Commit graph

46739 commits

Author SHA1 Message Date
James Almer
07286d82f7 avcodec/libsvtav1: properly initialize the flush EbBufferHeaderType struct
Should fix ticket #9834

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit fb70e0611b)
2022-08-24 10:36:06 -03:00
Andreas Rheinhardt
1ad802c45c avcodec/libspeexdec: Fix use of uninitialized value
Regression since 97d9a32938.
Fixes Coverity issue #1503072.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit eb608fd0b0)
2022-08-10 18:48:25 +02:00
James Almer
915ef932a3 avcodec/alac: don't fail if channels aren't set during init() when extradata is valid
The decoder is meant to use it as a fallback if the value in extradata is
invalid.

Regression since d199099be.

Signed-off-by: James Almer <jamrial@gmail.com>
2022-07-30 10:24:52 -03:00
Michael Niedermayer
e0723b7e4e avcodec/hevc_filter: copy_CTB() only within width&height
Fixes: out of array access
Fixes: 49271/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5424984922652672

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 009ef35d38)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-07-22 17:31:41 +02:00
Michael Niedermayer
6fbd4d2285 avcodec/tiff: Check tile_length and tile_width
Fixes: Division by 0
Fixes: 49235/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5495613847896064

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 76112c2b41)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-07-22 17:31:16 +02:00
Michael Niedermayer
fa511b03d3 avcodec/mss4: Check image size with av_image_check_size2()
Fixes: Timeout
Fixes: 48418/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MTS2_fuzzer-4834851466903552

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4e145f1dcd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-07-22 17:16:52 +02:00
Michael Niedermayer
e95f80c8df avcodec/exr: Check x/ysize
Fixes: OOM
Fixes: 48911/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-6352002510094336

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 614a4d1476)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-07-22 17:12:03 +02:00
Michael Niedermayer
6a78425604 avcodec/ffv1dec: Fix AC_GOLOMB_RICE min size check
Found-by: mkver

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f7d510b33f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-07-22 15:48:06 +02:00
Michael Niedermayer
288ef1939f avcodec/ffv1dec: consider run increase in minimal golomb frame size
Fixes: Timeout
Fixes: 49160/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFV1_fuzzer-5672826144686080

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 15785e044e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-07-20 18:24:47 +02:00
Michael Niedermayer
2720715dab avcodec/lagarith: Check dst/src in zero run code
Fixes: out of array access
Fixes: 48799/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LAGARITH_fuzzer-4764457825337344

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9450f75974)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-07-16 17:08:26 +02:00
Michael Niedermayer
6f1b144358 Bump Versions for 5.1 branch
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-07-13 00:27:37 +02:00
Michael Niedermayer
f7dd408d64 avcodec/h264dec: Skip late SEI
Fixes: Race condition
Fixes: clusterfuzz-testcase-minimized-mediasource_MP2T_AVC_pipeline_integration_fuzzer-6282675434094592

Found-by: google ClusterFuzz
Tested-by: Dan Sanders <sandersd@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-07-12 21:55:22 +02:00
Michael Niedermayer
1537f40516 avcodec/sbrdsp_fixed: Fix integer overflows in sbr_qmf_deint_neg_c()
Fixes: signed integer overflow: 2147483645 + 16 cannot be represented in type 'int'
Fixes: 46993/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-4759025234870272

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-07-12 21:55:22 +02:00
Michael Niedermayer
4f9ee4bf43 avcodec/pixlet: consider minimum plane header in the minimal packet size
Fixes: Timeout
Fixes: 46956/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PIXLET_fuzzer-5698161106092032

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-07-12 21:55:22 +02:00
Michael Niedermayer
9c5250a561 avcodec/hevcdsp_template: stay within tables in sao_band_filter()
Fixes: out of array read
Fixes: 47875/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5719393113341952

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-07-12 21:55:22 +02:00
Michael Niedermayer
75f3d1b822 avcodec/tiff: Check pixel format types for dng
Fixes: out of array access
Fixes: 48271/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-6149705769287680

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-07-12 21:55:22 +02:00
Michael Niedermayer
e690d4edf5 avcodec/qpeldsp: copy less for the mc0x cases
Fixes: out of array access
Fixes: 47936/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5745039940124672

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-07-12 21:55:22 +02:00
Michael Niedermayer
78b95530f0 avcodec/ffv1dec: Check for min packet size
Fixes: Timeout
Fixes: 48619/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFV1_fuzzer-5793597923917824

