1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-11-26 19:01:44 +02:00
Commit Graph

98726 Commits

Author SHA1 Message Date
Andreas Rheinhardt
cfc6552032 avfilter/formats: Avoid allocations when merging channel layouts
When one merges two AVFilterChannelLayouts structs, there is no need to
allocate a new one. Instead one can reuse one of the two given ones.
If one does this, one also doesn't need to update the references of the
AVFilterChannelLayouts that is reused. Therefore this commit reuses the
structure with the higher refcount.

Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-08-13 16:28:49 +02:00
Andreas Rheinhardt
4147f63d63 avfilter/formats: Fix heap-buffer overflow when merging channel layouts
The channel layouts accepted by ff_merge_channel_layouts() are of two
types: Ordinary channel layouts and generic channel layouts. These are
layouts that match all layouts with a certain number of channels.
Therefore parsing these channel layouts is not done in one go; instead
first the intersection of the ordinary layouts of the first input
list of channel layouts with the ordinary layouts of the second list is
determined, then the intersection of the ordinary layouts of the first
one and the generic layouts of the second one etc. In order to mark the
ordinary channel layouts that have already been matched as used they are
zeroed. The inner loop that does this is as follows:

for (j = 0; j < b->nb_channel_layouts; j++) {
    if (a->channel_layouts[i] == b->channel_layouts[j]) {
        ret->channel_layouts[ret_nb++] = a->channel_layouts[i];
        a->channel_layouts[i] = b->channel_layouts[j] = 0;
    }
}

(Here ret->channel_layouts is the array containing the intersection of
the two input arrays.)

Yet the problem with this code is that after a match has been found, the
loop continues the search with the new value a->channel_layouts[i].
The intention of zeroing these elements was to make sure that elements
already paired at this stage are ignored later. And while they are indeed
ignored when pairing ordinary and generic channel layouts later, it has
the exact opposite effect when pairing ordinary channel layouts.

To see this consider the channel layouts A B C D E and E D C B A. In the
first round, A and A will be paired and added to ret->channel_layouts.
In the second round, the input arrays are 0 B C D E and E D C B 0.
At first B and B will be matched and zeroed, but after doing so matching
continues, but this time it will search for 0, which will match with the
last entry of the second array. ret->channel_layouts now contains A B 0.
In the third round, C 0 0 will be added to ret->channel_layouts etc.
This gives a quadratic amount of elements, yet the amount of elements
allocated for said array is only the sum of the sizes of a and b.

This issue can e.g. be reproduced by
ffmpeg -f lavfi -i anullsrc=cl=7.1 \
-af 'aformat=cl=mono|stereo|2.1|3.0|4.0,aformat=cl=4.0|3.0|2.1|stereo|mono' \
-f null -

The fix is easy: break out of the inner loop after having found a match.

Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-08-13 16:28:26 +02:00
Mark Thompson
bb59bdbcd1 cbs: Mention all codecs in unit type comment 2020-08-12 22:02:03 +01:00
Andreas Rheinhardt
c4c10feaa8 Revert "lavfi/avfiltergraph: add check before free the format"
This reverts commit f156f4ab23.

The checks added by said commit are nonsense because they did not help
in case ff_merge_samplerates() or ff_merge_formats() returned NULL
while freeing one of its arguments: Said freeing does not change
the local variables of can_merge_formats().

Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-08-12 21:27:52 +02:00
Andreas Rheinhardt
9d1bf9cffe avfilter/formats: Simplify cleanup for ff_merge_* functions
Now that the output's refs-array is only allocated once, it is NULL in
any error case and therefore needn't be freed at all; Instead an
av_assert1() has been added to guarantee it to be NULL.

Furthermore, it is unnecessary to av_freep(&ptr) when ptr == NULL.

Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-08-12 21:26:45 +02:00
Andreas Rheinhardt
195a25a7ab avfilter/formats: Leave lists' ownership unchanged upon merge failure
ff_merge_formats(), ff_merge_samplerates() and ff_merge_channel_layouts()
share common semantics: If merging succeeds, a non-NULL pointer is
returned and both input lists (of type AVFilterFormats resp.
AVFilterChannelLayouts) are to be treated as if they had been freed;
the owners of the input parameters (if any) become owners of the
returned list. If merging does not succeed, NULL is returned and both
input lists are supposed to be unchanged.

