ffmpeg.git
4 hours agoavcodec/av1dec: Check for unset obu instead of crashing master
Michael Niedermayer [Sun, 25 Oct 2020 23:00:56 +0000 (00:00 +0100)]
avcodec/av1dec: Check for unset obu instead of crashing

Fixes: NULL pointer dereference
Fixes: 26550/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AV1_fuzzer-5417762807349248

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
14 hours agoavcodec/dirac_parser: do not offset AV_NOPTS_OFFSET
Michael Niedermayer [Fri, 23 Oct 2020 18:29:50 +0000 (20:29 +0200)]
avcodec/dirac_parser: do not offset AV_NOPTS_OFFSET

Fixes: signed integer overflow: -9223372036854775807 - 48000 cannot be represented in type 'long long'
Fixes: 26521/clusterfuzz-testcase-minimized-ffmpeg_dem_DIRAC_fuzzer-5635536506847232

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Lynne <dev@lynne.ee>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
15 hours agoavcodec/mobiclip: Use smaller type for codes
Andreas Rheinhardt [Sat, 24 Oct 2020 11:01:07 +0000 (13:01 +0200)]
avcodec/mobiclip: Use smaller type for codes

Even though the length of these codes is > 8, only the lowest seven bits
are ever set (because the long codes are on the left of the tree), so
one can use an uint8_t for them, saving space.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
16 hours agoavcodec/mobiclip: Use static VLC tables
Andreas Rheinhardt [Sat, 24 Oct 2020 10:50:17 +0000 (12:50 +0200)]
avcodec/mobiclip: Use static VLC tables

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
16 hours agoavcodec/mobiclip: Don't use too big max_depth, inline constants
Andreas Rheinhardt [Sat, 24 Oct 2020 10:26:51 +0000 (12:26 +0200)]
avcodec/mobiclip: Don't use too big max_depth, inline constants

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
16 hours agoavcodec/mobiclip: Don't check for errors for complete VLCs
Andreas Rheinhardt [Sat, 24 Oct 2020 10:15:58 +0000 (12:15 +0200)]
avcodec/mobiclip: Don't check for errors for complete VLCs

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
16 hours agoavcodec/mobiclip: Reduce size of VLCs, inline constants
Andreas Rheinhardt [Sat, 24 Oct 2020 09:41:37 +0000 (11:41 +0200)]
avcodec/mobiclip: Reduce size of VLCs, inline constants

The longest motion vector VLC for mobiclip is six bits long, so using
eight bits for the VLC table is wasteful. Furthermore, the length can be
inlined.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
16 hours agoavcodec/rv34: Simplify getting right VLC
Andreas Rheinhardt [Thu, 22 Oct 2020 10:02:11 +0000 (12:02 +0200)]
avcodec/rv34: Simplify getting right VLC

For both RealVideo 3.0 as well as RealVideo 4.0 the VLC table to use
depends upon the slice's quantization parameter; these are coded on five
bits in the bitstream and are therefore in the range of 0..31; yet the
last element here is not valid and therefore the quantizer is clipped to
the range 0..30 to get the index. But this is unnecessary: One can just
add one element more to the relevant array to avoid the clipping.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
16 hours agoavcodec/rv34: Don't needlessly copy VLC length and symbol arrays
Andreas Rheinhardt [Thu, 22 Oct 2020 08:57:40 +0000 (10:57 +0200)]
avcodec/rv34: Don't needlessly copy VLC length and symbol arrays

Most of the VLCs used by RealVideo 3 and 4 obey three simple rules:
Shorter codes are on the left of the tree, for each length, the symbols
are ascending from left to right and the symbols either form a
permutation of 1..size or 0..(size - 1). For the latter case, one just
needs to store the length of each symbol and create the codes according
to the other rules; no explicit code or symbol array must be stored.
The former case is also treated in much the same way by artificially
assigning a length of zero to the symbol 0; when a length of zero was
encountered, the element was ignored except that the symbol counter was
still incremented. If the length was nonzero, the symbol would be
assigned via the symbol counter and the length copied over into a new
array.

Yet this is unnecessary, as ff_init_vlc_sparse() follows exactly the
same pattern: If a length of zero is encountered, the element is ignored
and only the symbol counter incremented. So one can directly forward the
length array and also need not create a symbol table oneself, because
ff_init_vlc_sparse() will infer the same symbol table in this case.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
16 hours agoavcodec/vp3: Make parsing Theora Huffman tables more spec-compliant
Andreas Rheinhardt [Tue, 20 Oct 2020 06:31:17 +0000 (08:31 +0200)]
avcodec/vp3: Make parsing Theora Huffman tables more spec-compliant

Theora allows to use custom Huffman tables which are coded in the
bitstream as a tree: Whether the next node is a leaf or not is coded
in a bit; each node itself contains a five bit token. Each tree can
contain at most 32 leafs; typically they contain exactly 32 with the 32
symbols forming a permutation of 0..31. Yet the standard does not impose
either of these requirements. It explicitly allows less than 32 leafs
and multiple codes with the same token.

