ffmpeg.git
5 months agoavformat/libsrt: fix for the memory leak if passphrase has been configured by option
Limin Wang [Fri, 20 Sep 2019 11:17:28 +0000 (19:17 +0800)]
avformat/libsrt: fix for the memory leak if passphrase has been configured by option

Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavdevice/xcbgrab: wrap non-shm image replies in a buffer ref
Marton Balint [Tue, 3 Dec 2019 20:33:12 +0000 (21:33 +0100)]
avdevice/xcbgrab: wrap non-shm image replies in a buffer ref

This avoids a memcpy improving performance if SHM is not used.

Signed-off-by: Marton Balint <cus@passwd.hu>
5 months agoavfilter/crop: avoid premature eval error
Gyan Doshi [Wed, 4 Dec 2019 10:33:11 +0000 (16:03 +0530)]
avfilter/crop: avoid premature eval error

Width and height expressions can refer to each other. Width is
evaluated twice to allow for reference to output height. So we
should not error out upon failure of first evaluation of width.

5 months agoavutil/buffer: use appropriate atomic operations
Zhao Zhili [Thu, 5 Dec 2019 09:02:07 +0000 (17:02 +0800)]
avutil/buffer: use appropriate atomic operations

No functional changes. ref/unref vs add/sub is symmetrical.

Signed-off-by: James Almer <jamrial@gmail.com>
5 months agotools: add a fuzzer tool for bitstream filters
James Almer [Sat, 30 Nov 2019 18:57:44 +0000 (15:57 -0300)]
tools: add a fuzzer tool for bitstream filters

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
5 months agoavcodec/fitsdec: Use lrint()
Michael Niedermayer [Mon, 30 Sep 2019 16:30:26 +0000 (18:30 +0200)]
avcodec/fitsdec: Use lrint()

Fixes: fate-fitsdec-bitpix-64

Possibly Fixes: -nan is outside the range of representable values of type 'unsigned short'
Possibly Fixes: 17769/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FITS_fuzzer-5678314672357376

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavformat/mpeg: Fix leaks of AVFormatContext and subtitle packets
Andreas Rheinhardt [Wed, 4 Dec 2019 12:37:14 +0000 (13:37 +0100)]
avformat/mpeg: Fix leaks of AVFormatContext and subtitle packets

If an error happens in vobsub_read_header() after allocating the
AVFormatContext intended to read the sub-file, both the AVFormatContext
as well as the data in the subtitles queues leaks. This has been fixed.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavformat/mpeg: Don't copy or leak string in AVBPrint
Andreas Rheinhardt [Wed, 4 Dec 2019 12:37:13 +0000 (13:37 +0100)]
avformat/mpeg: Don't copy or leak string in AVBPrint

vobsub_read_header() uses an AVBPrint to write a string and up until
now, it collected the string stored in the AVBPrint via
av_bprint_finalize(), which might involve an allocation and copy of the
string. But this is unnecessary, as the lifetime of the returned string
does not exceed the lifetime of the AVBPrint. So use the string in the
AVBPrint directly.

This also makes it possible to easily fix a memleak: In certain error
situations, the string stored in the AVBPrint would not be freed (if it
was dynamically allocated). This has been fixed, too.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavformat/mpeg: Make VobSub demuxer have its own context struct
Andreas Rheinhardt [Wed, 4 Dec 2019 12:37:12 +0000 (13:37 +0100)]
avformat/mpeg: Make VobSub demuxer have its own context struct

When the VobSub demuxer was added, the fields it required were simply
added to the MpegDemuxContext (if the VobSub demuxer was selected at
all). The mpeg demuxer of course doesn't use these fields even if they
are there; and the VobSub demuxer doesn't use the old ones: It opens an
mpeg subdemuxer of its own and uses this where a mpeg demuxer is
required. Hence the two contexts can be split, saving memory.

Furthermore several headers can now be moved to the section that is
guarded by #if CONFIG_VOBSUB_DEMUXER (this even includes avassert.h
which was unguarded and has been added in 9cde9f70 despite not being
used in that patch).

