Commit graph

44684 commits

Author SHA1 Message Date
Andreas Rheinhardt
0bbf1f4785 avcodec/avcodec: Don't use NULL for %s printf specifier
Our "get name" functions can return NULL for invalid/unknown
arguments. So check for this.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
(cherry picked from commit 88b7d9fd36)
2021-04-02 21:35:55 +02:00
Zane van Iperen
cc8eba0ab8
avcodec/adpcmenc: don't share a single AVClass between multiple AVCodecs.
Temporary fix until AVClass::child_class_next is gone.

Reviewed-By: James Almer <jamrial@gmail.com>
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
(cherry picked from commit aa1cfe05a5)
2021-04-02 09:01:59 +10:00
Michael Niedermayer
829d4b009f avcodec/pnm_parser: Check image size addition for overflow
Fixes: assertion failure
Fixes: out of array access
Fixes: 32664/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PGMYUV_fuzzer-6533642202513408.fuzz
Fixes: 32669/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PGMYUV_fuzzer-6001928875147264

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 79ac8d5546)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-04-01 11:38:45 +02:00
Michael Niedermayer
426c52c2ce avcodec/lscrdec: Check length in decode_idat()
Fixes: out of array access
Fixes: 32264/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LSCR_fuzzer-6684504010915840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c01cd2a8b2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-04-01 11:38:45 +02:00
Michael Niedermayer
de9f4351fa avcodec/h265_metadata_bsf: Check nb_units before accessing the first in h265_metadata_update_fragment()
Fixes: null pointer dereference
Fixes: 32113/clusterfuzz-testcase-minimized-ffmpeg_BSF_HEVC_METADATA_fuzzer-4803262287052800

Same as 0c48c332ee

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 497ea04dbd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-04-01 11:38:45 +02:00
Michael Niedermayer
698d768d21 avcodec/exr: Check oe in huf_decode() before use
Fixes: out of array access
Fixes: 31386/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5773234709594112

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9e8475c7c7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-04-01 11:38:45 +02:00
Michael Niedermayer
137c998b48 avcodec/h264_slice: Check input SPS in ff_h264_update_thread_context()
Fixes: crash
Fixes: check_pkt.mp4

Found-by: Rafael Dutra <rafael.dutra@cispa.de>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ceae92cb29)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-04-01 11:38:44 +02:00
Michael Niedermayer
d416d7f061 avcodec/mpegpicture: Keep ff_mpeg_framesize_alloc() failure state consistent
Fixes: null pointer dereference
Fixes: ff_put_pixels16_sse2.mp4

Found-by: Rafael Dutra <rafael.dutra@cispa.de>
Regression-since: 4b2863ff01
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 76cea1d2ce)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-04-01 11:38:44 +02:00
Michael Niedermayer
ac0e9506d0 avcodec/mpegvideo: Update chroma_?_shift in ff_mpv_common_frame_size_change()
Fixes: out of array access
Fixes: 31201/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-4627865612189696.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 87d87e6587)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-04-01 11:38:44 +02:00
Michael Niedermayer
8c99a06c5c avcodec/setts_bsf: Check timebase
Fixes: Division by 0
Fixes: 30952/clusterfuzz-testcase-minimized-ffmpeg_BSF_SETTS_fuzzer-6601016202100736

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7fc8ba9068)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-04-01 11:38:44 +02:00
Michael Niedermayer
59c05f51d5 avcodec/sonic: Use unsigned temporary in predictor_calc_error()
Fixes: signed integer overflow: -2147471366 - 18638 cannot be represented in type 'int'
Fixes: 30157/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5171199746506752

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 075d793ba8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-04-01 11:38:44 +02:00
Michael Niedermayer
039ecef275 avcodec/h264_slice: Check sps in h264_slice_header_init()
Fixes: null pointer dereference
Fixes: h264_slice_header_init.mp4

Found-by: Rafael Dutra <rafael.dutra@cispa.de>
Tested-by: Rafael Dutra <rafael.dutra@cispa.de>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8047243899)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-04-01 11:38:44 +02:00
Michael Niedermayer
5d1e309e67 avcodec/sga: Check for array end in lzss_decompress()
Fixes: out of array access
Fixes: 31640/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SGA_fuzzer-5630883286614016
Fixes: 31619/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SGA_fuzzer-5176667708456960

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e8bd34fe4f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-04-01 11:38:44 +02:00
Michael Niedermayer
e42efdce95 avcodec/ffwavesynth: Avoid signed integer overflow in phi_at()
Fixes: signed integer overflow: 2314885530818453536 - -9070214327174160352 cannot be represented in type 'long'
Fixes: 31000/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-6558389742206976

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit be08b84f8b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-04-01 11:38:44 +02:00
Zane van Iperen
0cfea0581b
avcodec/adpcm_ima_cunning: reset state on flush
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
(cherry picked from commit e550667f61)
2021-03-25 16:34:41 +10:00
Zane van Iperen
0d00e151d1
avcodec/adpcm_ima_alp: reset state on flush
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
(cherry picked from commit 257d9f91fc)
2021-03-25 16:34:41 +10:00
Zane van Iperen
990bccfad6
avcodec/adpcm_ima_ssi: reset state on flush
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
(cherry picked from commit ff7bbd6d88)
2021-03-25 16:34:40 +10:00
Zane van Iperen
f0169e9d58
avcodec/adpcm_argo: reset state on flush
Commit 003b5c800f introduced seeking in argo_asf,
but this was missed, leading to non-deterministic output.

Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
(cherry picked from commit 660c14a9b9)
2021-03-25 16:34:40 +10:00
Zane van Iperen
2057068495
avcodec/adpcm_aica: reset state in flush callback
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
(cherry picked from commit efb58ec8f9)
2021-03-25 16:34:40 +10:00
Zane van Iperen
0b9d7b6f8d
avcodec/adpcm_zork: reset state in flush callback
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
(cherry picked from commit 95280cf3e7)
2021-03-25 16:34:39 +10:00
Zane van Iperen
ebe065c177
avcodec/adpcm: add comment to has_status field
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
(cherry picked from commit 55a50885b9)
2021-03-25 16:34:39 +10:00
Andreas Rheinhardt
5996184bea avcodec/put_bits: Restore x64 ABI compatibility with releases <= 4.3
88d80cb975 changed the type of
PutBitContext.BitBuf to uint64_t; it used to be an uint32_t.
While said structure is not public, it is nevertheless used by
certain avpriv functions and therefore crosses library boundaries:
avpriv_align_put_bits and avpriv_copy_bits were used in other libraries
in release 4.3 (and at the time of 88d80cb9) and so this commit broke
ABI.

This commit mitigates the trouble caused by this by using an uint32_t
again, but only for the 4.4 release branch and not the master branch,
as doing so for master, would break the ABI of master again, although
it is very unlikely that anyone would be helped by this (there don't
seem to be any users that combine libavcodec built from master and
libavformat from an old release: otherwise we would have received bug
reports about said ABI break).

Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-23 01:21:29 +01:00
Andreas Rheinhardt
16af5236ae avcodec/avcodec: Sanitize options before using them
This is how it is supposed to happen, yet when using frame threading,
the codec's init function has been called before preinit. This can lead
to crashes when e.g. using unsupported lowres values for decoders
together with frame threading.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
(cherry picked from commit 746796ceb4)
2021-03-22 08:39:02 +01:00
Andreas Rheinhardt
2b114adcf4 avcodec/parser: Don't return pointer to stack buffer
When flushing, the parser receives a dummy buffer with padding
that lives on the stack of av_parser_parse2(). Certain parsers
(e.g. Dolby E) only analyze the input, but don't repack it. When
flushing, such parsers return a pointer to the stack buffer and
a size of 0. And this is also what av_parser_parse2() returns.

Fix this by always resetting poutbuf in case poutbuf_size is zero.

Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
(cherry picked from commit 9faf3f8bb0)
2021-03-22 08:17:33 +01:00
Michael Niedermayer
c67d2a2875 Bump Versions before release/4.4 branch
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-20 01:01:12 +01:00
Michael Niedermayer
33a1687bf6 avcodec/mpeg4videoenc: Check extradata malloc()
Fixes: Null pointer dereference
Fixes: any mpeg4 testcase which fails the malloc at that exact spot

Found-by: Rafael Dutra <rafael.dutra@cispa.de>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-20 00:36:09 +01:00
Michael Niedermayer
462b8261aa avcodec/speedhq: Width < 8 is not supported
Fixes: out of array access
Fixes: 31733/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SPEEDHQ_fuzzer-4704307963363328
Fixes: 31736/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SPEEDHQ_fuzzer-6190960292790272

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-03-19 23:59:45 +01:00
Hironori Bono
4892060f50 lavc/videotoolboxenc: Add support for HEVC with Alpha.
This change supports the "HEVC Video with Alpha" profile introduced in WWDC 2019
<https://developer.apple.com/videos/play/wwdc2019/506/>. (This change is a
partial fix for Ticket #7965.)

For example, the following command converts an animation PNG file to an HEVC
with Alpha video:
./ffmpeg -i fate-suite/apng/clock.png -c:v hevc_videotoolbox -allow_sw 1 -alpha_quality 0.75 -vtag hvc1 clock.mov

(This change uses the "HEVC Video with Alpha" profile only when the
'-alpha_quality' value is not 0 for backward compatibility.)