The problem is that the functions did not abide by these semantics:
In case of reallocation failure, it is possible for these functions
to return NULL after having already freed one of the two input list.
This happens because sometimes the refs-array of the destined output
gets reallocated twice to its final size and if the second of these
reallocations fails, the first of the two inputs has already been freed
and its refs updated to point to the destined output which in this case
will be freed immediately so that all of the already updated pointers
are now dangling. This leads to use-after-frees and memory corruptions
lateron (when these owners get cleaned up, the lists they own get
unreferenced). Should the input lists don't have owners at all, the
caller (namely can_merge_formats() in avfiltergraph.c) thinks that both
the input lists are unchanged and need to be freed, leading to a double
free.

The solution to this is simple: Don't reallocate twice; do it just once.
This also saves a reallocation.

This commit fixes the issue behind Coverity issue #1452636. It might
also make Coverity realize that the issue has been fixed.

Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-08-12 21:22:53 +02:00
Andreas Rheinhardt
ae5026c905 avfilter/formats: Schedule avfilter_make_format64_list() for removal
Despite its name, this function is not part of the public API, as
formats.h, the header containing its declaration, is a private header.
The formats API was once public API, but that changed long ago
(b74a1da49d, the commit scheduling it to
become private, is from 2012). That avfilter_make_format64_list() was
forgotten is probably a result of the confusion resulting from the
libav-ffmpeg split.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-08-12 21:10:59 +02:00
Andreas Rheinhardt
2e0cf4de01 avfilter/avf_showcqt: Mark arrays as static const
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-08-12 21:08:16 +02:00
Andreas Rheinhardt
efbe58ceb6 avfilter/formats: Remove ff_make_formatu64_list()
It is unused since 8cbb055760 and it
actually coincides with avfilter_make_format64_list().

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-08-12 20:47:59 +02:00
Alexander Strasser
b40dd2fdab lavc/snowenc: Expose an option to set the rc_eq expression
Snow uses the ratecontrol module, but does not expose a way to set
the rc_eq expression. The default expression, set in the ratecontrol
module, will always be used.

Make it possible to set rc_eq by adding an AVOption to snowenc.

The option definition is mostly a copy from the mpegvideo common
options definition of rc_eq (libavcodec/mpegvideo.h), with some
minor style adjustments to be closer to the other snowenc option
initializer expressions.

Signed-off-by: Alexander Strasser <eclipse7@gmx.net>
2020-08-12 17:35:38 +02:00
Alexander Strasser
ecd71916d1 lavc/aac_ac3_parser: fix potential overflow when averaging bitrate
The new code is analog to how it's done in our mpegaudio parser.

Acked-by: Jun Zhao <barryjzhao@tencent.com>
Signed-off-by: Alexander Strasser <eclipse7@gmx.net>
2020-08-12 17:35:38 +02:00
Nicolas George
1201687da2 lavf/url: rewrite ff_make_absolute_url() using ff_url_decompose().
Also add and update some tests.

Change the semantic a little, because for filesytem paths
symlinks complicate things.
See the comments in the code for detail.

Fix trac tickets #8813 and 8814.
2020-08-12 16:45:21 +02:00
Nicolas George
d853293679 lavf/url: add ff_url_decompose(). 2020-08-12 16:33:09 +02:00
Harry Mallon
64ff61b3c5 avformat/mxfenc: Write color metadata to MXF
Writes color_primaries, color_trc and color_space to mxf
headers. ULs are from https://registry.smpte-ra.org/ site.

Signed-off-by: Harry Mallon <harry.mallon@codex.online>
2020-08-12 15:50:41 +02:00
Paul B Mahol
f95dac666c avcodec/sheervideo: reduce size of vlc tables to normal values 2020-08-12 10:17:01 +02:00
Guo, Yejun
0a51abe8ab dnn: add backend options when load the model
different backend might need different options for a better performance,
so, add the parameter into dnn interface, as a preparation.