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavformat/matroskadec: Reuse AVIOContext
Andreas Rheinhardt [Tue, 3 Dec 2019 17:09:10 +0000 (18:09 +0100)]
avformat/matroskadec: Reuse AVIOContext

When parsing EBML lacing, for every number read, a new AVIOContext has
been initialized (via ffio_init_context()) just for this number. This
has been changed: The context is kept now.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
5 months agoavformat/matroskadec: Improve frame size parsing error messages
Andreas Rheinhardt [Tue, 3 Dec 2019 17:09:09 +0000 (18:09 +0100)]
avformat/matroskadec: Improve frame size parsing error messages

When parsing the sizes of the frames in a lace fails, sometimes no
error message was raised (e.g. when using xiph or fixed-size lacing).
Only EBML lacing generated error messages (which were wrongly declared
as AV_LOG_INFO), but even here not all errors resulted in an error
message. So add a generic error message to catch them all.

Moreover, if parsing one of the EBML numbers fails, ebml_read_num already
emits its own error messages, so that all that is needed is a generic error
message to indicate that this happened during parsing the sizes of the
frames in a block; in other words, the error messages specific to
parsing EBML lace numbers can be and have been removed.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
5 months agoavformat/matroskadec: Remove unnecessary check
Andreas Rheinhardt [Tue, 3 Dec 2019 17:09:08 +0000 (18:09 +0100)]
avformat/matroskadec: Remove unnecessary check

870e7552 introduced validating the lace sizes when they are parsed and
removed the old check; yet when merging this libav commit in 6902c3ac,
the old check for whether the frame extends beyond the frame has been kept.
It is unnecessary and has been removed.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
5 months agoavformat/matroskadec: Simplify control flow of parsing laces
Andreas Rheinhardt [Tue, 3 Dec 2019 17:09:07 +0000 (18:09 +0100)]
avformat/matroskadec: Simplify control flow of parsing laces

Up until now, when an error happened in one of the inner loops in
matroska_parse_laces, a variable designated for the return value has
been set to an error value and break has been used to exit the
current loop/case. This was done so that the end of matroska_parse_laces
is reached, because said function allocated memory which is later used
and freed in the calling function and passed at the end of
matroska_parse_laces.

But given that there is no allocation any more, one can now return
immediately. And this commit does this.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
5 months agoavformat/matroskadec: Avoid allocating array for lace sizes
Andreas Rheinhardt [Tue, 3 Dec 2019 17:09:06 +0000 (18:09 +0100)]
avformat/matroskadec: Avoid allocating array for lace sizes

The maximal number of frames in a lace can be 256; hence one has a not
excessive upper bound on the size of an array that can hold the sizes of
all the frames in a lace. Yet up until now, said array has been
dynamically allocated. This has been changed.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
5 months agoavformat/matroskadec: Use bytestream API instead of AVIOContext
Andreas Rheinhardt [Tue, 3 Dec 2019 17:09:05 +0000 (18:09 +0100)]
avformat/matroskadec: Use bytestream API instead of AVIOContext

It avoids the overhead of function calls.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
5 months agoavformat/matroskadec: avcodec/tta: Set extradata_size to 22
Andreas Rheinhardt [Tue, 3 Dec 2019 17:09:04 +0000 (18:09 +0100)]
avformat/matroskadec: avcodec/tta: Set extradata_size to 22

Up until c4e0e314, the seek table has been included in the tta
extradata, so that the size of said extradata was 22 (the size of a TTA1
header) + 4 * number of frames. The decoder rejected anything below a
size of 30 and so the Matroska demuxer exported 30 byte long extradata,
of which only 18 were set (it ignores a CRC-32 and simply leaves it at
0). But this is unnecessary since said commit, so reduce the size to 22.