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-07-12 21:55:22 +02:00
Michael Niedermayer
b4431399ec avcodec/ffv1dec: Limit golomb rice coded slices to width 8M
This limit is possibly not reachable due to other restrictions on buffers but
the decoder run table is too small beyond this, so explicitly check for it.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-07-12 21:55:22 +02:00
Michael Niedermayer
d98d5a436a avcodec/wnv1: Check for width =1
The decoder only outputs pixels for width >1 images, fail early

Fixes: Timeout
Fixes: 48298/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WNV1_fuzzer-6198626319204352

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-07-12 21:55:22 +02:00
Michael Niedermayer
eee7364c90 avcodec/ffv1dec_template: fix indention
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-07-12 21:55:22 +02:00
Hubert Mazur
eb7ab3928f lavc/aarch64: Hook up the existing ff_pix_abs16_neon to the sad[0] function pointer
Signed-off-by: Hubert Mazur <hum@semihalf.com>
Signed-off-by: Martin Storsjö <martin@martin.st>
2022-07-11 23:58:28 +03:00
Andreas Rheinhardt
d0b050562a avcodec/pcm-dvdenc: Fix encoding 24bit samples
The earlier code ignored the lower 16 bits and instead used
the highest 8 bits twice.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2022-07-10 16:58:43 +02:00
Andreas Rheinhardt
7259eef711 avcodec/pcm-dvdenc: Remove unused extra_sample(s|_count)
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2022-07-10 16:58:07 +02:00
Wenbin Chen
bd7dae7daf avcodec/mpegvideo_enc: Unify the code style
Change whitespace and add newline to unify the code style.

Signed-off-by: Wenbin Chen <wenbin.chen@intel.com>
Signed-off-by: Marton Balint <cus@passwd.hu>
2022-07-09 21:05:02 +02:00
Wenbin Chen
76b33704b6 avcodec/mpegvideo_enc: Fix a chroma mb size error in sse_mb()
For 422 frames we should not use hard coded 8 to calculate mb size for
uv plane. Chroma shift should be taken into consideration to be
compatiple with different sampling format.

The error is reported by fate test when av_cpu_max_align() return 64
on the platform supporting AVX512. This is a hidden error and it is
exposed after commit 17a59a634c.

mpeg2enc has a mechanism to reuse frames. When it computes SSE (sum of
squared error) on current mb, reconstructed mb will be wrote to the
previous mb space, so that the memory can be saved. However if the align
is 64, the frame is shared in somewhere else, so the frame cannot be
reused and a new frame to store reconstrued data is created. Because the
height of mb is wrong when compute sse on 422 frame, starting from the
second line of macro block, changed data is read when frame is reused
(we need to read row 16 rather than row 8 if frame is 422), and unchanged
data is read when frame is not reused (a new frame is created so the
original frame will not be changed).

That is why commit 17a59a634c exposes this
issue, because it add av_cpu_max_align() and this function return 64 on
platform supporting AVX512 which lead to creating a frame in mpeg2enc,
and this lead to the different outputs.

Signed-off-by: Wenbin Chen <wenbin.chen@intel.com>
Signed-off-by: Marton Balint <cus@passwd.hu>
2022-07-09 21:05:02 +02:00
Andreas Rheinhardt
8393c0721a avcodec/hevc_cabac: Don't cast const away unnecessarily
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2022-07-09 20:29:26 +02:00
Andreas Rheinhardt
c34e3920f2 avcodec/hevc_refs: Constify ff_hevc_get_ref_list()
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2022-07-09 20:28:02 +02:00
Andreas Rheinhardt
aba0cc4465 avcodec/hevc_sei: Use proper type for NALU type
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2022-07-09 20:19:29 +02:00
Andreas Rheinhardt
75a2d25a6f avcodec/h26[45]_metadata_bsf: Fix range of chroma_sample_loc_type
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2022-07-09 20:10:21 +02:00
Andreas Rheinhardt
12392ffee5 avcodec/hevc_ps: Fix wrong copyright years
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2022-07-09 20:10:11 +02:00
Andreas Rheinhardt
3524e82a08 avcodec/dv: Remove unnecessary header
Forgotten in 6d484671ec.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2022-07-09 20:06:47 +02:00
Andreas Rheinhardt
ad5040a442 avcodec/cbs: Mark init and close functions as av_cold
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2022-07-09 20:05:14 +02:00
Andreas Rheinhardt
e4f7a2b003 avcodec/encode: Avoid check whose result is known in advance
encode_send_frame_internal() is always only called if
the buffer packet is empty and except when we are dealing
with an audio codec that does not allow variable frame size
it stays that way until a call to av_frame_ref() at the end
of encode_send_frame_internal(). In case we are dealing
with the small last frame of an audio encoder requiring
constant frame size the frame will be allocated by pad_last_frame()
and this the only case where this is so. So by returning directly
after pad_last_frame(), we can avoid having to recheck
whether the frame is still empty before av_frame_ref().