But our decoder used an algorithm that required the codes->token mapping
to be injective and that also presumed that there be at least two leafs:
Instead of using an array for codes, tokens and code lengths, the
decoder only had arrays for codes and code lengths. The code and length
for a given token were stored in entry[token]. As no symbols table was
used when initializing the VLC, the default one applied and therefore
the entry[token] got the symbol token (if the length of said entry is >0).
Yet if multiple codes had the same token, the codes and lengths from the
later token would overwrite the earlier codes and lengths.

Furthermore, less than 32 leafs could also lead to problems: Namely if
this was not the first time Huffman tables have been parsed in which
case the array is not zeroed initially so that old entries could make
the new table invalid.

libtheora seems to always use 32 leafs and no duplicate tokens; I am not
aware of any existing valid files that do not.

This is fixed by using a codes, symbols and lengths array when
initializing the VLC. In order to reduce the amount of stuff kept in the
context only the symbols and lengths (which both fit into an uint8_t)
are kept in the context; the codes are derived from the lengths
immediately before creating the tables.

There is now only one thing left which is not spec-compliant: Trees with
only one node (which has length zero) are not supported by
ff_init_vlc_sparse() yet.

Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
19 hours agotests/audiomatch: removes a warning when compiling tests/audiomatch
Steven Liu [Mon, 19 Oct 2020 06:05:36 +0000 (14:05 +0800)]
tests/audiomatch: removes a warning when compiling tests/audiomatch

the warning message:
warning: using floating point absolute value function
'fabs' when argument is of integer type
use FFABS to set the absolute value.

Signed-off-by: liuqi05 <liuqi05@kuaishou.com>
20 hours agoavcodec/adpcm_ima_cunning: document origin of tables
Zane van Iperen [Sat, 24 Oct 2020 05:47:55 +0000 (15:47 +1000)]
avcodec/adpcm_ima_cunning: document origin of tables

Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
26 hours agolavfi/Makefile: Remove opencl object files when calling make clean.
Carl Eugen Hoyos [Sun, 25 Oct 2020 20:18:34 +0000 (21:18 +0100)]
lavfi/Makefile: Remove opencl object files when calling make clean.

33 hours agofate: add adpcm_ima_alp encoding test
Zane van Iperen [Fri, 23 Oct 2020 08:23:12 +0000 (18:23 +1000)]
fate: add adpcm_ima_alp encoding test

33 hours agoavformat: add alp muxer
Zane van Iperen [Wed, 21 Oct 2020 13:20:20 +0000 (23:20 +1000)]
avformat: add alp muxer

33 hours agoavcodec: add adpcm_ima_alp encoder
Zane van Iperen [Fri, 23 Oct 2020 08:14:59 +0000 (18:14 +1000)]
avcodec: add adpcm_ima_alp encoder

33 hours agoavformat/alp: fix handling of TUN files
Zane van Iperen [Fri, 23 Oct 2020 11:35:53 +0000 (21:35 +1000)]
avformat/alp: fix handling of TUN files

Sample rate is always 22050. Verified by trying various files in the game.

35 hours agoavfilter/vf_v360: make commands always do relative rotation
Paul B Mahol [Sun, 25 Oct 2020 11:46:29 +0000 (12:46 +0100)]
avfilter/vf_v360: make commands always do relative rotation

38 hours agotools/target_dec_fuzzer: adjust threshold for wmalossless
Michael Niedermayer [Tue, 20 Oct 2020 16:48:08 +0000 (18:48 +0200)]
tools/target_dec_fuzzer: adjust threshold for wmalossless

Fixes: Timeout (>30sec -> 0.5sec)
Fixes: 26351/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5191487740182528

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
38 hours agoavformat/rmdec: Make expected_len 64bit
Michael Niedermayer [Tue, 20 Oct 2020 19:32:59 +0000 (21:32 +0200)]
avformat/rmdec: Make expected_len 64bit

Fixes: signed integer overflow: 1347551268 * 14 cannot be represented in type 'int'
Fixes: 26458/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-5655364324032512

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
38 hours agoavformat/pcm: Check block_align
Michael Niedermayer [Tue, 20 Oct 2020 19:44:32 +0000 (21:44 +0200)]
avformat/pcm: Check block_align

Fixes: signed integer overflow: 321 * 8746632 cannot be represented in type 'int'
Fixes: 26461/clusterfuzz-testcase-minimized-ffmpeg_dem_PVF_fuzzer-6326427831762944

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
38 hours agoavformat/lrcdec: Clip timestamps
Michael Niedermayer [Tue, 20 Oct 2020 19:55:13 +0000 (21:55 +0200)]
avformat/lrcdec: Clip timestamps

Fixes: signed integer overflow: 7111111111111531010 - -7335632962598013506 cannot be represented in type 'long'
Fixes: 26463/clusterfuzz-testcase-minimized-ffmpeg_dem_LRC_fuzzer-6015558333759488

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
38 hours agoavutil/mathematics: Use av_sat_add64() for the last addition in av_add_stable()
Michael Niedermayer [Tue, 20 Oct 2020 20:10:39 +0000 (22:10 +0200)]
avutil/mathematics: Use av_sat_add64() for the last addition in av_add_stable()

