mirror of
https://github.com/FFmpeg/FFmpeg.git
synced 2024-11-26 19:01:44 +02:00
a44b3abb4c
This avoids potential undefined behavior in debug mode while still allowing developers which want to check for potential additional overflows to do so by manually enabling this. Reviewed-by: wm4 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
357 lines
11 KiB
C
357 lines
11 KiB
C
/*
|
|
* copyright (c) 2006 Michael Niedermayer <michaelni@gmx.at>
|
|
*
|
|
* This file is part of FFmpeg.
|
|
*
|
|
* FFmpeg is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
* License as published by the Free Software Foundation; either
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
*
|
|
* FFmpeg is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
* License along with FFmpeg; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
|
*/
|
|
|
|
/**
|
|
* @file
|
|
* common internal API header
|
|
*/
|
|
|
|
#ifndef AVUTIL_INTERNAL_H
|
|
#define AVUTIL_INTERNAL_H
|
|
|
|
#if !defined(DEBUG) && !defined(NDEBUG)
|
|
# define NDEBUG
|
|
#endif
|
|
|
|
// This can be enabled to allow detection of additional integer overflows with ubsan
|
|
//#define CHECKED
|
|
|
|
#include <limits.h>
|
|
#include <stdint.h>
|
|
#include <stddef.h>
|
|
#include <assert.h>
|
|
#include "config.h"
|
|
#include "attributes.h"
|
|
#include "timer.h"
|
|
#include "cpu.h"
|
|
#include "dict.h"
|
|
#include "macros.h"
|
|
#include "pixfmt.h"
|
|
#include "version.h"
|
|
|
|
#if ARCH_X86
|
|
# include "x86/emms.h"
|
|
#endif
|
|
|
|
#ifndef emms_c
|
|
# define emms_c() while(0)
|
|
#endif
|
|
|
|
#ifndef attribute_align_arg
|
|
#if ARCH_X86_32 && AV_GCC_VERSION_AT_LEAST(4,2)
|
|
# define attribute_align_arg __attribute__((force_align_arg_pointer))
|
|
#else
|
|
# define attribute_align_arg
|
|
#endif
|
|
#endif
|
|
|
|
#if defined(_MSC_VER) && CONFIG_SHARED
|
|
# define av_export __declspec(dllimport)
|
|
#else
|
|
# define av_export
|
|
#endif
|
|
|
|
#if HAVE_PRAGMA_DEPRECATED
|
|
# if defined(__ICL) || defined (__INTEL_COMPILER)
|
|
# define FF_DISABLE_DEPRECATION_WARNINGS __pragma(warning(push)) __pragma(warning(disable:1478))
|
|
# define FF_ENABLE_DEPRECATION_WARNINGS __pragma(warning(pop))
|
|
# elif defined(_MSC_VER)
|
|
# define FF_DISABLE_DEPRECATION_WARNINGS __pragma(warning(push)) __pragma(warning(disable:4996))
|
|
# define FF_ENABLE_DEPRECATION_WARNINGS __pragma(warning(pop))
|
|
# else
|
|
# define FF_DISABLE_DEPRECATION_WARNINGS _Pragma("GCC diagnostic ignored \"-Wdeprecated-declarations\"")
|
|
# define FF_ENABLE_DEPRECATION_WARNINGS _Pragma("GCC diagnostic warning \"-Wdeprecated-declarations\"")
|
|
# endif
|
|
#else
|
|
# define FF_DISABLE_DEPRECATION_WARNINGS
|
|
# define FF_ENABLE_DEPRECATION_WARNINGS
|
|
#endif
|
|
|
|
|
|
#define FF_MEMORY_POISON 0x2a
|
|
|
|
#define MAKE_ACCESSORS(str, name, type, field) \
|
|
type av_##name##_get_##field(const str *s) { return s->field; } \
|
|
void av_##name##_set_##field(str *s, type v) { s->field = v; }
|
|
|
|
// Some broken preprocessors need a second expansion
|
|
// to be forced to tokenize __VA_ARGS__
|
|
#define E1(x) x
|
|
|
|
/* Check if the hard coded offset of a struct member still matches reality.