Signed-off-by: Hironori Bono <bouno@rouge.plala.or.jp>
2021-03-19 14:50:48 -04:00
Simone Karin Lehmann
efece4442f videotoolboxenc: enable constant quality with -q:v on Apple Silicon Macs and use b-frames für HEVC and H264 and b-pyramid for HEVC.
Signed-off-by: Simone Karin Lehmann <simone@lisanet.de>
Signed-off-by: Rick Kern <kernrj@gmail.com>
2021-03-19 14:50:48 -04:00
James Almer
f47d7a3b42 avcodec: move core AVCodecContext functions from util.c to a new file
Signed-off-by: James Almer <jamrial@gmail.com>
2021-03-19 15:35:35 -03:00
James Almer
4057a060f6 avcodec: move AVCodecParameters related functions from util.c to a new file
Signed-off-by: James Almer <jamrial@gmail.com>
2021-03-19 15:33:54 -03:00
Zane van Iperen
d294c33231
avcodec/adpcm_ima_cunning: reindent
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2021-03-19 23:38:33 +10:00
Zane van Iperen
684745230f
avcodec/adpcm_ima_cunning: support stereo
Changes the sample format to S16P, but was only ever mono so it
affects nothing.

Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
2021-03-19 23:38:25 +10:00
Andreas Rheinhardt
a46d781905 avcodec/packet: Also change av_packet_pack/unpack_dictionary to size_t
These are auxiliary side-data functions, so they should have been
switched to size_t in d79e0fe65c,
but this has been forgotten.

Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-19 03:12:24 +01:00
Andreas Rheinhardt
04d001ca9b avcodec/avpacket: Improve overflow checks when packing dictionary
Also avoid reallocations.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-19 03:03:06 +01:00
Andreas Rheinhardt
578539564a avcodec/libxvid: Remove set-but-unused variable
Set-but-unused since 2101b99777.

Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-19 02:25:16 +01:00
Andreas Rheinhardt
7f985c2174 avcodec/libxvid: Fix leak of AVPacket on error
Regression since 2101b99777.
Fixes Coverity issue #1473721.

Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-19 02:25:09 +01:00
Andreas Rheinhardt
5edcdfc318 avcodec/pngdec: Fix memleak by postponing allocation
Fixes Coverity ticket #1322342.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2021-03-19 00:10:24 +01:00
James Almer
2995a1f294 avcodec/tests/avpacket: use av_packet_alloc() to allocate packets
Signed-off-by: James Almer <jamrial@gmail.com>
2021-03-17 15:06:48 -03:00
James Almer
4ab7670762 avcodec/webp: use av_packet_alloc() to allocate packets
Signed-off-by: James Almer <jamrial@gmail.com>
2021-03-17 15:06:48 -03:00
James Almer
fc2e022a14 avcodec/tiff: use av_packet_alloc() to allocate AVPackets
Signed-off-by: James Almer <jamrial@gmail.com>
2021-03-17 15:06:47 -03:00
James Almer
6ef104cb5f avcodec/tdsc: use av_packet_alloc() to allocate packets
Signed-off-by: James Almer <jamrial@gmail.com>
2021-03-17 15:06:47 -03:00
James Almer
b0de31e278 avcodec/pthread_frame: use av_packet_alloc() to allocate packets
Signed-off-by: James Almer <jamrial@gmail.com>
2021-03-17 15:06:47 -03:00
James Almer
ca966af497 avcodec/mpegvideo_enc: use av_packet_alloc() to allocate packets
Signed-off-by: James Almer <jamrial@gmail.com>
2021-03-17 15:06:47 -03:00
James Almer
2101b99777 avcodec/libxvid: use av_packet_alloc() to allocate packets
Signed-off-by: James Almer <jamrial@gmail.com>
2021-03-17 15:06:47 -03:00
James Almer
039ea9ec7b avcodec/encode: silence a deprecation warning about av_init_packet()
No need to adapt this code as it will be removed long before av_init_packet()

Signed-off-by: James Almer <jamrial@gmail.com>
2021-03-17 14:12:18 -03:00
James Almer
1f32e91df6 avcodec/cri: use av_packet_alloc() to allocate packets
Signed-off-by: James Almer <jamrial@gmail.com>
2021-03-17 14:12:18 -03:00
James Almer
d422b2ed87 avcodec/packet_internal: make avpriv_packet_list_* functions use an internal struct
The next pointer is kept at the end for backwards compatability until the
major bump, when it should ideally be moved at the front.

Signed-off-by: James Almer <jamrial@gmail.com>
2021-03-17 14:12:17 -03:00
James Almer
f7db77bd87 avcodec/packet: deprecate av_init_packet()
Once removed, sizeof(AVPacket) will stop being a part of the public ABI.

Signed-off-by: James Almer <jamrial@gmail.com>
2021-03-17 14:12:17 -03:00
James Almer
a1cd4191e0 avcodec/vaapi_encode: use AVCodecContext.get_encode_buffer()
Signed-off-by: James Almer <jamrial@gmail.com>
2021-03-17 13:44:16 -03:00