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2022-07-09 20:03:37 +02:00
Andreas Rheinhardt
4ad686269d avcodec: Add const to decoder packet data pointers
The packets given to decoder need not be writable,
so it is best to access them via const uint8_t*.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2022-07-09 19:37:53 +02:00
Andreas Rheinhardt
e4a10dd637 avcodec/apng: Add APNG_FCTL_CHUNK_SIZE define
Also use it where appropriate.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2022-07-09 19:37:52 +02:00
James Almer
f9785a78da avcodec/aacdec: fix parsing of dual mono files
Dual mono files report a channel count of 2 with each individual channel in its
own SCE, instead of both in a single CPE as is the case with standard stereo.
This commit handles this non default channel configuration scenario.

Fixes ticket #1614

Signed-off-by: James Almer <jamrial@gmail.com>
2022-07-08 10:05:24 -03:00
Andreas Schneider
59018254c7 avcodec/openh264: return (DE|EN)CODER_NOT_FOUND if version check fails
A cosmetic change only, it basically just changes the user facing error message
to clients that interpret the errors to something that makes sense.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Signed-off-by: Marton Balint <cus@passwd.hu>
2022-07-08 00:49:37 +02:00
Michael Niedermayer
b418ad75c2 avcodec/flashsv: Clear pointers
Fixes: Use after free
Fixes: 47399/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLASHSV2_fuzzer-5718646686613504

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-07-07 21:52:52 +02:00
Michael Niedermayer
af2ed09220 avcodec/aasc: Fix indention
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-07-07 21:52:52 +02:00
Michael Niedermayer
8f6432cd77 avcodec/flashsv: Check inflate() for failure
Fixes: CID1047223

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-07-07 21:52:52 +02:00
Michael Niedermayer
7796d740bd avcodec/smacker: fix indention after previous commit
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-07-07 21:52:52 +02:00
Michael Niedermayer
08e82e5b57 avcodec/smacker: Optimize constant 16bit audio output
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2022-07-07 21:52:52 +02:00
Paul B Mahol
42518d8dd0 avcodec/exrenc: add av_cold to some functions 2022-07-06 19:41:44 +02:00
Timo Rothenpieler
85bc6b5abf avcodec/nvenc: add support for additional (10 bit) RGB pixel formats 2022-07-05 18:27:37 +02:00
Anton Khirnov
c9a2506de9 get_bits: move check_marker() to mpegvideodec.h
It is only used by mpegvideo-based decoders - specifically mpeg12, intelh263,
ituh263, mpeg4video.
2022-07-04 18:16:11 +02:00
Andreas Rheinhardt
8cfb44cd2e avcodec/mscc: Don't modify input packet
This packet may not be writable, hence we must not write to it.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2022-07-04 15:04:08 +02:00
Andreas Rheinhardt
930e560da3 avcodec/decoders: Use const uint8_t* to access input packet data
These packets need not be writable, so we must not modify them.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2022-07-04 15:04:01 +02:00
Andreas Rheinhardt
88f9b1fc45 avcodec/dcadec: Treat the input packet's data as const
A decoder's input packet need not be writable, so we must not modify
the data.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
2022-07-04 15:03:53 +02:00
Zhao Zhili
066368e837 avcodec/libdavs2: workaround memory leak
davs2_decoder_close doesn't free those on the fly frames which
don't get output yet. It's a design bug, but easy to workaround.

Before the patch:
Direct leak of 1198606 byte(s) in 2 object(s) allocated from:
    #0 0x563af5e1e5f0 in malloc (ffmpeg+0x6675f0)
    #1 0x563af9765ef3 in davs2_malloc davs2/source/common/common.h:1240
    #2 0x563af9765ef3 in davs2_alloc_picture davs2/source/common/header.cc:815

Indirect leak of 3595818 byte(s) in 6 object(s) allocated from:
    #0 0x563af5e1e5f0 in malloc (ffmpeg+0x6675f0)
    #1 0x563af9765ef3 in davs2_malloc davs2/source/common/common.h:1240
    #2 0x563af9765ef3 in davs2_alloc_picture davs2/source/common/header.cc:815

Signed-off-by: Zhao Zhili <zhilizhao@tencent.com>
2022-07-04 11:30:08 +08:00