ffmpeg.git
5 months agofate/cbs: update the two film grain cbs_av1 tests
James Almer [Thu, 12 Dec 2019 00:59:07 +0000 (21:59 -0300)]
fate/cbs: update the two film grain cbs_av1 tests

They were missed in the previous commit.

Signed-off-by: James Almer <jamrial@gmail.com>
5 months agoavcodec/cbs_av1: fix array size for ar_coeffs_cb_plus_128 and ar_coeffs_cr_plus_128
James Almer [Wed, 11 Dec 2019 21:54:38 +0000 (18:54 -0300)]
avcodec/cbs_av1: fix array size for ar_coeffs_cb_plus_128 and ar_coeffs_cr_plus_128

Taking into account the code

fb(2, ar_coeff_lag);
num_pos_luma = 2 * current->ar_coeff_lag * (current->ar_coeff_lag + 1);
if (current->num_y_points)
    num_pos_chroma = num_pos_luma + 1;
else
    num_pos_chroma = num_pos_luma;

Max value for ar_coeff_lag is 3 (two bits), for num_pos_luma 24, and for
num_pos_chroma 25.

Both ar_coeffs_cb_plus_128 and ar_coeffs_cr_plus_128 may have up to
num_pos_chroma values.

Reviewed-by: Ronald S. Bultje <rsbultje@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
5 months agofate: Use a oneoff test for the tremolo filter
Martin Storsjö [Mon, 9 Dec 2019 20:57:44 +0000 (22:57 +0200)]
fate: Use a oneoff test for the tremolo filter

The tremolo filter uses floating point internally, and uses
multiplication factors derived from sin(fmod()), neither of
which is bitexact for use with framecrc.

This fixes running this test when built with for mingw/x86_32
with clang.

In this case, a 1 ulp difference in the output from fmod() would
end up in an output from the filter that differs by 1 ulp, but
which makes the lrint() in swresample/audioconvert.c round in a
different direction.

Signed-off-by: Martin Storsjö <martin@martin.st>
5 months agocheckasm: float_dsp: Scale FLT/DBL_EPSILON sufficiently when comparing
Martin Storsjö [Tue, 10 Dec 2019 12:39:02 +0000 (14:39 +0200)]
checkasm: float_dsp: Scale FLT/DBL_EPSILON sufficiently when comparing

As the values generated by av_bmg_get can be arbitrarily large
(only the stddev is specified), we can't use a fixed tolerance.

This matches what was done for test_vector_dmul_scalar in
38f966b2222db.

This fixes the float_dsp checkasm test for some seeds, when built
with clang for mingw/x86_32.

Signed-off-by: Martin Storsjö <martin@martin.st>
5 months agonetwork: Define ENOTCONN as WSAENOTCONN if not defined
Martin Storsjö [Wed, 11 Dec 2019 12:18:43 +0000 (14:18 +0200)]
network: Define ENOTCONN as WSAENOTCONN if not defined

This fixes compilation with old mingw.org toolchains, which has got
much fewer errno.h entries.

Signed-off-by: Martin Storsjö <martin@martin.st>
5 months agoavcodec/cbs_av1: rename enable_intraintra_compound flag
Fei Wang [Wed, 11 Dec 2019 01:54:54 +0000 (09:54 +0800)]
avcodec/cbs_av1: rename enable_intraintra_compound flag

rename enable_intraintra_compound to enable_interintra_compound,
which keep same as AV1 sepc(v1.0.0-errata1).

Signed-off-by: Fei Wang <fei.w.wang@intel.com>
Signed-off-by: James Almer <jamrial@gmail.com>
5 months agoavformat/iff: Use ff_alloc_extradata
Andreas Rheinhardt [Tue, 10 Dec 2019 01:41:45 +0000 (02:41 +0100)]
avformat/iff: Use ff_alloc_extradata

Besides improved readability it also zeroes the padding which has been
forgotten here.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavformat/flvenc: Don't reimplement ff_alloc_extradata
Andreas Rheinhardt [Tue, 10 Dec 2019 01:41:44 +0000 (02:41 +0100)]
avformat/flvenc: Don't reimplement ff_alloc_extradata

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavformat/apc: Remove unnecessary resetting of flags
Andreas Rheinhardt [Tue, 10 Dec 2019 01:41:43 +0000 (02:41 +0100)]
avformat/apc: Remove unnecessary resetting of flags

The packet a demuxer receives is freshly initialized, hence it is
unnecessary to reset any flags on them (as none are set), yet apc did
this.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavfilter/scale_eval: remove redundant mathematical constants
Gyan Doshi [Tue, 10 Dec 2019 13:54:30 +0000 (19:24 +0530)]
avfilter/scale_eval: remove redundant mathematical constants

Even though removed from vf_scale in 3b316f9f22, they were reintroduced
when scale.c, now scale_eval.c, was split off in 037bb4021c

5 months agoavformat/cache: rename the class name fro Cache to cache
Steven Liu [Wed, 4 Dec 2019 09:17:18 +0000 (17:17 +0800)]
avformat/cache: rename the class name fro Cache to cache

liuqideMacBook-Pro:build liuqi$ ffmpeg --help full | grep cache
cannot find cache protocol options.

after patch:
bogon:dash liuqi$ ./ffmpeg --help full | grep cache
cache AVOptions:
can find the cache AVOptions after patch.

Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
5 months agoavformat/hlsenc: remove duplicate code block
Steven Liu [Fri, 29 Nov 2019 05:07:02 +0000 (13:07 +0800)]
avformat/hlsenc: remove duplicate code block

Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
5 months agolavf/tls_openssl: support both pre-1.1.0 and post-1.1.0 init
Jun Zhao [Tue, 10 Dec 2019 09:41:56 +0000 (17:41 +0800)]
lavf/tls_openssl: support both pre-1.1.0 and post-1.1.0 init

supporting both pre-1.1.0 and post-1.1.0 version of the OpenSSL
library as the link:
https://wiki.openssl.org/index.php/Library_Initialization

Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
5 months agoconfigure: add OPENSSL_init_ssl check if pkg-config fail
macweng [Tue, 10 Dec 2019 09:32:33 +0000 (17:32 +0800)]
configure: add OPENSSL_init_ssl check if pkg-config fail

fix when pkg-config fail and openssl > 1.1.0 --enable-openssl fail,
the root cause is check_lib can't found the SSL_library_init().

Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: macweng <macweng@tencent.com>
5 months agolavf/libsrt: enable other encryption parameters
Jun Zhao [Sun, 1 Dec 2019 13:09:13 +0000 (21:09 +0800)]
lavf/libsrt: enable other encryption parameters

Enable the SRTO_ENFORCEDENCRYPTION/SRTO_KMREFRESHRATE/
SRTO_KMPREANNOUNCE for srt encryption control.

Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
5 months agolavf/libsrt: add linger parameter to libsrt
Jun Zhao [Sun, 1 Dec 2019 06:03:37 +0000 (14:03 +0800)]
lavf/libsrt: add linger parameter to libsrt

add linger parameter to libsrt, it's setting the number of seconds
that the socket waits for unsent data when closing.

Reviewed-by: Andriy Gelman <andriy.gelman@gmail.com>
Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
5 months agoavcodec/cbs_av1: avoid reading trailing bits when obu type is OBU_TILE_LIST
Fei Wang [Wed, 11 Dec 2019 01:37:40 +0000 (09:37 +0800)]
avcodec/cbs_av1: avoid reading trailing bits when obu type is OBU_TILE_LIST

Signed-off-by: Fei Wang <fei.w.wang@intel.com>
Signed-off-by: James Almer <jamrial@gmail.com>
5 months agoavformat/rmdec: Initialize and sanity check offset in ivr_read_header()
Michael Niedermayer [Fri, 15 Nov 2019 22:00:51 +0000 (23:00 +0100)]
avformat/rmdec: Initialize and sanity check offset in ivr_read_header()

Fixes: signed integer overflow: -9223372036854775808 - 17 cannot be represented in type 'long'
Fixes: 18768/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5674385247830016

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoswscale/swscale_unscaled: add AV_PIX_FMT_GBRAP10 for LE and BE conversion wrapper
Limin Wang [Thu, 14 Nov 2019 13:46:23 +0000 (21:46 +0800)]
swscale/swscale_unscaled: add AV_PIX_FMT_GBRAP10 for LE and BE conversion wrapper

Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/agm: Do not allow MVs out of the picture area as no edge is allocated
Michael Niedermayer [Sat, 2 Nov 2019 07:35:39 +0000 (08:35 +0100)]
avcodec/agm: Do not allow MVs out of the picture area as no edge is allocated

Fixes: out of array access
Fixes: 18499/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AGM_fuzzer-5749038406434816

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/wmalosslessdec: Set FF_CODEC_CAP_INIT_CLEANUP
Michael Niedermayer [Wed, 30 Oct 2019 22:31:51 +0000 (23:31 +0100)]
avcodec/wmalosslessdec: Set FF_CODEC_CAP_INIT_CLEANUP

Fixes: memleaks
Fixes: 18429/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-6210814364614656
Fixes: 18722/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5680535690543104

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/apedec: Fix 2 integer overflows
Michael Niedermayer [Thu, 14 Nov 2019 15:38:36 +0000 (16:38 +0100)]
avcodec/apedec: Fix 2 integer overflows

Fixes: signed integer overflow: 2119056926 - -134217728 cannot be represented in type 'int'
Fixes: 18728/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5747539563511808

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/wmaprodec: Set packet_loss when we error out on a sanity check
Michael Niedermayer [Tue, 12 Nov 2019 19:25:00 +0000 (20:25 +0100)]
avcodec/wmaprodec: Set packet_loss when we error out on a sanity check

Fixes: left shift of negative value -34
Fixes: 18719/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAPRO_fuzzer-5642658173419520