Fixes: signed integer overflow: 9223372036854770375 + 5450 cannot be represented in type 'long'
Fixes: 26471/clusterfuzz-testcase-minimized-ffmpeg_dem_MXG_fuzzer-6229617557635072

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
38 hours agotests/fate/hevc: Add test for 3fbf8737923ac49754946a2505367630544b87f1
Michael Niedermayer [Thu, 22 Oct 2020 09:20:36 +0000 (11:20 +0200)]
tests/fate/hevc: Add test for 3fbf8737923ac49754946a2505367630544b87f1

Tested-on: x86-32/64/ARM/MIPS Linux, Mingw/WINE 32/64
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
38 hours agoavcodec/pgxdec: Check depth more completely
Michael Niedermayer [Thu, 8 Oct 2020 19:19:14 +0000 (21:19 +0200)]
avcodec/pgxdec: Check depth more completely

Fixes: shift exponent -1 is negative
Fixes: 26107/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PGX_fuzzer-5378790047612928

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
38 hours agoavformat/electronicarts: Check for EOF in each iteration of the loop in ea_read_packet()
Michael Niedermayer [Sat, 24 Oct 2020 17:24:30 +0000 (19:24 +0200)]
avformat/electronicarts: Check for EOF in each iteration of the loop in ea_read_packet()

Fixes: timeout(>20sec -> 1ms)
Fixes: 26526/clusterfuzz-testcase-minimized-ffmpeg_dem_EA_fuzzer-5672328069120000

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 days agotools/target_dem_fuzzer: Limit max blocks
Michael Niedermayer [Fri, 23 Oct 2020 16:54:51 +0000 (18:54 +0200)]
tools/target_dem_fuzzer: Limit max blocks

With a IO block size of 1 byte potentially megabytes are quite slow to read, thus
limit the number

Fixes: 26511/clusterfuzz-testcase-minimized-ffmpeg_dem_NUV_fuzzer-5679249073373184
Fixes: 26517/clusterfuzz-testcase-minimized-ffmpeg_dem_XMV_fuzzer-6316634501021696
Fixes: 26518/clusterfuzz-testcase-minimized-ffmpeg_dem_WSVQA_fuzzer-485568285324083
Fixes: 26525/clusterfuzz-testcase-minimized-ffmpeg_dem_MSNWC_TCP_fuzzer-5121987011411968
Fixes: 26538/clusterfuzz-testcase-minimized-ffmpeg_dem_DHAV_fuzzer-5441800598454272
Fixes: OOM
Fixes: Timeout

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 days agoavformat/ifv: Check that total frames do not overflow
Michael Niedermayer [Sat, 17 Oct 2020 21:29:42 +0000 (23:29 +0200)]
avformat/ifv: Check that total frames do not overflow

Fixes: Infinite loop
Fixes: 26392/clusterfuzz-testcase-minimized-ffmpeg_dem_GIF_fuzzer-5713658237419520
Fixes: 26435/clusterfuzz-testcase-minimized-ffmpeg_dem_SUBVIEWER_fuzzer-6548251853193216

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 days agoavutil/common: Implement av_sat_add64_c() with fewer branches
Michael Niedermayer [Mon, 19 Oct 2020 08:20:26 +0000 (10:20 +0200)]
avutil/common: Implement av_sat_add64_c() with fewer branches

No benchmark because this is not used in any speed relevant pathes nor is it
used where __builtin_add_overflow is available.
So I do not know how to realistically benchmark it.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 days agoavcodec/vp9dsp_template: Fix some overflows in iadst8_1d()
Michael Niedermayer [Sun, 18 Oct 2020 20:04:14 +0000 (22:04 +0200)]
avcodec/vp9dsp_template: Fix some overflows in iadst8_1d()

Fixes: signed integer overflow: 190587 * 11585 cannot be represented in type 'int'
Fixes: 26407/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP9_fuzzer-5086348408782848

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 days agoavcodec/fits: Check bscale
Michael Niedermayer [Sun, 18 Oct 2020 19:54:14 +0000 (21:54 +0200)]
avcodec/fits: Check bscale

Fixes: division by 0
Fixes: 26208/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FITS_fuzzer-6270472117026816

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 days agoavformat/nistspheredec: Check bps
Michael Niedermayer [Mon, 19 Oct 2020 08:53:31 +0000 (10:53 +0200)]
avformat/nistspheredec: Check bps

Fixes: left shift of 1111111190 by 3 places cannot be represented in type 'int'
Fixes: 26437/clusterfuzz-testcase-minimized-ffmpeg_dem_NISTSPHERE_fuzzer-4886896091856896

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 days agoavformat/jacosubdec: Use 64bit inside get_shift()
Michael Niedermayer [Mon, 19 Oct 2020 15:29:01 +0000 (17:29 +0200)]
avformat/jacosubdec: Use 64bit inside get_shift()

Fixes: signed integer overflow: 111111111 * 30 cannot be represented in type 'int'
Fixes: 26448/clusterfuzz-testcase-minimized-ffmpeg_dem_JACOSUB_fuzzer-5638440374501376