Signed-off-by: Guo, Yejun <yejun.guo@intel.com>
2020-08-12 15:43:40 +08:00
Mingyu Yin
4ed6bca4ae dnn_backend_native_layer_mathunary: add round support
Signed-off-by: Mingyu Yin <mingyu.yin@intel.com>
Reviewed-by: Guo, Yejun <yejun.guo@intel.com>
2020-08-12 10:30:46 +08:00
Limin Wang
ed39d28ce7 avcodec/libsvtav1: fix copy and paste error
Reviewed-by: Mark Thompson <sw@jkqxz.net>
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-08-12 08:12:59 +08:00
Andreas Rheinhardt
7ad4928580 avformat/ty: Remove write-only array and variable
Up until now, the TiVo demuxer parse an array of SEQ entries, yet it has
never ever made any use of them. In fact, parse_master, the function
parsing said table, only influenced the outside world in three ways: Via
an excessive amount of error message in case a certain parameter is not
what it expected; via an allocation (the aforementioned write-only
array); and by setting a certain parameter (ty->cur_chunk_pos), but that
parameter is always overwritten before it is used (it is overwritten
in get_chunk() on success and if get_chunk() fails, the error is
returned to the caller anyway). So remove the array and the function
used to parse it.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-08-11 16:44:11 +02:00
Michael Niedermayer
4b7189848f tools/target_dec_fuzzer: Adjust threshold for AGM
Fixes: Timeout (142sec -> 2sec)
Fixes: 24426/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AGM_fuzzer-5639724379930624

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-08-11 14:21:56 +02:00
Michael Niedermayer
6d7e522103 avcodec/agm: Mark fill_pixels() as av_always_inline
Speedup from 275sec to 142sec
Testcase: 24426/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AGM_fuzzer-5639724379930624

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-08-11 14:21:56 +02:00
Paul B Mahol
7a940a2112 doc/general: mark that CFHD have encoder now 2020-08-11 12:34:41 +02:00
Paul B Mahol
f7c0ad2bae doc/general: mention AGM codecs 2020-08-11 12:34:41 +02:00
Paul B Mahol
4dbb75c437 avfilter/vf_xfade: check that fps between inputs are valid 2020-08-11 10:57:04 +02:00
Paul B Mahol
3f58dbca72 avcodec/cfhdenc: mark filter as always inline 2020-08-11 10:01:05 +02:00
Paul B Mahol
ba0825626a avcodec/cfhdenc: optimize writting of small runcodes 2020-08-11 10:01:05 +02:00
Paul B Mahol
16b79f3d3a avcodec/cfhdenc: improve quality vs size ratio 2020-08-11 10:01:04 +02:00
Zane van Iperen
d2f42b9be1
avformat/argo_asf: strip file extension from name
Only when the user hasn't manually specified one.
Matches the original files more closely.

Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2020-08-11 08:50:27 +10:00
Zane van Iperen
a3a4591868
avformat/argo_asf: add name option
Reviewed-by: Alexander Strasser <eclipse7@gmx.net>
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2020-08-11 08:50:27 +10:00
Zane van Iperen
1f9dd53d5d
avformat/argo_asf: add version_major and version_minor options
Reviewed-by: Alexander Strasser <eclipse7@gmx.net>
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2020-08-11 08:50:27 +10:00
Zane van Iperen
a3e9821787
avformat/argo_asf: don't check file version
It has no bearing on structure. Determined by looking at the ASF
files from several Argonaut games:
  - FX Fighter,
  - Croc,
  - Croc 2,
  - The Emperor's New Groove, and
  - Disney's Aladdin in Nasira's Revenge

The only versions that appear are 1.1, 1.2, and 2.1, and their
structure is identical.

Reviewed-by: Alexander Strasser <eclipse7@gmx.net>
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2020-08-11 08:50:26 +10:00
Zane van Iperen
97aaa15089
avformat/argo_asf: add games to version list
Reviewed-by: Alexander Strasser <eclipse7@gmx.net>
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2020-08-11 08:50:19 +10:00
Andreas Rheinhardt
1ead176d87 avformat/mpegts: Don't leave context in inconsistent state upon error
Up until now, opening a section filter works as follows: A filter is
opened and (on success) attached to the MpegTSContext. Then a buffer for
said filter is allocated and upon success attached to the section
filter; on error, the filter is simply freed without removing it from
the MpegTSContext, leaving the latter in an inconsistent state. This
leads to use-after-frees lateron.

This commit fixes this by allocating the buffer first; the filter is
only opened if the buffer could be successfully allocated.