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/wmaprodec: Check offset
Michael Niedermayer [Tue, 12 Nov 2019 19:06:35 +0000 (20:06 +0100)]
avcodec/wmaprodec: Check offset

Fixes: index 33280 out of bounds for type 'float [32768]'
Fixes: 18718/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XMA2_fuzzer-5635373899710464

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/truemotion2: Fix 2 integer overflows in tm2_low_res_block()
Michael Niedermayer [Tue, 12 Nov 2019 17:47:52 +0000 (18:47 +0100)]
avcodec/truemotion2: Fix 2 integer overflows in tm2_low_res_block()

Fixes: signed integer overflow: 1778647621 + 574372924 cannot be represented in type 'int'
Fixes: 18692/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-6248679635943424

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/wmaprodec: Check if the channel sum of all internal contexts match the external
Michael Niedermayer [Tue, 12 Nov 2019 17:39:08 +0000 (18:39 +0100)]
avcodec/wmaprodec: Check if the channel sum of all internal contexts match the external

Fixes: NULL pointer dereference
Fixes: 18689/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XMA1_fuzzer-5715114640015360

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/truespeech: Fix an integer overflow in truespeech_synth()
Michael Niedermayer [Thu, 14 Nov 2019 15:44:10 +0000 (16:44 +0100)]
avcodec/truespeech: Fix an integer overflow in truespeech_synth()

Fixes: signed integer overflow: 2147483188 + 2048 cannot be represented in type 'int'
Fixes: 18741/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUESPEECH_fuzzer-5748950460268544

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoRemove redundant ;
Michael Niedermayer [Sat, 7 Dec 2019 23:20:11 +0000 (00:20 +0100)]
Remove redundant ;

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavformat/id3v2: Fix double-free on error
Andreas Rheinhardt [Sun, 10 Nov 2019 04:07:28 +0000 (05:07 +0100)]
avformat/id3v2: Fix double-free on error

ff_id3v2_parse_priv_dict() uses av_dict_set() with the flags
AV_DICT_DONT_STRDUP_KEY and AV_DICT_DONT_STRDUP_VAL. In this case both
key and value are freed on error (and owned by the destination
dictionary on success), so that freeing them again on error is a
double-free and therefore forbidden. But it nevertheless happened.

Fixes CID 1452489 and 1452421.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavfilter: rename scale.c,h to scale_eval
Gyan Doshi [Sun, 8 Dec 2019 11:12:36 +0000 (16:42 +0530)]
avfilter: rename scale.c,h to scale_eval

scale.c is too generic; scale_eval is more representative

5 months agofate/matroska: Add a test for propagating flac channel layouts
Andreas Rheinhardt [Sun, 8 Dec 2019 20:44:53 +0000 (21:44 +0100)]
fate/matroska: Add a test for propagating flac channel layouts

contained in Vorbis comments in the CodecPrivate of flac tracks.
Moreover, it also tests header removal compression.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
5 months agotools/target_dec_fuzzer: Also fuzz request_channel_layout
Michael Niedermayer [Sat, 7 Dec 2019 19:23:25 +0000 (20:23 +0100)]
tools/target_dec_fuzzer: Also fuzz request_channel_layout

This should improve coverage

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavfilter/scale.c: factorize ff_scale_eval_dimensions
Gyan Doshi [Mon, 2 Dec 2019 15:41:21 +0000 (21:11 +0530)]
avfilter/scale.c: factorize ff_scale_eval_dimensions

Adjustment of evaluated values shifted to ff_adjust_scale_dimensions
Shifted code for force_original_aspect_ratio and force_divisble_by from
vf_scale so it is now available for scale_cuda, scale_npp and
scale_vaapi as well.

5 months agoavformat/matroskadec: Add a fate test for CodecPrivate compression
Andreas Rheinhardt [Sat, 7 Dec 2019 16:35:10 +0000 (17:35 +0100)]
avformat/matroskadec: Add a fate test for CodecPrivate compression

This test contains a track with zlib compressed CodecPrivate in addition
to compressed frames; the former was unchecked before.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
5 months agoavcodec/atrac9dec: Check q_unit_cnt more completely before using it to access at9_tab...
Michael Niedermayer [Tue, 3 Dec 2019 20:33:18 +0000 (21:33 +0100)]
avcodec/atrac9dec: Check q_unit_cnt more completely before using it to access at9_tab_band_ext_group

Fixes: index 8 out of bounds for type 'const uint8_t [8][3]'
Fixes: 19127/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC9_fuzzer-5709394985091072

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Lynne <dev@lynne.ee>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoMAINTAINERS: add myself as libxavs2 maintainer
hwrenx [Sat, 12 Oct 2019 01:28:44 +0000 (09:28 +0800)]
MAINTAINERS: add myself as libxavs2 maintainer

Signed-off-by: hwrenx <hwrenx@126.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agofate/matroska: fix dependencies for fate-matroska-prores-zlib test
James Almer [Sat, 7 Dec 2019 16:30:18 +0000 (13:30 -0300)]
fate/matroska: fix dependencies for fate-matroska-prores-zlib test