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 days agoavformat/genh: Check block_align
Michael Niedermayer [Mon, 19 Oct 2020 15:05:01 +0000 (17:05 +0200)]
avformat/genh: Check block_align

Fixes: infinite loop
Fixes: 26440/clusterfuzz-testcase-minimized-ffmpeg_dem_GENH_fuzzer-5632134020333568

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 days agoavformat/mvi: Check count for overflow
Michael Niedermayer [Mon, 19 Oct 2020 15:39:30 +0000 (17:39 +0200)]
avformat/mvi: Check count for overflow

Fixes: left shift of 21378748 by 10 places cannot be represented in type 'int'
Fixes: 26449/clusterfuzz-testcase-minimized-ffmpeg_dem_MVI_fuzzer-5680463374712832

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 days agoavcodec/mpeg4videodec: Use smallest max_depth in get_vlc2()
Andreas Rheinhardt [Fri, 23 Oct 2020 18:00:27 +0000 (20:00 +0200)]
avcodec/mpeg4videodec: Use smallest max_depth in get_vlc2()

The longest code here is 12 bits long and can be read in two attempts.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2 days agoavcodec/imc: Inline constants
Andreas Rheinhardt [Fri, 23 Oct 2020 15:47:33 +0000 (17:47 +0200)]
avcodec/imc: Inline constants

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2 days agoavcodec/magicyuv: Check slice size before reading flags and pred
Michael Niedermayer [Fri, 23 Oct 2020 18:39:33 +0000 (20:39 +0200)]
avcodec/magicyuv: Check slice size before reading flags and pred

Fixes: heap-buffer-overflow
Fixes: 26487/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MAGICYUV_fuzzer-5742553675333632

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 days agoavcodec/wmadec: Don't check for errors for complete VLC tables
Andreas Rheinhardt [Thu, 22 Oct 2020 18:41:46 +0000 (20:41 +0200)]
avcodec/wmadec: Don't check for errors for complete VLC tables

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
3 days agoavcodec/wma: Remove unused array
Andreas Rheinhardt [Thu, 22 Oct 2020 18:21:11 +0000 (20:21 +0200)]
avcodec/wma: Remove unused array

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
3 days agoavformat/asfdec_f: Check for negative ext_len
Michael Niedermayer [Fri, 16 Oct 2020 09:13:19 +0000 (11:13 +0200)]
avformat/asfdec_f: Check for negative ext_len

Fixes: Infinite loop
Fixes: 26376/clusterfuzz-testcase-minimized-ffmpeg_dem_PCM_U32LE_fuzzer-6050518830678016
Fixes: 26377/clusterfuzz-testcase-minimized-ffmpeg_dem_TY_fuzzer-4838195726123008
Fixes: 26384/clusterfuzz-testcase-minimized-ffmpeg_dem_G729_fuzzer-5173450337157120
Fixes: 26396/clusterfuzz-testcase-minimized-ffmpeg_dem_PCM_S24BE_fuzzer-5071092206796800

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 days agoavformat/bethsoftvid: Check image dimensions before use
Michael Niedermayer [Sat, 17 Oct 2020 20:19:58 +0000 (22:19 +0200)]
avformat/bethsoftvid: Check image dimensions before use

Fixes: signed integer overflow: 55255 * 53207 cannot be represented in type 'int'
Fixes: 26387/clusterfuzz-testcase-minimized-ffmpeg_dem_AVS2_fuzzer-5684222226071552

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 days agoavformat/genh: Check block_align for how it will be used in SDX2_DPCM
Michael Niedermayer [Sat, 17 Oct 2020 21:40:57 +0000 (23:40 +0200)]
avformat/genh: Check block_align for how it will be used in SDX2_DPCM

Fixes: signed integer overflow: 19922944 * 1024 cannot be represented in type 'int'
Fixes: 26402/clusterfuzz-testcase-minimized-ffmpeg_dem_VMD_fuzzer-5745470053548032

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 days agoavformat/au: Check for EOF in au_read_annotation()
Michael Niedermayer [Thu, 15 Oct 2020 20:19:32 +0000 (22:19 +0200)]
avformat/au: Check for EOF in au_read_annotation()

Fixes: Timeout (too looong -> 1 ms)
Fixes: 26366/clusterfuzz-testcase-minimized-ffmpeg_dem_SDX_fuzzer-5655584843759616
Fixes: 26391/clusterfuzz-testcase-minimized-ffmpeg_dem_ALP_fuzzer-5484026133217280

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 days agotools/target_dec_fuzzer: Adjust threshold for opus
Michael Niedermayer [Sun, 4 Oct 2020 17:14:40 +0000 (19:14 +0200)]
tools/target_dec_fuzzer: Adjust threshold for opus

Fixes: Timeout (12sec -> 3sec)
Fixes: 24549/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LIBOPUS_fuzzer-6211170349088768

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 days agoavformat/vividas: Check for zero v_size
Michael Niedermayer [Wed, 21 Oct 2020 22:37:30 +0000 (00:37 +0200)]
avformat/vividas: Check for zero v_size

Fixes: SEGV on unknown address 0x000000000000
Fixes: 26482/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-4905102324006912

