Commit graph

42479 commits

Author SHA1 Message Date
James Almer
3670a10c2d avcodec/libx265: export encoded frame stats
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 66b6005301894823052b437a950003ffbe3ba6de)
2020-01-01 13:50:39 -03:00
James Almer
278a91f8fe avcodec/libx265: add a qp option and apply the relevant global AVCodecContext settings to the encoder context
Signed-off-by: James Almer <jamrial@gmail.com>
2020-01-01 13:48:02 -03:00
James Almer
3c22436ddf avcodec/libx265: apply some global AVCodecContext settings to the encoder context
There's no reason to ignore them if set.

Signed-off-by: James Almer <jamrial@gmail.com>
2020-01-01 13:25:18 -03:00
Michael Niedermayer
a15d904ad7 avcodec: Replace get_bits_long() by get_bits() where possible
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-31 18:43:50 +01:00
Michael Niedermayer
f72fa1ad67 avcodec: Replace skip_bits_long() by skip_bits() where possible
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-31 18:43:50 +01:00
Michael Niedermayer
79d5d79f38 avcodec: Replace show_bits_long() by show_bits() where possible
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-31 18:43:50 +01:00
Michael Niedermayer
fa47f6412d avcodec/ffwavesynth: Fix undefined overflow in wavesynth_synth_sample()
Fixes: signed integer overflow: 2147464192 + 21176 cannot be represented in type 'int'
Fixes: 19042/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5719828090585088

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-31 18:43:50 +01:00
Michael Niedermayer
89fd76db71 avcodec/cook: Use 3 stage VLC decoding for channel_coupling
Fixes: shift exponent -1 is negative
Fixes: out of array read
Fixes: 19028/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_COOK_fuzzer-5759766471376896
Fixes: 19037/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_COOK_fuzzer-5734106625474560

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-31 18:43:50 +01:00
Michael Niedermayer
4cfc563c57 avcodec/options_table: err_detect compliant and aggressive should also enable the weaker checks
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-31 18:43:50 +01:00
Michael Niedermayer
53efab44a9 avcodec/wmalosslessdec: Fixes undefined overflow in dequantization in decode_subframe()
Fixes: signed integer overflow: 47875596 * 45 cannot be represented in type 'int'
Fixes: 19082/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5687766512041984

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-31 18:43:50 +01:00
Michael Niedermayer
aea6755611 avcodec/sonic: Check e in get_symbol()
Fixes: signed integer overflow: 1721520852 + 1721520852 cannot be represented in type 'int'
Fixes: 18346/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5709623893426176
Fixes: 18753/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5663299131932672

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-31 18:43:50 +01:00
Michael Niedermayer
4dc93ae3d7 avcodec/twinvqdec: Correct overflow in block align check
Fixes: signed integer overflow: 538976288 * 8 cannot be represented in type 'int'
Fixes: 19126/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TWINVQ_fuzzer-5687464110325760

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-31 18:43:50 +01:00
Michael Niedermayer
77ba9e3252 avcodec/h264_ps: Provide more details with "Truncated VUI" Message
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-31 18:43:50 +01:00
Zhao Zhili
f78dc66089 avcodec/utils: remove access of AV_SAMPLE_FMT_NB
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-31 12:37:47 +01:00
Zhong Li
755ad01dd1 lavc/qsv: remove the unused funtion ff_qsv_profile_to_mfx()
Signed-off-by: Zhong Li <zhongli_dev@126.com>
2019-12-29 20:23:07 +08:00
Zhong Li
779951f7b2 lavc/qsvdec: disable gpu copy when not supported
Signed-off-by: Zhong Li <zhongli_dev@126.com>
2019-12-29 20:23:07 +08:00
Zhong Li
9fff5c40a7 lavc/qsvdec: fix the error retrun code in ff_qsv_get_continuous_buffer()
Signed-off-by: Zhong Li <zhongli_dev@126.com>
2019-12-29 20:23:07 +08:00
Michael Niedermayer
26f040bcb4 avcodec/vc1dec: Fix "return -1" cases
Reviewed-by: "mypopy@gmail.com" <mypopy@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-28 11:20:48 +01:00
Michael Niedermayer
3ee9240be3 avcodec/vc1dec: Free sprite_output_frame on error
Fixes: memleaks
Fixes: 19471/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5688035714269184

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-28 11:20:48 +01:00
Michael Niedermayer
18ff210efb avcodec/atrac9dec: Clamp band_ext_data to max that can be read if skipped.
Fixes: out of array read
Fixes: 19327/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC9_fuzzer-5679823087468544

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Lynne <dev@lynne.ee>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-28 11:20:48 +01:00
Michael Niedermayer
1f20969457 avcodec/agm: Include block size in the MV check for flags == 3
Fixes: out of array read
Fixes: 19331/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AGM_fuzzer-5644115983466496

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-28 11:20:48 +01:00
Michael Niedermayer
bf5c850b79 avcodec/wmadec: Keep track of exponent initialization per channel
Fixes: division by 0
Fixes: 19123/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAV2_fuzzer-5655493121146880

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-28 11:20:48 +01:00
Michael Niedermayer
f1b97f62f8 avcodec/iff: Check that video_size is large enough for the read parameters
video is allocated before parameters like bpp are read.