|
|
* Induce a compilation failure if not.
|
|
*/
|
|
#define AV_CHECK_OFFSET(s, m, o) struct check_##o { \
|
|
int x_##o[offsetof(s, m) == o? 1: -1]; \
|
|
}
|
|
|
|
#define LOCAL_ALIGNED_A(a, t, v, s, o, ...) \
|
|
uint8_t la_##v[sizeof(t s o) + (a)]; \
|
|
t (*v) o = (void *)FFALIGN((uintptr_t)la_##v, a)
|
|
|
|
#define LOCAL_ALIGNED_D(a, t, v, s, o, ...) \
|
|
DECLARE_ALIGNED(a, t, la_##v) s o; \
|
|
t (*v) o = la_##v
|
|
|
|
#define LOCAL_ALIGNED(a, t, v, ...) E1(LOCAL_ALIGNED_A(a, t, v, __VA_ARGS__,,))
|
|
|
|
#if HAVE_LOCAL_ALIGNED_8
|
|
# define LOCAL_ALIGNED_8(t, v, ...) E1(LOCAL_ALIGNED_D(8, t, v, __VA_ARGS__,,))
|
|
#else
|
|
# define LOCAL_ALIGNED_8(t, v, ...) LOCAL_ALIGNED(8, t, v, __VA_ARGS__)
|
|
#endif
|
|
|
|
#if HAVE_LOCAL_ALIGNED_16
|
|
# define LOCAL_ALIGNED_16(t, v, ...) E1(LOCAL_ALIGNED_D(16, t, v, __VA_ARGS__,,))
|
|
#else
|
|
# define LOCAL_ALIGNED_16(t, v, ...) LOCAL_ALIGNED(16, t, v, __VA_ARGS__)
|
|
#endif
|
|
|
|
#if HAVE_LOCAL_ALIGNED_32
|
|
# define LOCAL_ALIGNED_32(t, v, ...) E1(LOCAL_ALIGNED_D(32, t, v, __VA_ARGS__,,))
|
|
#else
|
|
# define LOCAL_ALIGNED_32(t, v, ...) LOCAL_ALIGNED(32, t, v, __VA_ARGS__)
|
|
#endif
|
|
|
|
#define FF_ALLOC_OR_GOTO(ctx, p, size, label)\
|
|
{\
|
|
p = av_malloc(size);\
|
|
if (!(p) && (size) != 0) {\
|
|
av_log(ctx, AV_LOG_ERROR, "Cannot allocate memory.\n");\
|
|
goto label;\
|
|
}\
|
|
}
|
|
|
|
#define FF_ALLOCZ_OR_GOTO(ctx, p, size, label)\
|
|
{\
|
|
p = av_mallocz(size);\
|
|
if (!(p) && (size) != 0) {\
|
|
av_log(ctx, AV_LOG_ERROR, "Cannot allocate memory.\n");\
|
|
goto label;\
|
|
}\
|
|
}
|
|
|
|
#define FF_ALLOC_ARRAY_OR_GOTO(ctx, p, nelem, elsize, label)\
|
|
{\
|
|
p = av_malloc_array(nelem, elsize);\
|
|
if (!p) {\
|
|
av_log(ctx, AV_LOG_ERROR, "Cannot allocate memory.\n");\
|
|
goto label;\
|
|
}\
|
|
}
|
|
|
|
#define FF_ALLOCZ_ARRAY_OR_GOTO(ctx, p, nelem, elsize, label)\
|
|
{\
|
|
p = av_mallocz_array(nelem, elsize);\
|
|
if (!p) {\
|
|
av_log(ctx, AV_LOG_ERROR, "Cannot allocate memory.\n");\
|
|
goto label;\
|
|
}\
|
|
}
|
|
|
|
#include "libm.h"
|
|
|
|
/**
|
|
* Return NULL if CONFIG_SMALL is true, otherwise the argument
|
|
* without modification. Used to disable the definition of strings
|
|
* (for example AVCodec long_names).