Signed-off-by: James Almer <jamrial@gmail.com>
5 months agofate/matroska: add a demux test for ProRes using zlib compression
James Almer [Sat, 7 Dec 2019 15:23:20 +0000 (12:23 -0300)]
fate/matroska: add a demux test for ProRes using zlib compression

Signed-off-by: James Almer <jamrial@gmail.com>
5 months agoavformat/matroskadec: Fix use-after-free when demuxing ProRes
Andreas Rheinhardt [Fri, 6 Dec 2019 23:16:19 +0000 (00:16 +0100)]
avformat/matroskadec: Fix use-after-free when demuxing ProRes

ProRes in Matroska is supposed to not contain the first atom header
(containing a size field and the tag "icpf") and therefore the Matroska
demuxer has to recreate it; this involves an allocation and copy, of
course. Whether the old buffer (containing the data without the atom
header) needs to be freed or not depends upon whether it is what was
directly read (in which case it is owned by an AVBuffer) or whether it
has been allocated when reversing the track's content compression (e.g.
zlib compression) that Matroska supports.

So there are three pointers involved: The one pointing to the directly
read data (owned by the AVBuffer), the one pointing to the currently
valid data (which coincides with the former if no content compression
needed to be reverted) and the one pointing to the new data with the
first atom header. The check for whether to free the second of these is
simply whether the first two are different.

This works mostly, but there is a complication: Some muxers don't strip
the first atom header away and in this case, it is also not reinserted
and no new buffer is allocated; instead, the second and the third
pointers agree. In this case, one must never free the second buffer.
Yet it is currently done if the track is e.g. zlib compressed.
This commit fixes this.

This is a regression since b8e75a2a.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
5 months agolavf/rtmpproto: Don't unref uninitialized buffers
Jun Zhao [Tue, 3 Dec 2019 09:50:45 +0000 (17:50 +0800)]
lavf/rtmpproto: Don't unref uninitialized buffers

This happens if ffurl_open_whitelist fails and stream is unset.

Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
5 months agolavfi/avf_showspectrum: Fix the memory leak in error handle path
Jun Zhao [Tue, 3 Dec 2019 10:16:24 +0000 (18:16 +0800)]
lavfi/avf_showspectrum: Fix the memory leak in error handle path

Fix the memory leak in error handle path.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
5 months agolavc/cbs_h2645: Fix incorrect max size of nalu unit
Andriy Gelman [Fri, 6 Dec 2019 16:03:02 +0000 (11:03 -0500)]
lavc/cbs_h2645: Fix incorrect max size of nalu unit

In the worst case the startcode prefix has 4 bytes.

This fixes a trigerred assertion:
Assertion dp <= max_size failed at libavcodec/cbs_h2645.c:1451

Found-by:libFuzzer
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Andriy Gelman <andriy.gelman@gmail.com>
5 months agoavformat/libsrt: change tlpktdrop, nakreport, messageapi options to boolean type
Limin Wang [Fri, 20 Sep 2019 11:17:27 +0000 (19:17 +0800)]
avformat/libsrt: change tlpktdrop, nakreport, messageapi options to boolean type

Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/mvha: Check remaining space when reading VLC table probabilities
Michael Niedermayer [Thu, 5 Dec 2019 23:07:17 +0000 (00:07 +0100)]
avcodec/mvha: Check remaining space when reading VLC table probabilities

Fixes: Infinite loop
Fixes: 19183/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MVHA_fuzzer-5666216765292544

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavfilter/vsrc_life: Fix for random_seed type
Limin Wang [Fri, 22 Nov 2019 01:50:38 +0000 (09:50 +0800)]
avfilter/vsrc_life: Fix for random_seed type

Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavfilter/vsrc_cellauto: Fix for random_seed type
Limin Wang [Fri, 22 Nov 2019 01:50:37 +0000 (09:50 +0800)]
avfilter/vsrc_cellauto: Fix for random_seed type

Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavfilter/vf_yaepblur: add yaepblur filter
leozhang [Mon, 25 Nov 2019 09:53:05 +0000 (17:53 +0800)]
avfilter/vf_yaepblur: add yaepblur filter

Signed-off-by: leozhang <leozhang@qiyi.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agolibswscale/swscale_unscaled.c: remove redundant code
Ting Fu [Thu, 5 Dec 2019 03:10:43 +0000 (11:10 +0800)]
libswscale/swscale_unscaled.c: remove redundant code

Signed-off-by: Ting Fu <ting.fu@intel.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavformat/libsrt: fix for the memory leak if passphrase has been configured by option
Limin Wang [Fri, 20 Sep 2019 11:17:28 +0000 (19:17 +0800)]
avformat/libsrt: fix for the memory leak if passphrase has been configured by option

Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavdevice/xcbgrab: wrap non-shm image replies in a buffer ref
Marton Balint [Tue, 3 Dec 2019 20:33:12 +0000 (21:33 +0100)]
avdevice/xcbgrab: wrap non-shm image replies in a buffer ref

This avoids a memcpy improving performance if SHM is not used.