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 days agoavformat/segafilm: Do not assume AV_CODEC_ID_NONE is 0
Michael Niedermayer [Thu, 22 Oct 2020 16:18:43 +0000 (18:18 +0200)]
avformat/segafilm: Do not assume AV_CODEC_ID_NONE is 0

Suggested-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 days agoavformat/segafilm: Check that there is a stream
Michael Niedermayer [Wed, 21 Oct 2020 22:37:25 +0000 (00:37 +0200)]
avformat/segafilm: Check that there is a stream

Fixes: assertion failure
Fixes: 26472/clusterfuzz-testcase-minimized-ffmpeg_dem_SEGAFILM_fuzzer-5759751591559168

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 days agoavformat/udp: cosmetics
Limin Wang [Sat, 10 Oct 2020 14:35:32 +0000 (22:35 +0800)]
avformat/udp: cosmetics

Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
4 days agoavformat/udp: clarify option description for timeout unit
Limin Wang [Sat, 10 Oct 2020 14:11:12 +0000 (22:11 +0800)]
avformat/udp: clarify option description for timeout unit

Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
4 days agoavformat/rtsp: reuse POLLING_TIME and remove POLL_TIMEOUT_MS
Limin Wang [Sat, 10 Oct 2020 13:50:08 +0000 (21:50 +0800)]
avformat/rtsp: reuse POLLING_TIME and remove POLL_TIMEOUT_MS

Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
4 days agoavformat/rtsp: support for listen_timeout option for sdp
Limin Wang [Sat, 10 Oct 2020 13:30:21 +0000 (21:30 +0800)]
avformat/rtsp: support for listen_timeout option for sdp

Now the listen timeout is hardcoded(10s).
How to test(30s timeout):
./ffprobe  -listen_timeout 30 -protocol_whitelist rtp,udp,file -i test.sdp

Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
4 days agoavformat/rtpproto: support for rtp read timeout
Limin Wang [Sat, 10 Oct 2020 12:35:44 +0000 (20:35 +0800)]
avformat/rtpproto: support for rtp read timeout

then we can set the rtp read timeout instead of infinite timeout.

How to test(5s timeout):
./ffprobe -i rtp://192.168.1.67:1234?timeout=5000000

Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
4 days agolibavformat/hls: use local var url for log to avoid crash
bevis [Mon, 19 Oct 2020 02:07:57 +0000 (10:07 +0800)]
libavformat/hls: use local var url for log to avoid crash

During operation, the user exits and interrupts,
causing pls->segment to be released,
resulting in a null pointer crash

Signed-off-by: bevis <javashu2012@gmail.com>
Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
5 days agoavcodec/nvenc: removed unused and deprecated field
Timo Rothenpieler [Wed, 21 Oct 2020 16:47:30 +0000 (18:47 +0200)]
avcodec/nvenc: removed unused and deprecated field

5 days agoavcodec/nvenc: reduce automated use of deprecated modes
Timo Rothenpieler [Wed, 21 Oct 2020 16:45:52 +0000 (18:45 +0200)]
avcodec/nvenc: reduce automated use of deprecated modes

5 days agoavcodec/nvenc: mark newly deprecated rc modes
Timo Rothenpieler [Wed, 21 Oct 2020 16:17:08 +0000 (18:17 +0200)]
avcodec/nvenc: mark newly deprecated rc modes

5 days agoavcodec/nvenc: use alias to provide deprecated profiles
Timo Rothenpieler [Wed, 21 Oct 2020 15:52:43 +0000 (17:52 +0200)]
avcodec/nvenc: use alias to provide deprecated profiles

5 days agoavformat/wtvdec: Check dir_length
Michael Niedermayer [Mon, 19 Oct 2020 15:59:53 +0000 (17:59 +0200)]
avformat/wtvdec: Check dir_length

Fixes: Infinite loop
Fixes: 26445/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-5125558331244544

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 days agoavformat/ffmetadec: finalize AVBPrint on errors
Michael Niedermayer [Tue, 20 Oct 2020 20:56:13 +0000 (22:56 +0200)]
avformat/ffmetadec: finalize AVBPrint on errors

Fixes: memleak
Fixes: 26450/clusterfuzz-testcase-minimized-ffmpeg_dem_FFMETADATA_fuzzer-6249850443923456

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 days agoavcodec/on2avc: Remove redundant code for freeing
Andreas Rheinhardt [Mon, 19 Oct 2020 04:03:18 +0000 (06:03 +0200)]
avcodec/on2avc: Remove redundant code for freeing

This decoder has the FF_CODEC_CAP_INIT_CLEANUP set.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
5 days agoavcodec/on2avc: Use least max_depth for get_vlc2()
Andreas Rheinhardt [Sun, 18 Oct 2020 05:46:16 +0000 (07:46 +0200)]
avcodec/on2avc: Use least max_depth for get_vlc2()

The longest codes of any VLC codebooks are 18 bits long and the VLC
tables itself use 9 bits; therefore it is sufficient to read twice from
the table, yet this has been done thrice.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
5 days agoavcodec/on2avc: Unify initializing quad and pair VLCs
Andreas Rheinhardt [Sun, 18 Oct 2020 05:20:43 +0000 (07:20 +0200)]
avcodec/on2avc: Unify initializing quad and pair VLCs