|
|
*/
|
|
#if CONFIG_SMALL
|
|
# define NULL_IF_CONFIG_SMALL(x) NULL
|
|
#else
|
|
# define NULL_IF_CONFIG_SMALL(x) x
|
|
#endif
|
|
|
|
/**
|
|
* Define a function with only the non-default version specified.
|
|
*
|
|
* On systems with ELF shared libraries, all symbols exported from
|
|
* FFmpeg libraries are tagged with the name and major version of the
|
|
* library to which they belong. If a function is moved from one
|
|
* library to another, a wrapper must be retained in the original
|
|
* location to preserve binary compatibility.
|
|
*
|
|
* Functions defined with this macro will never be used to resolve
|
|
* symbols by the build-time linker.
|
|
*
|
|
* @param type return type of function
|
|
* @param name name of function
|
|
* @param args argument list of function
|
|
* @param ver version tag to assign function
|
|
*/
|
|
#if HAVE_SYMVER_ASM_LABEL
|
|
# define FF_SYMVER(type, name, args, ver) \
|
|
type ff_##name args __asm__ (EXTERN_PREFIX #name "@" ver); \
|
|
type ff_##name args
|
|
#elif HAVE_SYMVER_GNU_ASM
|
|
# define FF_SYMVER(type, name, args, ver) \
|
|
__asm__ (".symver ff_" #name "," EXTERN_PREFIX #name "@" ver); \
|
|
type ff_##name args; \
|
|
type ff_##name args
|
|
#endif
|
|
|
|
/**
|
|
* Return NULL if a threading library has not been enabled.
|
|
* Used to disable threading functions in AVCodec definitions
|
|
* when not needed.
|
|
*/
|
|
#if HAVE_THREADS
|
|
# define ONLY_IF_THREADS_ENABLED(x) x
|
|
#else
|
|
# define ONLY_IF_THREADS_ENABLED(x) NULL
|
|
#endif
|
|
|
|
/**
|
|
* Log a generic warning message about a missing feature.
|
|
*
|
|
* @param[in] avc a pointer to an arbitrary struct of which the first
|
|
* field is a pointer to an AVClass struct
|
|
* @param[in] msg string containing the name of the missing feature
|
|
*/
|
|
void avpriv_report_missing_feature(void *avc,
|
|
const char *msg, ...) av_printf_format(2, 3);
|
|
|
|
/**
|
|
* Log a generic warning message about a missing feature.
|
|
* Additionally request that a sample showcasing the feature be uploaded.
|
|
*
|
|
* @param[in] avc a pointer to an arbitrary struct of which the first field is
|
|
* a pointer to an AVClass struct
|
|
* @param[in] msg string containing the name of the missing feature
|
|
*/
|
|
void avpriv_request_sample(void *avc,
|
|
const char *msg, ...) av_printf_format(2, 3);
|
|
|
|
#if HAVE_LIBC_MSVCRT
|
|
#include <crtversion.h>
|
|
#if defined(_VC_CRT_MAJOR_VERSION) && _VC_CRT_MAJOR_VERSION < 14
|
|
#pragma comment(linker, "/include:" EXTERN_PREFIX "avpriv_strtod")
|
|
#pragma comment(linker, "/include:" EXTERN_PREFIX "avpriv_snprintf")
|
|
#endif
|
|
|
|
#define avpriv_open ff_open
|
|
#define avpriv_tempfile ff_tempfile
|
|
#define PTRDIFF_SPECIFIER "Id"
|
|
#define SIZE_SPECIFIER "Iu"
|
|
#else
|
|
#define PTRDIFF_SPECIFIER "td"
|
|
#define SIZE_SPECIFIER "zu"
|
|
#endif
|
|
|
|
#ifdef DEBUG
|
|
# define ff_dlog(ctx, ...) av_log(ctx, AV_LOG_DEBUG, __VA_ARGS__)
|
|
#else
|
|
# define ff_dlog(ctx, ...) do { if (0) av_log(ctx, AV_LOG_DEBUG, __VA_ARGS__); } while (0)
|
|
#endif
|
|
|
|
// For debuging we use signed operations so overflows can be detected (by ubsan)
|
|
// For production we use unsigned so there are no undefined operations
|
|
#ifdef CHECKED
|
|
#define SUINT int
|
|
#define SUINT32 int32_t
|
|
#else
|
|
#define SUINT unsigned
|
|
#define SUINT32 uint32_t
|
|
#endif
|
|
|
|
/**
|
|
* Clip and convert a double value into the long long amin-amax range.