Signed-off-by: Marton Balint <cus@passwd.hu>
5 months agoavfilter/crop: avoid premature eval error
Gyan Doshi [Wed, 4 Dec 2019 10:33:11 +0000 (16:03 +0530)]
avfilter/crop: avoid premature eval error

Width and height expressions can refer to each other. Width is
evaluated twice to allow for reference to output height. So we
should not error out upon failure of first evaluation of width.

5 months agoavutil/buffer: use appropriate atomic operations
Zhao Zhili [Thu, 5 Dec 2019 09:02:07 +0000 (17:02 +0800)]
avutil/buffer: use appropriate atomic operations

No functional changes. ref/unref vs add/sub is symmetrical.

Signed-off-by: James Almer <jamrial@gmail.com>
5 months agotools: add a fuzzer tool for bitstream filters
James Almer [Sat, 30 Nov 2019 18:57:44 +0000 (15:57 -0300)]
tools: add a fuzzer tool for bitstream filters

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
6 months agoavcodec/fitsdec: Use lrint()
Michael Niedermayer [Mon, 30 Sep 2019 16:30:26 +0000 (18:30 +0200)]
avcodec/fitsdec: Use lrint()

Fixes: fate-fitsdec-bitpix-64

Possibly Fixes: -nan is outside the range of representable values of type 'unsigned short'
Possibly Fixes: 17769/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FITS_fuzzer-5678314672357376

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavformat/mpeg: Fix leaks of AVFormatContext and subtitle packets
Andreas Rheinhardt [Wed, 4 Dec 2019 12:37:14 +0000 (13:37 +0100)]
avformat/mpeg: Fix leaks of AVFormatContext and subtitle packets

If an error happens in vobsub_read_header() after allocating the
AVFormatContext intended to read the sub-file, both the AVFormatContext
as well as the data in the subtitles queues leaks. This has been fixed.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavformat/mpeg: Don't copy or leak string in AVBPrint
Andreas Rheinhardt [Wed, 4 Dec 2019 12:37:13 +0000 (13:37 +0100)]
avformat/mpeg: Don't copy or leak string in AVBPrint

vobsub_read_header() uses an AVBPrint to write a string and up until
now, it collected the string stored in the AVBPrint via
av_bprint_finalize(), which might involve an allocation and copy of the
string. But this is unnecessary, as the lifetime of the returned string
does not exceed the lifetime of the AVBPrint. So use the string in the
AVBPrint directly.

This also makes it possible to easily fix a memleak: In certain error
situations, the string stored in the AVBPrint would not be freed (if it
was dynamically allocated). This has been fixed, too.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavformat/mpeg: Make VobSub demuxer have its own context struct
Andreas Rheinhardt [Wed, 4 Dec 2019 12:37:12 +0000 (13:37 +0100)]
avformat/mpeg: Make VobSub demuxer have its own context struct

When the VobSub demuxer was added, the fields it required were simply
added to the MpegDemuxContext (if the VobSub demuxer was selected at
all). The mpeg demuxer of course doesn't use these fields even if they
are there; and the VobSub demuxer doesn't use the old ones: It opens an
mpeg subdemuxer of its own and uses this where a mpeg demuxer is
required. Hence the two contexts can be split, saving memory.

Furthermore several headers can now be moved to the section that is
guarded by #if CONFIG_VOBSUB_DEMUXER (this even includes avassert.h
which was unguarded and has been added in 9cde9f70 despite not being
used in that patch).

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavformat/matroskadec: Reuse AVIOContext
Andreas Rheinhardt [Tue, 3 Dec 2019 17:09:10 +0000 (18:09 +0100)]
avformat/matroskadec: Reuse AVIOContext

When parsing EBML lacing, for every number read, a new AVIOContext has
been initialized (via ffio_init_context()) just for this number. This
has been changed: The context is kept now.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
6 months agoavformat/matroskadec: Improve frame size parsing error messages
Andreas Rheinhardt [Tue, 3 Dec 2019 17:09:09 +0000 (18:09 +0100)]
avformat/matroskadec: Improve frame size parsing error messages

When parsing the sizes of the frames in a lace fails, sometimes no
error message was raised (e.g. when using xiph or fixed-size lacing).
Only EBML lacing generated error messages (which were wrongly declared
as AV_LOG_INFO), but even here not all errors resulted in an error
message. So add a generic error message to catch them all.