Furthermore, replace 30 by 22 in a comment about the extradata size in
libavcodec/tta.c.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
5 months agoavformat/matroskadec: Check before allocations
Andreas Rheinhardt [Tue, 3 Dec 2019 17:09:03 +0000 (18:09 +0100)]
avformat/matroskadec: Check before allocations

That way one doesn't have to free later. In this case (concerning TTA
extradata), this also fixes a memleak when the output samplerate is
invalid.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
5 months agofate/matroska: add a test for xiph lacing
James Almer [Thu, 5 Dec 2019 01:52:01 +0000 (22:52 -0300)]
fate/matroska: add a test for xiph lacing

Signed-off-by: James Almer <jamrial@gmail.com>
5 months agolavc/libxavs2.c: optimize error descriptions
hwren [Tue, 3 Dec 2019 02:41:26 +0000 (10:41 +0800)]
lavc/libxavs2.c: optimize error descriptions

Signed-off-by: hwren <hwrenx@126.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agolavc/libxavs2.c: fix code style - spaces
hwren [Tue, 3 Dec 2019 02:41:24 +0000 (10:41 +0800)]
lavc/libxavs2.c: fix code style - spaces

Signed-off-by: hwren <hwrenx@126.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agolavc/libxavs2.c: avoid recomputations of pointers in xavs2_copy_frame* functions
hwren [Tue, 3 Dec 2019 02:41:23 +0000 (10:41 +0800)]
lavc/libxavs2.c: avoid recomputations of pointers in xavs2_copy_frame* functions

Signed-off-by: hwren <hwrenx@126.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agolavc/libxavs2.c: use more descriptive variable names in xavs2_copy_frame* functions
hwren [Tue, 3 Dec 2019 02:41:22 +0000 (10:41 +0800)]
lavc/libxavs2.c: use more descriptive variable names in xavs2_copy_frame* functions

Signed-off-by: hwren <hwrenx@126.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavfilter/vf_elbg: Fix for the seed type
Limin Wang [Fri, 22 Nov 2019 01:50:36 +0000 (09:50 +0800)]
avfilter/vf_elbg: Fix for the seed type

Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavformat/rmdec: Use av_packet_move_ref() for packet ownership transfer
Andreas Rheinhardt [Tue, 3 Dec 2019 10:28:07 +0000 (11:28 +0100)]
avformat/rmdec: Use av_packet_move_ref() for packet ownership transfer

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavdevice/xcbgrab: Handle reply and error properly
Kusanagi Kouichi [Tue, 19 Nov 2019 13:59:30 +0000 (22:59 +0900)]
avdevice/xcbgrab: Handle reply and error properly

Fix a NULL dereference and leaks.

Signed-off-by: Kusanagi Kouichi <slash@ac.auone-net.jp>
Signed-off-by: Marton Balint <cus@passwd.hu>
5 months agotools/target_dec_fuzzer: Support setting AV_CODEC_FLAG2_FAST
Michael Niedermayer [Fri, 29 Nov 2019 23:59:21 +0000 (00:59 +0100)]
tools/target_dec_fuzzer: Support setting AV_CODEC_FLAG2_FAST

This should improve coverage

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agotools/target_dec_fuzzer: Support fuzzing error detection
Michael Niedermayer [Fri, 29 Nov 2019 23:59:20 +0000 (00:59 +0100)]
tools/target_dec_fuzzer: Support fuzzing error detection

This should increase coverage

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavformat/mpegtsenc: add padding to m2ts streams
Marton Balint [Sun, 10 Nov 2019 22:34:17 +0000 (23:34 +0100)]
avformat/mpegtsenc: add padding to m2ts streams

6144 byte alignment is needed.

Signed-off-by: Marton Balint <cus@passwd.hu>
5 months agoavformat/mpegtsenc: factorize writing packet
Marton Balint [Sun, 10 Nov 2019 21:51:33 +0000 (22:51 +0100)]
avformat/mpegtsenc: factorize writing packet

Signed-off-by: Marton Balint <cus@passwd.hu>
5 months agoavformat/mpegtsenc: move around setting m2ts_mode
Marton Balint [Sun, 10 Nov 2019 21:14:30 +0000 (22:14 +0100)]
avformat/mpegtsenc: move around setting m2ts_mode

Signed-off-by: Marton Balint <cus@passwd.hu>
5 months agoavformat/mpegtsenc: set priority flag for AC3 codecs if writing BluRay
Marton Balint [Sun, 10 Nov 2019 21:12:28 +0000 (22:12 +0100)]
avformat/mpegtsenc: set priority flag for AC3 codecs if writing BluRay