|
|
* This function is needed because conversion of floating point to integers when
|
|
* it does not fit in the integer's representation does not necessarily saturate
|
|
* correctly (usually converted to a cvttsd2si on x86) which saturates numbers
|
|
* > INT64_MAX to INT64_MIN. The standard marks such conversions as undefined
|
|
* behavior, allowing this sort of mathematically bogus conversions. This provides
|
|
* a safe alternative that is slower obviously but assures safety and better
|
|
* mathematical behavior.
|
|
* @param a value to clip
|
|
* @param amin minimum value of the clip range
|
|
* @param amax maximum value of the clip range
|
|
* @return clipped value
|
|
*/
|
|
static av_always_inline av_const int64_t ff_rint64_clip(double a, int64_t amin, int64_t amax)
|
|
{
|
|
int64_t res;
|
|
#if defined(HAVE_AV_CONFIG_H) && defined(ASSERT_LEVEL) && ASSERT_LEVEL >= 2
|
|
if (amin > amax) abort();
|
|
#endif
|
|
// INT64_MAX+1,INT64_MIN are exactly representable as IEEE doubles
|
|
// do range checks first
|
|
if (a >= 9223372036854775808.0)
|
|
return amax;
|
|
if (a <= -9223372036854775808.0)
|
|
return amin;
|
|
|
|
// safe to call llrint and clip accordingly
|
|
res = llrint(a);
|
|
if (res > amax)
|
|
return amax;
|
|
if (res < amin)
|
|
return amin;
|
|
return res;
|
|
}
|
|
|
|
/**
|
|
* A wrapper for open() setting O_CLOEXEC.
|
|
*/
|
|
av_warn_unused_result
|
|
int avpriv_open(const char *filename, int flags, ...);
|
|
|
|
/**
|
|
* Wrapper to work around the lack of mkstemp() on mingw.
|
|
* Also, tries to create file in /tmp first, if possible.
|
|
* *prefix can be a character constant; *filename will be allocated internally.
|
|
* @return file descriptor of opened file (or negative value corresponding to an
|
|
* AVERROR code on error)
|
|
* and opened file name in **filename.
|
|
* @note On very old libcs it is necessary to set a secure umask before
|
|
* calling this, av_tempfile() can't call umask itself as it is used in
|
|
* libraries and could interfere with the calling application.
|
|
*/
|
|
int avpriv_tempfile(const char *prefix, char **filename, int log_offset, void *log_ctx);
|
|
|
|
int avpriv_set_systematic_pal2(uint32_t pal[256], enum AVPixelFormat pix_fmt);
|
|
|
|
static av_always_inline av_const int avpriv_mirror(int x, int w)
|
|
{
|
|
if (!w)
|
|
return 0;
|
|
|
|
while ((unsigned)x > (unsigned)w) {
|
|
x = -x;
|
|
if (x < 0)
|
|
x += 2 * w;
|
|
}
|
|
return x;
|
|
}
|
|
|
|
void ff_check_pixfmt_descriptors(void);
|
|
|
|
/**
|
|
* Set a dictionary value to an ISO-8601 compliant timestamp string.
|
|
*
|
|
* @param s AVFormatContext
|
|
* @param key metadata key
|
|
* @param timestamp unix timestamp in microseconds
|
|
* @return <0 on error
|
|
*/
|
|
int avpriv_dict_set_timestamp(AVDictionary **dict, const char *key, int64_t timestamp);
|
|
|
|
#endif /* AVUTIL_INTERNAL_H */
|