflicts:
libavcodec/takdec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'c39059bea3adebcd888571d1181db215eee54495':
h264: Fix direct temporal mvs for bottom-field-first poc order
Conflicts:
libavcodec/h264_direct.c
See: ebd1c505d2
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Such files can be created using the --bff x264 option.
Sample-Id: h264_direct_temporal_mvs_bff.mkv
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>