Up until now, quad VLCs are initialized with codes of type uint32_t,
pair VLCs with codes of type uint16_t. There were two separate loops in
the decoder's init function for each type of VLC. This commit unifies
this: The type of the codes are now passed in as void * and the actual
size of the codes is obtained from a table. This approach also allows to
use the smallest type for each VLC code table: some quad tables actually
fitted in uint16_t. This allows to remove about 7KB from the binary.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
5 days agoavcodec/on2avcdata: Deduplicate symbol tables
Andreas Rheinhardt [Sun, 18 Oct 2020 04:32:05 +0000 (06:32 +0200)]
avcodec/on2avcdata: Deduplicate symbol tables

Saves about 10KB.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
5 days agoavcodec/vp3: Unify initializing and freeing VLC tables
Andreas Rheinhardt [Mon, 19 Oct 2020 19:25:47 +0000 (21:25 +0200)]
avcodec/vp3: Unify initializing and freeing VLC tables

Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
5 days agoavcodec/vp3: Check allocations of VLCs
Andreas Rheinhardt [Mon, 19 Oct 2020 18:59:58 +0000 (20:59 +0200)]
avcodec/vp3: Check allocations of VLCs

It would lead to crashs lateron if they failed.

Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
5 days agoavcodec/vp3: Fix memleak upon init failure
Andreas Rheinhardt [Mon, 19 Oct 2020 18:23:54 +0000 (20:23 +0200)]
avcodec/vp3: Fix memleak upon init failure

Up until now, there was no cleanup in case initializing the Theora VLC
tables failed, leading to memleaks. This commit gets rid of them by
setting the FF_CODEC_CAP_INIT_CLEANUP flag for all decoders in vp3.c;
this also allows to remove some (now redundant) cleanup code.

Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
5 days agodoc/general_contents.texi: add uavs3d section
hwren [Tue, 6 Oct 2020 07:02:00 +0000 (15:02 +0800)]
doc/general_contents.texi: add uavs3d section

Signed-off-by: hwren <hwrenx@126.com>
5 days agofate: add test for adpcm_swf in wav
Zane van Iperen [Fri, 16 Oct 2020 08:09:27 +0000 (18:09 +1000)]
fate: add test for adpcm_swf in wav

Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
5 days agoavcodec/adpcm_swf: support custom block size for encoding
Zane van Iperen [Sat, 17 Oct 2020 03:55:51 +0000 (13:55 +1000)]
avcodec/adpcm_swf: support custom block size for encoding

Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
5 days agoavcodec/adpcm_swf: set block_align when encoding
Zane van Iperen [Fri, 16 Oct 2020 03:51:58 +0000 (13:51 +1000)]
avcodec/adpcm_swf: set block_align when encoding

Allows it to be muxed to WAVs.

Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
5 days agoavcodec/adpcm_swf: support decoding multiple fixed-sized blocks at once
Zane van Iperen [Fri, 16 Oct 2020 03:14:25 +0000 (13:14 +1000)]
avcodec/adpcm_swf: support decoding multiple fixed-sized blocks at once

For incoming packets from WAV.

Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
5 days agoavformat/riff: prevent muxing adpcm_swf with a variable block size
Zane van Iperen [Thu, 15 Oct 2020 14:02:18 +0000 (00:02 +1000)]
avformat/riff: prevent muxing adpcm_swf with a variable block size

Prefer to error than to create a broken file. Closes ticket #5829.

Effectively disables remuxing adpcm_swf from flv -> wav.

Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
6 days agoavfilter: add audio frequency and phase shift filters
Paul B Mahol [Sat, 17 Oct 2020 18:34:08 +0000 (20:34 +0200)]
avfilter: add audio frequency and phase shift filters

6 days agoavfilter/avf_aphasemeter: add out of phase and mono detection
Romane Lafon [Mon, 12 Oct 2020 17:01:17 +0000 (19:01 +0200)]
avfilter/avf_aphasemeter: add out of phase and mono detection

Extend aphasemeter to detect out of phase or mono sequences in
stereo streams.

Signed-off-by: Romane Lafon <romane@nomalab.com>
6 days agoavcodec/notchlc: Revert incorrect compression bound
Michael Niedermayer [Tue, 20 Oct 2020 15:18:11 +0000 (17:18 +0200)]
avcodec/notchlc: Revert incorrect compression bound

Revert "avcodec/notchlc: Check uncompressed size against input for LZ4"

Found-by: durandal_1707
This reverts commit 51002362c4ed301e54cea1597666cd5cc9a134f3.

