1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-12 19:18:44 +02:00
Commit Graph

112296 Commits

Author SHA1 Message Date
Michael Niedermayer
4565747056
avcodec/evc_ps: Check ref_pic_num and sps_max_dec_pic_buffering_minus1
Fixes: out of array write

Found-by: dongsookim@korea.ac.kr
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-09-15 17:13:54 +02:00
Jun Zhao
5c635b7d8c lavc/videotoolboxenc: Get the encoder supported properties
Get the encoder supported properties list, it will be used for
feature support checks.

Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
2023-09-15 21:08:21 +08:00
Jun Zhao
213cba9696 lavc/videotoolboxenc: Dump the encoder
Dump the encoder, it's will help debug some case

Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
2023-09-15 21:07:46 +08:00
Andreas Rheinhardt
27562bf022 avcodec/x86/mpegvideoenc_template: Disable dead code
Since bfb28b5ce8 the permutation
type FF_IDCT_PERM_SIMPLE is ARCH_X86_32-only. So use this
knowledge to disable code for it when not on ARCH_X86_32.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2023-09-15 13:08:55 +02:00
Andreas Rheinhardt
fa77cb258b avcodec/h264dec: Fix data race when updating decode_error_flags
When using multi-threaded decoding, every decoding thread
has its own DBP consisting of H264Pictures and each of these
points to its own AVFrames. They are synced during
update_thread_context via av_frame_ref() and therefore
the threads actually decoding (as well as all the others)
must not modify any field that is copied by av_frame_ref()
after ff_thread_finish_setup().

Yet this is exactly what happens when an error occurs
during decoding and the AVFrame's decode_error_flags are updated.
Given that these errors only become apparent during decoding,
this can't be set before ff_thread_finish_setup() without
defeating the point of frame-threading; in practice,
this meant that the decoder did not set these flags correctly
in case frame-threading was in use. (This means that e.g.
the ffmpeg cli tool fails to output its "corrupt decoded frame"
message in a nondeterministic fashion.)

This commit fixes this by adding a new H264Picture field
that is actually propagated across threads; the field
is an AVBufferRef* whose data is an atomic_int; it is
atomic in order to allow multiple threads to update it
concurrently and not to provide synchronization
between the threads setting the field and the thread
ultimately returning the AVFrame.

This unfortunately has the overhead of one allocation
per H264Picture (both the original one as well as
creating a reference to an existing one), even in case
of no errors. In order to mitigate this, an AVBufferPool
has been used and only if frame-threading is actually
in use. This expense will be removed as soon as
a proper API for refcounted objects (not based upon
AVBuffer) is in place.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2023-09-15 13:08:37 +02:00
Andreas Rheinhardt
d2bc039501 avcodec/error_resilience: Make applying decode_error_flags optional
Add a pointer parameter that if supplied will be used to return
the updated decode_error_flags. This will allow to fix several
races when using frame-threading; these resulted from AVFrame
that the earlier code updated concurrently being used as source
in an av_frame_ref() call in the decoder's update_thread_context.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2023-09-15 13:08:37 +02:00
Zhao Zhili
4f4dc0a1a2 avfilter/dnn_backend_openvino: fix wild pointer on error path
When ov_model_const_input_by_name/ov_model_const_output_by_name
failed, input_port/output_port can be wild pointer.

Signed-off-by: Zhao Zhili <zhilizhao@tencent.com>
2023-09-15 13:02:15 +08:00
Zhao Zhili
791b88fcb4 avfilter/dnn_backend_openvino: fix input_port/output_port leaks 2023-09-15 13:02:15 +08:00
Zhao Zhili
37123100d2 avfilter/dnn_backend_openvino: fix leak of ov_shape_t 2023-09-15 13:02:15 +08:00
Zhao Zhili
d2c5c3b7ef avfilter/dnn_backend_openvino: fix leak or ov_core_t on error path 2023-09-15 13:02:15 +08:00
Zhao Zhili
e0880ef8cb avfilter/dnn_backend_openvino: fix use uninitialized values
Error handling was broken since neither `ret` nor `task` has being
initialized on error path.
2023-09-15 13:02:15 +08:00
Zhao Zhili
7cb6329296 avfilter/dnn_backend_openvino: reduce indentation in free_model_ov
No functional changes except ensures model isn't null.

