Fixes: runtime error: shift exponent 1073741824 is too large for 32-bit type 'int'
Fixes: 1654/clusterfuzz-testcase-minimized-5151903795118080
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: out of array access
Fixes: 1643/clusterfuzz-testcase-minimized-6117573403869184
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: runtime error: signed integer overflow: -2147483627 - 22 cannot be represented in type 'int'
Fixes: 1637/clusterfuzz-testcase-minimized-5376582493405184
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 1615/clusterfuzz-testcase-minimized-6625214647500800
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Add dxva2_pool_release_dummy() and use it in call to
av_buffer_create() in dxva2_pool_alloc().
Prior to this change, av_buffer_create() was called with NULL for the
third argument, which indicates that av_buffer_default_free() should
be used to free the buffer's data. Eventually, it gets to
buffer_pool_free() and calls buf->free() on a surface object (which is
av_buffer_default_free()).
This can result in a crash when the debug version of the C-runtime is
used on Windows. While it doesn't appear to result in a crash when
the release version of the C-runtime is used on Windows, it likely
results in memory corruption, since av_free() is being called on
memory that was allocated using
IDirectXVideoAccelerationService::CreateSurface().
Signed-off-by: Aaron Levinson <alevinsn@aracnet.com>
Reviewed-by: wm4 <nfxjfg@googlemail.com>
Reviewed-by: Steven Liu <lingjiujianke@gmail.com>
Reviewed-by: Mark Thompson <sw@jkqxz.net>
Enables rendering of SVG images. This is possible since SVG images
still contain and specify the dimensions in pixels to which they've
been drawn to and thus enable browsers to display them without any
external data. Users can still override and generate images with
arbitrary resolutions.
Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>
Only checks the extension and MIME type, since determining whether
a file is SVG is difficult since they're just XML files.
Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>
Old behaviour - abort if at least one subband has 1bit quantizer
and consumed_bits still greater than frame_bits size. It was
a bit strange - we still could reduce bits consumption by reducing
SNR for other subbands. Same strange logic with upper threshold -
stop bits allocation if at least one subband reach 26bits.
New behaviour - if consumed_bits greater than frame_bits and all
subbands has 1 bit quantizer we restart bits allocation and allow
zero subbands.
This brings our generation of the vpcC box up to date to version 1.0
of the VP Codec ISO Media File Format Binding.
Specifically, color/transfer properties are now written with values
based on ISO/IEC 23001-8, which is the same reference specification the
AVColor* enumerations are based on.
This adds tons of code for no other benefit than making VideoToolbox
support conform with the new hwaccel API (using hw_device_ctx and
hw_frames_ctx).
Since VideoToolbox decoding does not actually require the user to
allocate frames, the new code does mostly nothing.
One benefit is that ffmpeg_videotoolbox.c can be dropped once generic
hwaccel support for ffmpeg.c is merged from Libav.
Does not consider VDA or VideoToolbox encoding.
Fun fact: the frame transfer functions are copied from vaapi, as the
mapping makes copying generic boilerplate. Mapping itself is not
exported by the VT code, because I don't know how to test.
reorder_pixels is call by rle_uncompress and zip_uncompress
with size == uncompress_size
uncompress_size is a multiple of 2 (because exr store data
in half, float, or uint32)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
It seems dual mono with a LFE channel is not forbidden
Fixes: 1570/clusterfuzz-testcase-minimized-6455337349545984
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