6 days agoavcodec/decode/ff_get_buffer: Check for overflow in FFALIGN()
Michael Niedermayer [Tue, 13 Oct 2020 21:01:38 +0000 (23:01 +0200)]
avcodec/decode/ff_get_buffer: Check for overflow in FFALIGN()

Fixes: signed integer overflow: 2147483647 + 64 cannot be represented in type 'int'
Fixes: 26218/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CRI_fuzzer-5734075396259840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 days agoavcodec/cri: Check for end of image in unpack_10bit()
Michael Niedermayer [Wed, 14 Oct 2020 21:21:03 +0000 (23:21 +0200)]
avcodec/cri: Check for end of image in unpack_10bit()

Fixes: out of array write
Fixes: 26242/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CRI_fuzzer-5161495882891264

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 days agolibavformat/utils: Fix misleading indent
Chris Miceli [Tue, 13 Oct 2020 04:59:06 +0000 (15:59 +1100)]
libavformat/utils: Fix misleading indent

6f69f7a8bf6a0d013985578df2ef42ee6b1c7994 introduced this and it was part
of a very large merging of refactoring. Current behaviour is what is
reflected by this indenting change, however my understanding of timing
is such that this correct behaviour.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 days agoavcodec/adpcm: Check channels before use for ADPCM_PSX
Michael Niedermayer [Thu, 15 Oct 2020 20:09:10 +0000 (22:09 +0200)]
avcodec/adpcm: Check channels before use for ADPCM_PSX

Fixes: division by zero
Fixes: 26293/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_PSX_fuzzer-5176665237618688
Fixes: 26331/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_PSX_fuzzer-5632330364092416

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 days agoavcodec/mobiclip: Avoid signed integer overflows in idct()
Michael Niedermayer [Fri, 16 Oct 2020 15:55:26 +0000 (17:55 +0200)]
avcodec/mobiclip: Avoid signed integer overflows in idct()

Fixes: signed integer overflow: 536870912 + 1610612736 cannot be represented in type 'int'
Fixes: 26288/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOBICLIP_fuzzer-6194364759670784

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 days agoavcodec/exr: Check limits to avoid overflow in delta computation
Michael Niedermayer [Fri, 16 Oct 2020 16:08:37 +0000 (18:08 +0200)]
avcodec/exr: Check limits to avoid overflow in delta computation

Fixes: signed integer overflow: 553590816 - -2145378049 cannot be represented in type 'int'
Fixes: 26315/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5938755121446912
Fixes: 26340/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5644316208529408

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 days agoavformat/boadec: Check that channels and block_align are set
Michael Niedermayer [Fri, 16 Oct 2020 17:09:37 +0000 (19:09 +0200)]
avformat/boadec: Check that channels and block_align are set

Fixes: Infinite loop
Fixes: 26381/clusterfuzz-testcase-minimized-ffmpeg_dem_BOA_fuzzer-5745789089087488

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 days agoavformat/av1dec: Fix padding in obu_get_packet()
Michael Niedermayer [Fri, 16 Oct 2020 07:30:39 +0000 (09:30 +0200)]
avformat/av1dec: Fix padding in obu_get_packet()

Fixes: stack buffer overflow (read)
Fixes: 26369/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-5721057325219840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 days agoavcodec/notchlc: Check uncompressed size against input for LZ4
Michael Niedermayer [Tue, 13 Oct 2020 20:44:21 +0000 (22:44 +0200)]
avcodec/notchlc: Check uncompressed size against input for LZ4

Fixes: OOM
Fixes: 26168/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_NOTCHLC_fuzzer-6019839015256064

Equation is based on LZ4_COMPRESSBOUND from lz4.h
Suggested-by: Paul
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 days agoavformat/asfdec_f: Check name_len for overflow
Michael Niedermayer [Thu, 15 Oct 2020 20:04:56 +0000 (22:04 +0200)]
avformat/asfdec_f: Check name_len for overflow

Fixes: signed integer overflow: -1172299744 * 2 cannot be represented in type 'int'
Fixes: 26258/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5672758488596480

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 days agoavcodec/h264idct_template: Fix integer overflow in ff_h264_chroma422_dc_dequant_idct()
Michael Niedermayer [Thu, 15 Oct 2020 19:35:43 +0000 (21:35 +0200)]
avcodec/h264idct_template: Fix integer overflow in ff_h264_chroma422_dc_dequant_idct()

Fixes: signed integer overflow: 241173056 + 1953511200 cannot be represented in type 'int'
Fixes: 26086/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5068366420901888

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 days agoavfilter/af_asubboost: use transposed II form
Paul B Mahol [Tue, 20 Oct 2020 11:45:14 +0000 (13:45 +0200)]
avfilter/af_asubboost: use transposed II form

6 days agoavfilter/af_crossfeed: use transposed II form
Paul B Mahol [Tue, 20 Oct 2020 11:32:25 +0000 (13:32 +0200)]
avfilter/af_crossfeed: use transposed II form

6 days agoavformat/hlsenc: Fix check for SPS
Andreas Rheinhardt [Tue, 20 Oct 2020 11:00:04 +0000 (13:00 +0200)]
avformat/hlsenc: Fix check for SPS

Check all the six bits, not only the two bits that are set for SPS.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
6 days agoavformat/hlsenc: Fix mixed declaration and code
Andreas Rheinhardt [Tue, 20 Oct 2020 10:55:22 +0000 (12:55 +0200)]
avformat/hlsenc: Fix mixed declaration and code

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
6 days agoavformat/hlsenc: Don't use uninitialized buffer in av_stristr()
Andreas Rheinhardt [Tue, 20 Oct 2020 10:52:49 +0000 (12:52 +0200)]
avformat/hlsenc: Don't use uninitialized buffer in av_stristr()