Fixes: out of array access
Fixes: 19084/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5718556033679360
Fixes: 19465/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5759908398235648

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-28 11:20:48 +01:00
Andriy Gelman
fc3760a66d avcodec/v4l2_m2m_enc: Check encoder pix_fmt matches pix_fmt on device
Fixes #8079

During initialization of a v4l2m2m device, the configured pix_fmt can be
different to the pix_fmt of the encoder (i.e. avctx->pix_fmt).

For example on the Odroid XU4:
./ffmpeg -f lavfi -i yuvtestsrc -codec:v h264_v4l2m2m out.h264

will configure the v4l2 encoder to pix_fmt nv21, whereas the input
frames will be yuv444p.

This commit checks that the configured v4l2 pix_fmt on device is the
same as avctx->pix_fmt. If they are different the initialization fails
and an error is returned. Tested on RPI4 and Odroid XU4.

Signed-off-by: Andriy Gelman <andriy.gelman@gmail.com>
2019-12-27 23:42:57 +00:00
Limin Wang
93671d6755 avcodec/mvha: fix warning: variable 'size' set but not used
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
2019-12-27 13:13:39 -03:00
Limin Wang
ef91e3955a avcodec/vc1dec: remove the unneeded ()
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-26 22:22:33 +01:00
Limin Wang
f8f86f8356 avcodec/ass: remove the unneeded ()
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-26 22:22:33 +01:00
Michael Niedermayer
4fa2d5a692 avcodec/cbs_vp9: Check data_size
Fixes: out of array access
Fixes: 19542/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5659498341728256

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-26 16:06:25 +01:00
Michael Niedermayer
d6553e2e60 avcodec/cbs_vp9: Check index_size
Fixes: out of array read
Fixes: 19300/clusterfuzz-testcase-minimized-ffmpeg_BSF_VP9_METADATA_fuzzer-5653911730126848

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-25 18:00:40 +01:00
Zhong Li
5dc527f9ca lavc/midivid: check return value of init_get_bits8()
Fix CID 1456088

Signed-off-by: Zhong Li <zhongli_dev@126.com>
2019-12-23 20:14:42 +01:00
James Almer
c75f246a3c avcodec/noise_bsf: remove superfluous fail label
Signed-off-by: James Almer <jamrial@gmail.com>
2019-12-23 11:49:44 -03:00
James Almer
231ffd7e63 avcodec/hevcdec: keep closed captions in sync between multiple thread contexts
Based on h264 code.

Reviewed-by: Limin Wang <lance.lmwang@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
2019-12-21 16:10:21 -03:00
Limin Wang
5e5bbd21e6 avcodec/h264_sei: fix the size of user data unregistered
According to the specifications, the payloadSize includes the 16-byte size of UUID.

Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
2019-12-20 22:46:04 -03:00
Limin Wang
dbb051767f avcodec/hevc_sei: switch to AVBufferRef buffer for a53 caption
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
2019-12-20 13:55:22 -03:00
James Almer
8887991a31 avcodec/cbs_av1: add missing valid range of values for num_cb_points and num_cr_points
It is a requirement of bitstream conformance that num_cr_points is less than or equal to 10.
It is a requirement of bitstream conformance that num_cb_points is less than or equal to 10.

Signed-off-by: James Almer <jamrial@gmail.com>
2019-12-19 01:04:10 -03:00
Linjie Fu
e43d66dc67 lavc/h264dec.h: remove unused ff_h264_decode_slice_header
Once removed in 4a9bab3db0.

Introduced again in b25cd7540e.

Signed-off-by: Linjie Fu <fulinjie@zju.edu.cn>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-17 23:41:47 +01:00
Linjie Fu
d31a290226 lavc/hevc_cabac: fix cbf_cb and cbf_cr for transform depth 4
The max transform depth is 5(from 0 to 4), so we need 5 cabac states for
cbf_cb and cbf_cr.

See Table 9-4 for details.