Signed-off-by: Marton Balint <cus@passwd.hu>
5 months agoavformat/mpegtsenc: allow any sensible PID for elementary and PMT PIDs
Marton Balint [Mon, 11 Nov 2019 21:49:15 +0000 (22:49 +0100)]
avformat/mpegtsenc: allow any sensible PID for elementary and PMT PIDs

This sets the range of the first automatically assigned PMT PID or elementary
stream PID parameters to [0x20, 0x1ffa]. You can still assign manually a PID
for a stream using AVStream->id in the wider [0x10, 0x1ffe] range as specified
by ISO13818-1. But since DVB and ATSC both reserves some PIDs, let's not allow
them to be automatically assigned.

Also make sure that assigned PID numbers are valid and fix the error message
for the previous PID collision checks.

Signed-off-by: Marton Balint <cus@passwd.hu>
5 months agoMAINTAINERS: add myself to libavfilter/dnn
Guo, Yejun [Sat, 30 Nov 2019 04:24:58 +0000 (12:24 +0800)]
MAINTAINERS: add myself to libavfilter/dnn

Signed-off-by: Guo, Yejun <yejun.guo@intel.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agolibavformat/utils: Fix code indentation
Linjie Fu [Mon, 2 Dec 2019 01:53:47 +0000 (09:53 +0800)]
libavformat/utils: Fix code indentation

Introduced since 077939626eeaa0c1364065414c18ab9b3a072281.

Signed-off-by: Linjie Fu <linjie.fu@intel.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavfilter/vf_unsharp: Don't dereference NULL
Andreas Rheinhardt [Sun, 1 Dec 2019 09:56:26 +0000 (10:56 +0100)]
avfilter/vf_unsharp: Don't dereference NULL

The unsharp filter uses an array of arrays of uint32_t, each of which is
separately allocated. These arrays also need to freed separately; but
before doing so, one needs to check whether the array of arrays has
actually been allocated, otherwise one would dereference a NULL pointer.
This fixes #8408.

Furthermore, the array of arrays needs to be zero-initialized so that
no uninitialized pointer will be freed in case an allocation of one of
the individual arrays fails.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agofate/cbs: add svc AV1 tests
James Almer [Mon, 2 Dec 2019 17:45:02 +0000 (14:45 -0300)]
fate/cbs: add svc AV1 tests

Signed-off-by: James Almer <jamrial@gmail.com>
5 months agoavcodec/av1_parser: skip frames with spatial_id > 0
James Almer [Mon, 2 Dec 2019 17:38:52 +0000 (14:38 -0300)]
avcodec/av1_parser: skip frames with spatial_id > 0

This fixes marking keyframes in svc samples.

Signed-off-by: James Almer <jamrial@gmail.com>
5 months agoavfilter/buffersrc: remove write-only variable
Zhao Zhili [Mon, 2 Dec 2019 13:18:50 +0000 (21:18 +0800)]
avfilter/buffersrc: remove write-only variable

5 months agofate/cbs: add a decode model AV1 test
James Almer [Sun, 1 Dec 2019 01:12:10 +0000 (22:12 -0300)]
fate/cbs: add a decode model AV1 test

Signed-off-by: James Almer <jamrial@gmail.com>
5 months agofate/cbs: add a switch frame AV1 test
James Almer [Sun, 1 Dec 2019 00:27:17 +0000 (21:27 -0300)]
fate/cbs: add a switch frame AV1 test

Signed-off-by: James Almer <jamrial@gmail.com>
5 months agoRevert "avcodec/cbs_av1_syntax_template: Check ref_frame_idx before use"
James Almer [Sun, 17 Nov 2019 13:26:53 +0000 (10:26 -0300)]
Revert "avcodec/cbs_av1_syntax_template: Check ref_frame_idx before use"

This reverts commit 8174e5c77d8a94b57b6b1bcbb90728cf8b08ab6b.

It's no longer needed after the previous commit.