Moreover, if parsing one of the EBML numbers fails, ebml_read_num already
emits its own error messages, so that all that is needed is a generic error
message to indicate that this happened during parsing the sizes of the
frames in a block; in other words, the error messages specific to
parsing EBML lace numbers can be and have been removed.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
6 months agoavformat/matroskadec: Remove unnecessary check
Andreas Rheinhardt [Tue, 3 Dec 2019 17:09:08 +0000 (18:09 +0100)]
avformat/matroskadec: Remove unnecessary check

870e7552 introduced validating the lace sizes when they are parsed and
removed the old check; yet when merging this libav commit in 6902c3ac,
the old check for whether the frame extends beyond the frame has been kept.
It is unnecessary and has been removed.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
6 months agoavformat/matroskadec: Simplify control flow of parsing laces
Andreas Rheinhardt [Tue, 3 Dec 2019 17:09:07 +0000 (18:09 +0100)]
avformat/matroskadec: Simplify control flow of parsing laces

Up until now, when an error happened in one of the inner loops in
matroska_parse_laces, a variable designated for the return value has
been set to an error value and break has been used to exit the
current loop/case. This was done so that the end of matroska_parse_laces
is reached, because said function allocated memory which is later used
and freed in the calling function and passed at the end of
matroska_parse_laces.

But given that there is no allocation any more, one can now return
immediately. And this commit does this.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
6 months agoavformat/matroskadec: Avoid allocating array for lace sizes
Andreas Rheinhardt [Tue, 3 Dec 2019 17:09:06 +0000 (18:09 +0100)]
avformat/matroskadec: Avoid allocating array for lace sizes

The maximal number of frames in a lace can be 256; hence one has a not
excessive upper bound on the size of an array that can hold the sizes of
all the frames in a lace. Yet up until now, said array has been
dynamically allocated. This has been changed.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
6 months agoavformat/matroskadec: Use bytestream API instead of AVIOContext
Andreas Rheinhardt [Tue, 3 Dec 2019 17:09:05 +0000 (18:09 +0100)]
avformat/matroskadec: Use bytestream API instead of AVIOContext

It avoids the overhead of function calls.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
6 months agoavformat/matroskadec: avcodec/tta: Set extradata_size to 22
Andreas Rheinhardt [Tue, 3 Dec 2019 17:09:04 +0000 (18:09 +0100)]
avformat/matroskadec: avcodec/tta: Set extradata_size to 22

Up until c4e0e314, the seek table has been included in the tta
extradata, so that the size of said extradata was 22 (the size of a TTA1
header) + 4 * number of frames. The decoder rejected anything below a
size of 30 and so the Matroska demuxer exported 30 byte long extradata,
of which only 18 were set (it ignores a CRC-32 and simply leaves it at
0). But this is unnecessary since said commit, so reduce the size to 22.

Furthermore, replace 30 by 22 in a comment about the extradata size in
libavcodec/tta.c.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
6 months agoavformat/matroskadec: Check before allocations
Andreas Rheinhardt [Tue, 3 Dec 2019 17:09:03 +0000 (18:09 +0100)]
avformat/matroskadec: Check before allocations

That way one doesn't have to free later. In this case (concerning TTA
extradata), this also fixes a memleak when the output samplerate is
invalid.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
6 months agofate/matroska: add a test for xiph lacing
James Almer [Thu, 5 Dec 2019 01:52:01 +0000 (22:52 -0300)]
fate/matroska: add a test for xiph lacing

Signed-off-by: James Almer <jamrial@gmail.com>
6 months agolavc/libxavs2.c: optimize error descriptions
hwren [Tue, 3 Dec 2019 02:41:26 +0000 (10:41 +0800)]
lavc/libxavs2.c: optimize error descriptions

Signed-off-by: hwren <hwrenx@126.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agolavc/libxavs2.c: fix code style - spaces
hwren [Tue, 3 Dec 2019 02:41:24 +0000 (10:41 +0800)]
lavc/libxavs2.c: fix code style - spaces

Signed-off-by: hwren <hwrenx@126.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agolavc/libxavs2.c: avoid recomputations of pointers in xavs2_copy_frame* functions
hwren [Tue, 3 Dec 2019 02:41:23 +0000 (10:41 +0800)]
lavc/libxavs2.c: avoid recomputations of pointers in xavs2_copy_frame* functions

Signed-off-by: hwren <hwrenx@126.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agolavc/libxavs2.c: use more descriptive variable names in xavs2_copy_frame* functions
hwren [Tue, 3 Dec 2019 02:41:22 +0000 (10:41 +0800)]
lavc/libxavs2.c: use more descriptive variable names in xavs2_copy_frame* functions

Signed-off-by: hwren <hwrenx@126.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavfilter/vf_elbg: Fix for the seed type
Limin Wang [Fri, 22 Nov 2019 01:50:36 +0000 (09:50 +0800)]
avfilter/vf_elbg: Fix for the seed type

Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavformat/rmdec: Use av_packet_move_ref() for packet ownership transfer
Andreas Rheinhardt [Tue, 3 Dec 2019 10:28:07 +0000 (11:28 +0100)]
avformat/rmdec: Use av_packet_move_ref() for packet ownership transfer

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavdevice/xcbgrab: Handle reply and error properly
Kusanagi Kouichi [Tue, 19 Nov 2019 13:59:30 +0000 (22:59 +0900)]
avdevice/xcbgrab: Handle reply and error properly

Fix a NULL dereference and leaks.