Reviewed-by: Marton Balint <cus@passwd.hu>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-08-10 21:07:54 +02:00
Michael Niedermayer
a5ac81952e avcodec/jpeg2000dec: Check remaining data in packed_headers_stream before use
Fixes: out of array read
Fixes: 24487/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5165847820369920
Fixes: 24636/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5700973918683136
Fixes: 24683/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-6202883897556992

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-08-10 14:54:32 +02:00
Ting Fu
de5cb6c060 FATE/dnn: add unit test for dnn avgpool layer
'make fate-dnn-layer-avgpool' to run the test

Signed-off-by: Ting Fu <ting.fu@intel.com>
Reviewed-by: Guo, Yejun <yejun.guo@intel.com>
2020-08-10 16:37:43 +08:00
Ting Fu
91efc41a69 dnn/native: add native support for avg_pool
Not support pooling strides in channel dimension yet.

Signed-off-by: Ting Fu <ting.fu@intel.com>
Reviewed-by: Guo, Yejun <yejun.guo@intel.com>
2020-08-10 16:37:39 +08:00
Steven Liu
40597add98 avformat/hlsenc: write temp file for append single file by encryption mode
fix ticket: 8783
Because in single file by encryption mode, it cannot get the last one
block of the file, it need ff_format_io_close for get full file size,
then hlsenc can get the total size of the encryption content,
so write the content into temp file first, and get the temp file content
append the temp file content into append to single file, then hlsenc can
get the correct file/content size and offset.

Signed-off-by: Steven Liu <liuqi05@kuaishou.com>
2020-08-10 15:52:59 +08:00
Steven Liu
6e4bba4055 avformat/hls: support avio_seek in encryption mode
Signed-off-by: Steven Liu <liuqi05@kuaishou.com>
2020-08-10 15:52:54 +08:00
Mark Thompson
6e951d0cf8 kmsgrab: Add more supported formats
X2RGB10 tested on both Intel Gen9 and AMD Polaris 11.  NV12 tested on
Intel Gen9 only - since it has multiple planes, this requires GetFB2.

Also add some comments to split the list up a bit.
2020-08-09 20:18:49 +01:00
Mark Thompson
991daf3895 doc/indevs: Note improved behaviour of kmsgrab with Linux 5.7 2020-08-09 20:18:49 +01:00
Mark Thompson
ff14858a60 kmsgrab: Don't require the user to set framebuffer format
This is provided by GetFB2, but we still need the option for cases where
that isn't available.
2020-08-09 20:18:49 +01:00
Mark Thompson
ef934dba2d kmsgrab: Use GetFB2 if available
The most useful feature here is the ability to automatically extract the
framebuffer format and modifiers.  It also makes support for multi-plane
framebuffers possible, though none are added to the format table in this
patch.

This requires libdrm 2.4.101 (from April 2020) to build, so it includes a
configure check to allow compatibility with existing distributions.  Even
with libdrm support, it still won't do anything at runtime if you are
running Linux < 5.7 (before June 2020).
2020-08-09 20:18:48 +01:00
Mark Thompson
fa0b064cf2 kmsgrab: Refactor and clean error cases 2020-08-09 20:18:48 +01:00
Andreas Rheinhardt
ea8f8d28d0 avformat/sierravmd: Don't return packets for non-existing stream
It leads to an assert in ff_read_packet().

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-08-09 19:07:23 +02:00
Andreas Rheinhardt
c4a4fe938d avformat/vividas: Check allocation for success
Reviewed-by: Zane van Iperen <zane@zanevaniperen.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-08-09 19:07:23 +02:00
Andreas Rheinhardt
a3dced69c8 avformat/vividas: Check return value before storing it in smaller type
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-08-09 19:07:23 +02:00
Paul B Mahol
4ad77086b9 avcodec/cfhd: improve SampleIndex tag output
This tag is used for jumping to different channels in bitstream.
2020-08-09 18:47:30 +02:00
Paul B Mahol
17d1454a5f avcodec/cfhd: log version tags too 2020-08-09 18:47:29 +02:00
Paul B Mahol
fc3546bece avcodec/cfhd: read prescale table tag
Currently unused. Remove prescale shift tag as it
is not part of this codec.
2020-08-09 18:47:29 +02:00
Paul B Mahol
3ff7171a85 avcodec/cfhd: use init_get_bits8() 2020-08-09 18:47:29 +02:00