Signed-off-by: James Almer <jamrial@gmail.com>
5 months agoavcodec/cbs_av1: implement missing set_frame_refs() function
James Almer [Sun, 17 Nov 2019 03:50:38 +0000 (00:50 -0300)]
avcodec/cbs_av1: implement missing set_frame_refs() function

Defined in Section 7.8

This finishes implementing support for frames using
frame_refs_short_signaling.

Signed-off-by: James Almer <jamrial@gmail.com>
5 months agoavcodec/alsdec: Discard frames for which no channel could be decoded
Michael Niedermayer [Sat, 9 Nov 2019 21:02:50 +0000 (22:02 +0100)]
avcodec/alsdec: Discard frames for which no channel could be decoded

Fixes: Timeout (80sec -> 33sec)
Fixes: 18668/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5710836719157248

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/alsdec: Avoid 1 layer of pointer dereferences in INTERLEAVE_OUTPUT()
Michael Niedermayer [Sat, 9 Nov 2019 20:52:26 +0000 (21:52 +0100)]
avcodec/alsdec: Avoid 1 layer of pointer dereferences in INTERLEAVE_OUTPUT()

This optimizes the code slightly (116 -> 80sec)
Testcase: 18668/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5710836719157248

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/g729dec: Avoid one multiply by using init_get_bits8()
Michael Niedermayer [Sat, 9 Nov 2019 20:32:09 +0000 (21:32 +0100)]
avcodec/g729dec: Avoid one multiply by using init_get_bits8()

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/g729dec: Avoid using buf_size
Michael Niedermayer [Sat, 9 Nov 2019 20:21:51 +0000 (21:21 +0100)]
avcodec/g729dec: Avoid using buf_size

buf_size is not updated as buf is advanced so it is wrong after the first
iteration

Fixes: Timeout (160sec -> 27sec)
Fixes: 18658/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G729_fuzzer-5729784269373440

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/g729dec: Factor block_size out
Michael Niedermayer [Sat, 9 Nov 2019 20:11:02 +0000 (21:11 +0100)]
avcodec/g729dec: Factor block_size out

This will be used in the next commit

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/g729dec: require buf_size to be non 0
Michael Niedermayer [Sat, 9 Nov 2019 20:19:24 +0000 (21:19 +0100)]
avcodec/g729dec: require buf_size to be non 0

The 0 case was added with the support for multiple packets. It
appears unintended and causes extra complexity and out of array
accesses (though within padding)

No testcase

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/g729dec: Check for KELVIN && 6k4
Michael Niedermayer [Sat, 9 Nov 2019 20:08:58 +0000 (21:08 +0100)]
avcodec/g729dec: Check for KELVIN && 6k4

This combination would assume different block sizes throughout the code so its
better to error out.

Fixes: signed integer overflow: -1082385168 * 2 cannot be represented in type 'int'
Fixes: 19110/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ACELP_KELVIN_fuzzer-5643993950191616

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/alac: Fix integer overflow in lpc_prediction() with sign
Michael Niedermayer [Fri, 8 Nov 2019 19:40:46 +0000 (20:40 +0100)]
avcodec/alac: Fix integer overflow in lpc_prediction() with sign

Fixes: signed integer overflow: -2147483648 * -1 cannot be represented in type 'int'
Fixes: 18643/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5672182449700864

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/wmaprodec: Fix buflen computation in save_bits()
Michael Niedermayer [Fri, 8 Nov 2019 18:20:31 +0000 (19:20 +0100)]
avcodec/wmaprodec: Fix buflen computation in save_bits()

Fixes: Assertion failure
Fixes: 18630/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAPRO_fuzzer-5201588654440448

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/vc1_block: Fix integer overflow in AC rescaling in vc1_decode_i_block_adv()
Michael Niedermayer [Fri, 8 Nov 2019 17:31:02 +0000 (18:31 +0100)]
avcodec/vc1_block: Fix integer overflow in AC rescaling in vc1_decode_i_block_adv()

Fixes: signed integer overflow: 50176 * 262144 cannot be represented in type 'int'
Fixes: 18629/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5182370286403584

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/vmdaudio: Check chunk counts to avoid integer overflow
Michael Niedermayer [Fri, 8 Nov 2019 16:28:27 +0000 (17:28 +0100)]
avcodec/vmdaudio: Check chunk counts to avoid integer overflow