Signed-off-by: Kusanagi Kouichi <slash@ac.auone-net.jp>
Signed-off-by: Marton Balint <cus@passwd.hu>
6 months agotools/target_dec_fuzzer: Support setting AV_CODEC_FLAG2_FAST
Michael Niedermayer [Fri, 29 Nov 2019 23:59:21 +0000 (00:59 +0100)]
tools/target_dec_fuzzer: Support setting AV_CODEC_FLAG2_FAST

This should improve coverage

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agotools/target_dec_fuzzer: Support fuzzing error detection
Michael Niedermayer [Fri, 29 Nov 2019 23:59:20 +0000 (00:59 +0100)]
tools/target_dec_fuzzer: Support fuzzing error detection

This should increase coverage

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavformat/mpegtsenc: add padding to m2ts streams
Marton Balint [Sun, 10 Nov 2019 22:34:17 +0000 (23:34 +0100)]
avformat/mpegtsenc: add padding to m2ts streams

6144 byte alignment is needed.

Signed-off-by: Marton Balint <cus@passwd.hu>
6 months agoavformat/mpegtsenc: factorize writing packet
Marton Balint [Sun, 10 Nov 2019 21:51:33 +0000 (22:51 +0100)]
avformat/mpegtsenc: factorize writing packet

Signed-off-by: Marton Balint <cus@passwd.hu>
6 months agoavformat/mpegtsenc: move around setting m2ts_mode
Marton Balint [Sun, 10 Nov 2019 21:14:30 +0000 (22:14 +0100)]
avformat/mpegtsenc: move around setting m2ts_mode

Signed-off-by: Marton Balint <cus@passwd.hu>
6 months agoavformat/mpegtsenc: set priority flag for AC3 codecs if writing BluRay
Marton Balint [Sun, 10 Nov 2019 21:12:28 +0000 (22:12 +0100)]
avformat/mpegtsenc: set priority flag for AC3 codecs if writing BluRay

Signed-off-by: Marton Balint <cus@passwd.hu>
6 months agoavformat/mpegtsenc: allow any sensible PID for elementary and PMT PIDs
Marton Balint [Mon, 11 Nov 2019 21:49:15 +0000 (22:49 +0100)]
avformat/mpegtsenc: allow any sensible PID for elementary and PMT PIDs

This sets the range of the first automatically assigned PMT PID or elementary
stream PID parameters to [0x20, 0x1ffa]. You can still assign manually a PID
for a stream using AVStream->id in the wider [0x10, 0x1ffe] range as specified
by ISO13818-1. But since DVB and ATSC both reserves some PIDs, let's not allow
them to be automatically assigned.

Also make sure that assigned PID numbers are valid and fix the error message
for the previous PID collision checks.

Signed-off-by: Marton Balint <cus@passwd.hu>
6 months agoMAINTAINERS: add myself to libavfilter/dnn
Guo, Yejun [Sat, 30 Nov 2019 04:24:58 +0000 (12:24 +0800)]
MAINTAINERS: add myself to libavfilter/dnn

Signed-off-by: Guo, Yejun <yejun.guo@intel.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agolibavformat/utils: Fix code indentation
Linjie Fu [Mon, 2 Dec 2019 01:53:47 +0000 (09:53 +0800)]
libavformat/utils: Fix code indentation

Introduced since 077939626eeaa0c1364065414c18ab9b3a072281.

Signed-off-by: Linjie Fu <linjie.fu@intel.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavfilter/vf_unsharp: Don't dereference NULL
Andreas Rheinhardt [Sun, 1 Dec 2019 09:56:26 +0000 (10:56 +0100)]
avfilter/vf_unsharp: Don't dereference NULL

The unsharp filter uses an array of arrays of uint32_t, each of which is
separately allocated. These arrays also need to freed separately; but
before doing so, one needs to check whether the array of arrays has
actually been allocated, otherwise one would dereference a NULL pointer.
This fixes #8408.

Furthermore, the array of arrays needs to be zero-initialized so that
no uninitialized pointer will be freed in case an allocation of one of
the individual arrays fails.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agofate/cbs: add svc AV1 tests
James Almer [Mon, 2 Dec 2019 17:45:02 +0000 (14:45 -0300)]
fate/cbs: add svc AV1 tests

Signed-off-by: James Almer <jamrial@gmail.com>
6 months agoavcodec/av1_parser: skip frames with spatial_id > 0
James Almer [Mon, 2 Dec 2019 17:38:52 +0000 (14:38 -0300)]
avcodec/av1_parser: skip frames with spatial_id > 0

This fixes marking keyframes in svc samples.