Introduced in a2b1dd0ce301450a47c972745a6b33c4c273aa5d.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
6 days agoavformat/hlsenc: Fix extradata length check
Andreas Rheinhardt [Tue, 20 Oct 2020 10:16:27 +0000 (12:16 +0200)]
avformat/hlsenc: Fix extradata length check

Commit a2b1dd0ce301450a47c972745a6b33c4c273aa5d added support for
parsing annex B HEVC extradata to extract profile and level information.
Yet it only checks for there to be enough data left for the startcode
and the first byte of the NAL unit header and not for the full NAL unit
header; it simply presumes the second byte of the NAL unit header to be
present and skips it. Then the remaining size of the extradata is calculated
which ends up negative if the second byte of the NAL unit header is not
present. Yet when calling ff_nal_unit_extract_rbsp() it
will be converted to an uint32_t and end up as UINT32_MAX which
will cause mayhem.

This is solved by making sure that there is always enough remaining
extradata that could (pending 0x03 escapes) contain the data that we
are interested in.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
6 days agoavformat/sbgdec: Check for timestamp overflow in parse_time_sequence()
Michael Niedermayer [Mon, 19 Oct 2020 14:24:58 +0000 (16:24 +0200)]
avformat/sbgdec: Check for timestamp overflow in parse_time_sequence()

Fixes: signed integer overflow: 3458015007900000256 + 6425686373040000000 cannot be represented in type 'long'
Fixes: 26430/clusterfuzz-testcase-minimized-ffmpeg_dem_BRSTM_fuzzer-5761175004119040

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 days agoavformat/hlsenc: support CODECS Attribute in hevc EXT-X-STREAM-INF
Steven Liu [Tue, 13 Oct 2020 07:05:59 +0000 (15:05 +0800)]
avformat/hlsenc: support CODECS Attribute in hevc EXT-X-STREAM-INF

fix ticket: 8904
parse the SPS from extradata and get profile_tier_level
write the profile_tier_level info into CODECS Attribute

HLS CODECS Attribute reference to :https://developer.apple.com/documentation/http_live_streaming/hls_authoring_specification_for_apple_devices/hls_authoring_specification_for_apple_devices_appendixes

Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
Signed-off-by: liuqi05 <liuqi05@kuaishou.com>
6 days agoavformat/hlsenc: compute video_keyframe_size after write keyframe
Steven Liu [Fri, 18 Sep 2020 01:53:27 +0000 (09:53 +0800)]
avformat/hlsenc: compute video_keyframe_size after write keyframe

fix ticket: 8636
When write keyframe and the keyframe is the frist packet of the segment,
then compute the size of the keyframe which have been write into segment
first packet. and set the start position of the segment, should not use
avio_tell(vs->out) to get the keyframe position, because it can be set
to 0 if close at above of the workflow, that maybe inaccurate, but the
start_pos can be used here, because start_pos is set after write
the previous packet.

Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
Signed-off-by: liuqi05 <liuqi05@kuaishou.com>
6 days agoavformat/dashdec: check the root url length
Steven Liu [Mon, 17 Aug 2020 12:30:18 +0000 (20:30 +0800)]
avformat/dashdec: check the root url length

if the length of the root url is 0, unnecessary process the root_url

Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
Signed-off-by: liuqi05 <liuqi05@kuaishou.com>
6 days agoavformat/hlsenc: process hls_time value too small sence
Steven Liu [Tue, 18 Aug 2020 02:44:11 +0000 (10:44 +0800)]
avformat/hlsenc: process hls_time value too small sence

The target duration will be a negative value when there are
some b frames after prevous frame, the pts after current packet
is large than the pts of current packet, so the target duration
will compute as 0.040000 - 0.080000, then the value of the target
duration will be -0.040000. so hls muxer should check the pts after
current packet minus the pts of current packet, hls muxer can split
the stream as a segment if the target duration is neither negative nor
zero, hls muxer cannot split the stream as a segment if the
target duration is either negative or zero then get the next packet
until the target duration is not negative or zero.

Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
Suggested-by: Zhili Zhao <quinkblack@foxmail.com>
Signed-off-by: liuqi05 <liuqi05@kuaishou.com>
7 days agoavcodec/movtextenc: Cleanup generically on init failure
Andreas Rheinhardt [Sat, 17 Oct 2020 05:47:43 +0000 (07:47 +0200)]
avcodec/movtextenc: Cleanup generically on init failure

Reviewed-by: Philip Langdale <philipl@overt.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
7 days agoavcodec/movtextenc: Remove redundant function parameters
Andreas Rheinhardt [Fri, 16 Oct 2020 03:02:34 +0000 (05:02 +0200)]
avcodec/movtextenc: Remove redundant function parameters

It makes no sense to call the functions to write styl, hlit or hclr boxes
with a different box name than "styl", "hlit" or "hclr". Therefore this
commit inlines these values in the functions, removes the function
parameter containing the box's name and removes the (non obsolete) box
names from the list of boxes.

Reviewed-by: Philip Langdale <philipl@overt.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>