Fixes: signed integer overflow: 4 * 538976288 cannot be represented in type 'int'
Fixes: 18622/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VMDAUDIO_fuzzer-5092166174507008

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavformat/mxfdec: Clear metadata_sets_count in mxf_read_close()
Michael Niedermayer [Thu, 31 Oct 2019 12:32:55 +0000 (13:32 +0100)]
avformat/mxfdec: Clear metadata_sets_count in mxf_read_close()

This avoids problems if the function is called twice

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavformat/flac_picture: Return directly if nothing has been allocated
Andreas Rheinhardt [Fri, 29 Nov 2019 19:44:11 +0000 (20:44 +0100)]
avformat/flac_picture: Return directly if nothing has been allocated

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavformat/flac_picture: Switch to bytestream2 API
Andreas Rheinhardt [Fri, 29 Nov 2019 19:44:10 +0000 (20:44 +0100)]
avformat/flac_picture: Switch to bytestream2 API

ff_flac_parse_picture() parses a buffer containing a flac metadata
picture block by wrapping it in an AVIOContext and using the AVIOContext
API. Consequently, when not enough data could be read AVERROR(EIO) was
returned although reading didn't really fail: A block that contains a
subfield whose size field indicates that it is so big as to extend
beyond the buffer is just invalid.

This commit changes this by using the bytestream2 API instead;
furthermore, the checks for whether there is enough data left are
performed before allocating a buffer for said data.

Finally, if the length of the picture description is bigger than
INT_MAX, it will now raise an error.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavformat/flac_picture: Simplify checks
Andreas Rheinhardt [Fri, 29 Nov 2019 19:44:09 +0000 (20:44 +0100)]
avformat/flac_picture: Simplify checks

During parsing a flac picture metadata block, the mimetype is read as
follows: Its 32b size field is read and checked for being in the range
1..63; afterwards, the actual mimetype-string is read into a buffer of
size 64, where the length to read is the minimum of the length field and
the size of the destination buffer -1. Then an assert guards that length
is indeed < the size of the destination buffer before the string in the
buffer is zero-terminated.

The FFMIN as well as the assert are actually redundant, as it has
been checked that the string (even after terminating) fits into the
buffer. In order to make this clear, reword the check "len >= 64" to
"len >= sizeof(mimetype)" and drop the FFMIN as well as the assert.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavformat/smoothstreamingenc: removed unused check of avformat_free_context
Steven Liu [Fri, 29 Nov 2019 05:16:00 +0000 (13:16 +0800)]
avformat/smoothstreamingenc: removed unused check of avformat_free_context

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Reviewed-by: Jun Zhao <barryjzhao@tencent.com>
Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
5 months agoavformat/rtpenc_mpegts: removed unused check of avformat_free_context
Steven Liu [Fri, 29 Nov 2019 05:15:59 +0000 (13:15 +0800)]
avformat/rtpenc_mpegts: removed unused check of avformat_free_context

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Reviewed-by: Jun Zhao <barryjzhao@tencent.com>
Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
5 months agoavformat/hdsenc: removed unused check of avformat_free_context
Steven Liu [Fri, 29 Nov 2019 05:15:58 +0000 (13:15 +0800)]
avformat/hdsenc: removed unused check of avformat_free_context

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Reviewed-by: Jun Zhao <barryjzhao@tencent.com>
Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
5 months agoavformat/dashenc: remove unused check of avformat_free_context
Steven Liu [Fri, 29 Nov 2019 05:15:57 +0000 (13:15 +0800)]
avformat/dashenc: remove unused check of avformat_free_context

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Reviewed-by: Jun Zhao <barryjzhao@tencent.com>
Reviewed-by: Jeyapal, Karthick <kjeyapal@akamai.com>
Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
5 months agoavformat/avc: add missing return error value
James Almer [Sat, 30 Nov 2019 14:26:17 +0000 (11:26 -0300)]
avformat/avc: add missing return error value