Signed-off-by: James Almer <jamrial@gmail.com>
6 months agoavfilter/buffersrc: remove write-only variable
Zhao Zhili [Mon, 2 Dec 2019 13:18:50 +0000 (21:18 +0800)]
avfilter/buffersrc: remove write-only variable

6 months agofate/cbs: add a decode model AV1 test
James Almer [Sun, 1 Dec 2019 01:12:10 +0000 (22:12 -0300)]
fate/cbs: add a decode model AV1 test

Signed-off-by: James Almer <jamrial@gmail.com>
6 months agofate/cbs: add a switch frame AV1 test
James Almer [Sun, 1 Dec 2019 00:27:17 +0000 (21:27 -0300)]
fate/cbs: add a switch frame AV1 test

Signed-off-by: James Almer <jamrial@gmail.com>
6 months agoRevert "avcodec/cbs_av1_syntax_template: Check ref_frame_idx before use"
James Almer [Sun, 17 Nov 2019 13:26:53 +0000 (10:26 -0300)]
Revert "avcodec/cbs_av1_syntax_template: Check ref_frame_idx before use"

This reverts commit 8174e5c77d8a94b57b6b1bcbb90728cf8b08ab6b.

It's no longer needed after the previous commit.

Signed-off-by: James Almer <jamrial@gmail.com>
6 months agoavcodec/cbs_av1: implement missing set_frame_refs() function
James Almer [Sun, 17 Nov 2019 03:50:38 +0000 (00:50 -0300)]
avcodec/cbs_av1: implement missing set_frame_refs() function

Defined in Section 7.8

This finishes implementing support for frames using
frame_refs_short_signaling.

Signed-off-by: James Almer <jamrial@gmail.com>
6 months agoavcodec/alsdec: Discard frames for which no channel could be decoded
Michael Niedermayer [Sat, 9 Nov 2019 21:02:50 +0000 (22:02 +0100)]
avcodec/alsdec: Discard frames for which no channel could be decoded

Fixes: Timeout (80sec -> 33sec)
Fixes: 18668/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5710836719157248

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavcodec/alsdec: Avoid 1 layer of pointer dereferences in INTERLEAVE_OUTPUT()
Michael Niedermayer [Sat, 9 Nov 2019 20:52:26 +0000 (21:52 +0100)]
avcodec/alsdec: Avoid 1 layer of pointer dereferences in INTERLEAVE_OUTPUT()

This optimizes the code slightly (116 -> 80sec)
Testcase: 18668/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5710836719157248

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavcodec/g729dec: Avoid one multiply by using init_get_bits8()
Michael Niedermayer [Sat, 9 Nov 2019 20:32:09 +0000 (21:32 +0100)]
avcodec/g729dec: Avoid one multiply by using init_get_bits8()

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavcodec/g729dec: Avoid using buf_size
Michael Niedermayer [Sat, 9 Nov 2019 20:21:51 +0000 (21:21 +0100)]
avcodec/g729dec: Avoid using buf_size

buf_size is not updated as buf is advanced so it is wrong after the first
iteration

Fixes: Timeout (160sec -> 27sec)
Fixes: 18658/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G729_fuzzer-5729784269373440

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavcodec/g729dec: Factor block_size out
Michael Niedermayer [Sat, 9 Nov 2019 20:11:02 +0000 (21:11 +0100)]
avcodec/g729dec: Factor block_size out

This will be used in the next commit

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavcodec/g729dec: require buf_size to be non 0
Michael Niedermayer [Sat, 9 Nov 2019 20:19:24 +0000 (21:19 +0100)]
avcodec/g729dec: require buf_size to be non 0

The 0 case was added with the support for multiple packets. It
appears unintended and causes extra complexity and out of array
accesses (though within padding)

No testcase

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavcodec/g729dec: Check for KELVIN && 6k4
Michael Niedermayer [Sat, 9 Nov 2019 20:08:58 +0000 (21:08 +0100)]
avcodec/g729dec: Check for KELVIN && 6k4

This combination would assume different block sizes throughout the code so its
better to error out.

Fixes: signed integer overflow: -1082385168 * 2 cannot be represented in type 'int'
Fixes: 19110/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ACELP_KELVIN_fuzzer-5643993950191616

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavcodec/alac: Fix integer overflow in lpc_prediction() with sign
Michael Niedermayer [Fri, 8 Nov 2019 19:40:46 +0000 (20:40 +0100)]
avcodec/alac: Fix integer overflow in lpc_prediction() with sign

Fixes: signed integer overflow: -2147483648 * -1 cannot be represented in type 'int'
Fixes: 18643/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5672182449700864

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavcodec/wmaprodec: Fix buflen computation in save_bits()
Michael Niedermayer [Fri, 8 Nov 2019 18:20:31 +0000 (19:20 +0100)]
avcodec/wmaprodec: Fix buflen computation in save_bits()

Fixes: Assertion failure
Fixes: 18630/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAPRO_fuzzer-5201588654440448

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavcodec/vc1_block: Fix integer overflow in AC rescaling in vc1_decode_i_block_adv()
Michael Niedermayer [Fri, 8 Nov 2019 17:31:02 +0000 (18:31 +0100)]
avcodec/vc1_block: Fix integer overflow in AC rescaling in vc1_decode_i_block_adv()

Fixes: signed integer overflow: 50176 * 262144 cannot be represented in type 'int'
Fixes: 18629/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5182370286403584

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>