Signed-off-by: Zhao Zhili <zhilizhao@tencent.com>
2023-09-15 13:02:15 +08:00
Zhao Zhili
5369548f2e avfilter/dnn_backend_openvino: fix multiple memleaks
Signed-off-by: Zhao Zhili <zhilizhao@tencent.com>
2023-09-15 13:02:15 +08:00
Zhao Zhili
3e24a27765 avfilter/dnn_filter_common: fix memleak
Signed-off-by: Zhao Zhili <zhilizhao@tencent.com>
2023-09-15 13:02:15 +08:00
Andreas Rheinhardt
c1b6235d41 avcodec/vulkan_decode: Factor creating session params out, fix leak
All Vulkan HWAccels share the same boilerplate code for creating
session params and this includes a common bug: In case actually
creating the video session parameters fails, the buffer destined
to hold them leaks; in case of HEVC this is also true if
get_data_set_buf() fails.

This commit factors this code out and fixes the leak.

Reviewed-by: Lynne <dev@lynne.ee>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2023-09-15 02:38:22 +02:00
Andreas Rheinhardt
dfac782b13 avutil/hwcontext_vulkan: Cosmetics
The alignment in vulkan_unmap_from_drm() (formerly the clone
of vulkan_frame_free()) is nicer than the in vulkan_frame_free(),
let's preserve it.

Reviewed-by: Lynne <dev@lynne.ee>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2023-09-15 02:38:14 +02:00
Andreas Rheinhardt
677635cd04 avutil/hwcontext_vulkan: Deduplicate code
Reviewed-by: Lynne <dev@lynne.ee>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2023-09-15 02:38:05 +02:00
Andreas Rheinhardt
47b1c0d0db avutil/hwcontext_vulkan: Improve type-safety
The AVBuffer API uses uint8_t as base type for buffers
and therefore its free callbacks need to abide by this.
Therefore vulkan_frame_free() used an inappropriate signature
which caused casts whenever this function has been called
manually.

This commit changes this by making vulkan_frame_free()
use the proper type and a vulkan_frame_free_cb() that
is used as free callback for the AVBuffer API.

Reviewed-by: Lynne <dev@lynne.ee>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2023-09-15 02:37:56 +02:00
Andreas Rheinhardt
a6bd2ee759 avutil/hwcontext_vulkan: Remove redundant resetting
vulkan_free_internal() already resets the AVVkFrame.internal
pointer.

Reviewed-by: Lynne <dev@lynne.ee>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2023-09-15 02:37:36 +02:00
Michael Niedermayer
2b25a5168e
avcodec/bonk: Fix integer overflow in predictor_calc_error()
Fixes: signed integer overflow: -2147483300 - 12285 cannot be represented in type 'int'
Fixes: 59462/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-5714298807386112

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-09-14 22:00:17 +02:00
Michael Niedermayer
c012d1f2bb
avcodec/jpeg2000dec: jpeg2000 has its own lowres option
jpeg2000 overrides the global lowres variable with a lowres field called reduction_factor
ffmpeg -lowres X causes the reduction_factor to be set
ffplay -lowres X causes both lowres and the reduction_factor to be set
ossfuss sets only lowres

only the ffmpeg variant works. This patch tries to make the other 2 work.