Signed-off-by: Xu Guangxin <guangxin.xu@intel.com>
Signed-off-by: Linjie Fu <linjie.fu@intel.com>
Signed-off-by: James Almer <jamrial@gmail.com>
2019-12-17 14:12:16 -03:00
Lynne
377a095dc3
vc2enc: zero padding of the coefficient buffer
Wavelet types with large amounts of overreading/writing like 9_7 would
write into the padding at high wavelet depths, which would remain and be
read by the next frame's transform and quickly cause artifacts to appear
for subsequent frames.
This fix affects all frames encoded with a non-power-of-two width, with
the artifacts varying between non-observable to very noticeable,
depending on encoder settings, so reencoding is advisable.
2019-12-17 14:56:33 +00:00
Linjie Fu
efefba61f8 lavc/vaapi_encode: grow packet if vaMapBuffer returns multiple buffers
Currently, assigning new buffer for pkt when multiple buffers were returned
from vaMapBuffer will overwrite the previous encoded pkt data and lead
to encode issues.

Iterate through the buf_list first to find out the total buffer size
needed for the pkt, allocate the whole pkt to avoid repeated reallocation
and memcpy, then copy data from each buf to pkt.

Signed-off-by: Linjie Fu <linjie.fu@intel.com>
2019-12-17 07:57:03 +08:00
Carl Eugen Hoyos
9f6a06d927 lavc/allcodecs: Add mpeg4 omx encoder, missed in 0e387232 2019-12-16 22:45:34 +01:00
Andriy Gelman
c07a772473 lavc/cbs_h2645_syntax_template: Fix memleak
payload_count is used to track the number of SEI payloads. It is also
used to free the SEIs in cbs_h264_free_sei()/cbs_h265_free_sei().

Currently, payload_count is set after for loop is completed. Hence if
there is an error and the function exits, the payload remains zero
causing a memleak.

This commit keeps track of payload_count inside the for loop to fix the
issue. Note that that the contents of current are initialized with
av_mallocz() so there is no need to zero initialize payload_count.

Found-by: libFuzzer
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Andriy Gelman <andriy.gelman@gmail.com>
2019-12-16 12:04:45 -03:00
Andreas Rheinhardt
ed9279afbd h264_mp4toannexb: Remove unnecessary check
There can be at most 31 SPS and 255 PPS in the mp4/Matroska extradata.
Given that each has a size of at most 2^16-1, the length of the output
derived from these parameter sets can never overflow an ordinary 32 bit
integer. So use a simple uint32_t instead of uint64_t and replace the
unnecessary check with an av_assert1.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-15 23:43:49 +01:00
Michael Niedermayer
9fe07908c3 avcodec/adpcm: Clip predictor for APC
Fixes: signed integer overflow: -2147483648 - 13 cannot be represented in type 'int'
Fixes: 18893/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_IMA_APC_fuzzer-5630760442920960

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-15 01:01:22 +01:00
Michael Niedermayer
01593278ce avcodec/targa: Check colors vs. available space
Fixes: Timeout (37sec -> 52ms)
Fixes: 18892/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TARGA_fuzzer-5739537854889984

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-15 01:01:22 +01:00
Michael Niedermayer
a76690c02b avcodec/dstdec: Use get_ur_golomb_jpegls()
Fixes: shift exponent -4 is negative
Fixes: 17793/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DST_fuzzer-5766088435957760
Fixes: 18989/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DST_fuzzer-5175008116867072

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-15 01:01:22 +01:00
Michael Niedermayer
19c41969b2 avcodec/wmavoice: Check remaining input in parse_packet_header()
Fixes: Infinite loop
Fixes: 18914/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAVOICE_fuzzer-5731902946541568

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-15 01:01:22 +01:00
Michael Niedermayer
92455c8c65 avcodec/wmalosslessdec: Fix 2 overflows in mclms
Fixes: signed integer overflow: 2038337026 + 109343477 cannot be represented in type 'int'
Fixes: 18886/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5673660505653248

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-15 01:01:22 +01:00
Michael Niedermayer
6b7bcd437e avcodec/decode: Fix integer overflow in max_samples check
Fixes: signed integer overflow: 1677721600 * 32 cannot be represented in type 'int'
Fixes: 18885/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5741242185154560

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-15 01:01:22 +01:00
Michael Niedermayer
a9cc69c0d5 avcodec/wmaprodec: Fixes integer overflow with 32bit samples
Fixes: left shift of 1 by 31 places cannot be represented in type 'int'
Fixes: 18860/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAPRO_fuzzer-5755223125786624

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-15 01:01:22 +01:00
Michael Niedermayer
50db30b47d avcodec/adpcm: Fix invalid shift in xa_decode()
Fixes: left shift of negative value -1
Fixes: 18859/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_XA_fuzzer-5748474213040128

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-12-15 01:01:22 +01:00