Alternative we could just error out if things are inconsistent.
More complex restructuring should be limited to the master branch
to keep this reasonably easy to backport

Fixes: out of array access
Fixes: 59672/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-09-14 22:00:17 +02:00
Michael Niedermayer
90647a9249
avcodec/huffyuvdec: avoid undefined behavior with get_vlc2() failure
Fixes: left shift of negative value -1
Fixes: 59889/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HUFFYUV_fuzzer-5472742275940352

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-09-14 22:00:17 +02:00
Michael Niedermayer
ca09d8a0dc
avcodec/jpegxl_parser: Check for ctx->skip overflow
Fixes: out of array access
Fixes: 62113/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5025082076168192

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-09-14 22:00:17 +02:00
Michael Niedermayer
d2e8974699
avformat/jpegxl_anim_dec: Check that size fits within argument
Fixes: out of array access
Fixes: 61991/clusterfuzz-testcase-minimized-ffmpeg_dem_JPEGXL_ANIM_fuzzer-5524679648215040
Fixes: 62181/clusterfuzz-testcase-minimized-ffmpeg_dem_JPEGXL_ANIM_fuzzer-5504964305485824
Fixes: 62214/clusterfuzz-testcase-minimized-ffmpeg_dem_JPEGXL_ANIM_fuzzer-4782972823535616

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2023-09-14 22:00:17 +02:00
Paul B Mahol
00a837c70c avcodec/vmixdec: add support for custom first byte 2023-09-14 14:54:40 +02:00
Andreas Rheinhardt
038b992256 avcodec/libaribb24: Use FF_CODEC_CAP_INIT_CLEANUP
libaribb24_close() does the same as the fail path in
libaribb24_init().

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2023-09-14 12:32:02 +02:00
Andreas Rheinhardt
c1714a483f avcodec/libaribb24,ttmlenc, avutil/tx: Remove redundant init of AVBPrint
An AVBPrint is initialized via av_bprint_init() (or
av_bprint_init_for_buffer()) which expects uninitialized
AVBPrints; it is therefore not necessary to zero them before
the actual initialization.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2023-09-14 12:32:02 +02:00
Andreas Rheinhardt
830b5cc35e avformat: Inline raw_codec_id where known
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2023-09-14 12:32:02 +02:00
Andreas Rheinhardt
d0b03b4182 avfilter/avfilter: Don't report deprecated pkt_pos
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2023-09-14 12:32:01 +02:00
Anton Khirnov
ced62a0c01 fftools/ffmpeg: do not fail on AVERROR(EAGAIN) from choose_output()
This is not an error condition, but would be treated like one if the
program terminates on the next transcode loop iteration because of a
signal or keyboard input.

Fixes #10504
Tested-by: https://github.com/0Ky
2023-09-14 10:44:05 +02:00
Zhao Zhili
a8d9da4c8b avformat/mov: add interleaved_read option
For badly interleaved files, interleave packets from multiple tracks
at the demuxer level can trigger seeking back and forth, which can be
dramatically slow depending on the protocol. Demuxer level interleave
can be useless sometimes, e.g., reading mp4 via http and then
transcoding/remux to DASH. Disable this option when you don't need the
demuxer level interleave, and want to avoid the IO penalizes.

Co-authored-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: Zhao Zhili <zhilizhao@tencent.com>
2023-09-14 18:49:51 +08:00
Andreas Rheinhardt
6434e44003 avcodec/thread: Remove ff_thread_get_format define
Unnecessary since FF_API_THREAD_SAFE_CALLBACKS is no more.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2023-09-13 22:04:22 +02:00
Andreas Rheinhardt
0058f6013f avcodec/av1dec: Don't rely on AV_PIX_FMT_NONE == -1
Since fb548fba04,
this return -1 is in a function returning enum AVPixelFormat
whose caller checks for AV_PIX_FMT_NONE for failure.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2023-09-13 22:04:22 +02:00
Andreas Rheinhardt
c38693b4b0 avcodec/av1dec: Pass AVCodecContext* as logctx in get_sw_pixel_format()
It indicates to the reader that said function does not modify
any state.

Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2023-09-13 22:04:11 +02:00
Andreas Rheinhardt
654e4b00e2 avformat/wtvdec: Avoid unnecessary allocations
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2023-09-12 23:35:26 +02:00
Andreas Rheinhardt
ea0a41bcaf avformat/wtvdec: Use smaller upper bound for buffer
Every code point in the BMP is representable with at most three bytes
in UTF-8 and every code point not in the BMP takes four bytes.
For each of the latter, the encoding of UTF-16 takes as many
bytes; for each of the former, it takes at most 3/2 as many.
Therefore one can decrease the size of the buffer allocated
here.

Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2023-09-12 23:35:14 +02:00
Andreas Rheinhardt
78169f397d avformat/wtvdec: Fix signed integer overflow
Happens when length > INT_MAX / 2; use unsigned for the computation,
but restrict the value to INT_MAX, because avio_get_str16le()
accepts an int as buf_len argument. Notice that it can happen
that the string read by avio_get_str16le() is truncated in this case.

Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2023-09-12 23:35:01 +02:00
Andreas Rheinhardt
197f7e914b avformat/wtvdec: Skip too big tags
get_tag() is not designed with negative length in mind;
in this case, it will allocate a very small buffer
(LEN_PRETTY_GUID + 1) and might call avio_get_str16le()
with a negative maxlen (which relies on these parameters
to be signed).

Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2023-09-12 23:34:54 +02:00
Andreas Rheinhardt
c461ee39f9 avformat/wtvdec: Don't truncate GUIDs
Each of the 16 bytes of a GUID is written as a two-character
hex value and three hyphens, leading to a length of 35.
GCC 13 emits a -Wformat-truncation= warning because of this.

Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2023-09-12 23:34:40 +02:00
Andreas Rheinhardt
b67171893d avformat/avio: Don't use incompatible function pointer type for call
It is undefined behaviour even in cases where it works
(it works because it is only a const uint8_t* vs. uint8_t* difference).

Instead add a cbuf parameter to pass a const buffer (for writing)
as well as a parameter indicating whether we are reading or writing;
retry_transfer_wrapper() itself then uses the correct function
based upon this information.

Reviewed-by: Marton Balint <cus@passwd.hu>
Reviewed-by: Tomas Härdin <git@haerdin.se>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2023-09-12 23:22:49 +02:00
Paul B Mahol
a18ccbfaeb avformat/aiffdec: improve probe 2023-09-12 19:33:17 +02:00
yethie
aeff5bcba0 avfilter/vf_drawtext: fix text width measurement 2023-09-12 19:33:09 +02:00
Andreas Rheinhardt
da784b81a6 avfilter/vf_framepack: Use dedicated pointer for access
Improves readability.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2023-09-12 09:42:43 +02:00
Andreas Rheinhardt
423b6a7e49 avutil/imgutils: Add wrapper for av_image_copy() to avoid casts
av_image_copy() accepts const uint8_t* const * as source;
lots of user have uint8_t* const * and therefore either
cast (the majority) or copy the array of pointers.

This commit changes this by adding a static inline wrapper
for av_image_copy() that casts between the two types
so that we do not need to add casts everywhere else.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2023-09-12 09:42:27 +02:00
Andreas Rheinhardt
5094d1f429 avutil/fifo: Constify AVFifo pointees in peek functions
They do not modify the AVFifo state.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2023-09-12 09:20:49 +02:00
Andreas Rheinhardt
fa4bf5793a avutil/audio_fifo: Constify some pointees
Also constify AVAudioFifo* in the peek functions
besides constifying intermediate pointers (void**->void * const *).

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2023-09-12 09:20:13 +02:00
Andreas Rheinhardt
9bf31f6096 avutil/samplefmt: Constify some pointees
This is the samplefmt analog of the imgutils changes
from the preceding commit.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2023-09-12 09:17:28 +02:00
Andreas Rheinhardt
41285890e0 avutil/imgutils: Constify some pointees
This is done immediately without waiting for the next major bump
just as in 9546b3a1cb and
4eaaa38d3d.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2023-09-12 09:14:25 +02:00
Paul B Mahol
8cd2e0c075 avcodec/fraps: remove extra new lines and not needed cast 2023-09-11 22:04:28 +02:00
Paul B Mahol
8042f658f7 avformat/mpjpegdec: remove extra newlines 2023-09-11 22:04:27 +02:00