Signed-off-by: James Almer <jamrial@gmail.com>
5 months agolavc/extract_extradata: Use bytestream api
Andriy Gelman [Sat, 30 Nov 2019 13:30:19 +0000 (08:30 -0500)]
lavc/extract_extradata: Use bytestream api

Signed-off-by: Andriy Gelman <andriy.gelman@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
5 months agoavcodec/extract_extradata_bsf: Don't unref uninitialized buffers
Andreas Rheinhardt [Sat, 30 Nov 2019 06:38:10 +0000 (07:38 +0100)]
avcodec/extract_extradata_bsf: Don't unref uninitialized buffers

This happens if allocating extradata fails and s->remove is unset.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
5 months agoavformat/avc: fix sps buffer offset when calling ff_avc_decode_sps()
James Almer [Sat, 30 Nov 2019 02:13:36 +0000 (23:13 -0300)]
avformat/avc: fix sps buffer offset when calling ff_avc_decode_sps()

Skip the avcC specific size bytes and the NAL header bits.

Signed-off-by: James Almer <jamrial@gmail.com>
5 months agofate/demux: add an AV1 Annex B test
James Almer [Mon, 18 Nov 2019 13:44:32 +0000 (10:44 -0300)]
fate/demux: add an AV1 Annex B test

Signed-off-by: James Almer <jamrial@gmail.com>
5 months agoavcodec/av1_parser: export stream dimensions in avctx
James Almer [Mon, 18 Nov 2019 13:43:40 +0000 (10:43 -0300)]
avcodec/av1_parser: export stream dimensions in avctx

This is required to demux annexb samples when a decoder isn't available.

Signed-off-by: James Almer <jamrial@gmail.com>
5 months agofate/lavf-container: add an H264 mp4 remux test
James Almer [Fri, 29 Nov 2019 21:12:41 +0000 (18:12 -0300)]
fate/lavf-container: add an H264 mp4 remux test

This uses a raw h264 bitstream as source, in order to test the avcC
generation code.

Signed-off-by: James Almer <jamrial@gmail.com>
5 months agofate/lavf-container: add an AV1 mp4 remux test
James Almer [Fri, 29 Nov 2019 21:02:05 +0000 (18:02 -0300)]
fate/lavf-container: add an AV1 mp4 remux test

Signed-off-by: James Almer <jamrial@gmail.com>
5 months agolibavdevice/lavfi: check avfilter_graph_dump return value
Zhao Zhili [Thu, 21 Nov 2019 07:08:18 +0000 (15:08 +0800)]
libavdevice/lavfi: check avfilter_graph_dump return value

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavformat/avio: Use ffurl_closep
Andreas Rheinhardt [Fri, 29 Nov 2019 09:42:48 +0000 (10:42 +0100)]
avformat/avio: Use ffurl_closep

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavfilter/vf_hqdn3d: add support for commands
Paul B Mahol [Thu, 21 Nov 2019 14:50:35 +0000 (15:50 +0100)]
avfilter/vf_hqdn3d: add support for commands

5 months agoavfilter/vf_hqdn3d: add support for 12bit and 14bit yuv formats
Paul B Mahol [Thu, 21 Nov 2019 14:27:43 +0000 (15:27 +0100)]
avfilter/vf_hqdn3d: add support for 12bit and 14bit yuv formats

5 months agolavc/mvha: Check init_get_bits8() for failure
Jun Zhao [Thu, 28 Nov 2019 11:42:01 +0000 (19:42 +0800)]
lavc/mvha: Check init_get_bits8() for failure

fix potential null pointer dereference

Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
5 months agolavf/vividas: check avformat_new_stream() return
Jun Zhao [Thu, 28 Nov 2019 11:07:48 +0000 (19:07 +0800)]
lavf/vividas: check avformat_new_stream() return

check avformat_new_stream() return.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
5 months agoavfilter/vf_yadif: rename config_props -> config_output, link -> outlink
Limin Wang [Thu, 28 Nov 2019 01:41:15 +0000 (09:41 +0800)]
avfilter/vf_yadif: rename config_props -> config_output, link -> outlink

Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavformat/vividas: Avoid allocation of AVIOContext
Andreas Rheinhardt [Thu, 28 Nov 2019 14:31:33 +0000 (15:31 +0100)]
avformat/vividas: Avoid allocation of AVIOContext

Put an AVIOContext whose lifetime doesn't extend beyond the function where
it is allocated on the stack instead of allocating and freeing it. This
also avoids the need to free it, which in this case fixes possible
memleaks on error.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavformat/avc: write the missing bits in the AVC Decoder Configuration Box
James Almer [Tue, 26 Nov 2019 14:58:16 +0000 (11:58 -0300)]
avformat/avc: write the missing bits in the AVC Decoder Configuration Box

Signed-off-by: James Almer <jamrial@gmail.com>
5 months agoavformat/movenc: Avoid allocation for small dynamic buffers
Andreas Rheinhardt [Wed, 27 Nov 2019 12:22:11 +0000 (13:22 +0100)]
avformat/movenc: Avoid allocation for small dynamic buffers

By using avio_get_dyn_buf() + ffio_free_dyn_buf() instead of
avio_close_dyn_buf() + av_free() one can avoid an allocation + copy for
small dynamic buffers.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
5 months agoavformat/matroskaenc: Avoid allocation for small dynamic buffers
Andreas Rheinhardt [Wed, 27 Nov 2019 12:22:10 +0000 (13:22 +0100)]
avformat/matroskaenc: Avoid allocation for small dynamic buffers

By using avio_get_dyn_buf() + ffio_free_dyn_buf() instead of
avio_close_dyn_buf() + av_free() one can avoid an allocation + copy for
small dynamic buffers (i.e. small master elements).

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
5 months agoavformat/id3v2enc: Avoid allocation for small tags
Andreas Rheinhardt [Wed, 27 Nov 2019 12:22:09 +0000 (13:22 +0100)]
avformat/id3v2enc: Avoid allocation for small tags

By using avio_get_dyn_buf() + ffio_free_dyn_buf() instead of
avio_close_dyn_buf() + av_free() one can avoid an allocation + copy for
small tags. Furthermore, it simplifies freeing.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
5 months agoavformat/avc: Avoid allocation for small SPS/PPS arrays
Andreas Rheinhardt [Wed, 27 Nov 2019 12:22:08 +0000 (13:22 +0100)]
avformat/avc: Avoid allocation for small SPS/PPS arrays

By using avio_get_dyn_buf() + ffio_free_dyn_buf() instead of
avio_close_dyn_buf() + av_free() one can avoid an allocation + copy for
small extradata. Furthermore, it simplifies freeing.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
5 months agoavformat/av1: Avoid allocation for small headers
Andreas Rheinhardt [Wed, 27 Nov 2019 12:22:07 +0000 (13:22 +0100)]
avformat/av1: Avoid allocation for small headers

By using avio_get_dyn_buf() + ffio_free_dyn_buf() instead of
avio_close_dyn_buf() + av_free() one can avoid an allocation + copy for
small headers. Furthermore, it simplifies freeing.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
5 months agoavformat/apetag: Avoid allocation for small tags
Andreas Rheinhardt [Wed, 27 Nov 2019 12:22:06 +0000 (13:22 +0100)]
avformat/apetag: Avoid allocation for small tags

By using avio_get_dyn_buf() + ffio_free_dyn_buf() instead of
avio_close_dyn_buf() + av_free() one can avoid an allocation + copy for
small tags. Furthermore, it simplifies freeing.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
5 months agoavformat/aviobuf: Avoid allocating buffer when using dynamic buffer
Andreas Rheinhardt [Wed, 27 Nov 2019 12:22:05 +0000 (13:22 +0100)]
avformat/aviobuf: Avoid allocating buffer when using dynamic buffer

Up until now, using a dynamic buffer entailed at least three
allocations: One for the AVIOContext, one for the AVIOContext's opaque
(which, among other things, contains the small write buffer), and one
for the big buffer that is independently allocated that is returned when
calling avio_close_dyn_buf().

It is possible to avoid the third allocation if one doesn't use a
packetized dynamic buffer, if all the data written so far fit into the
write buffer and if one does not require the actual (big) buffer to have
an indefinite lifetime. This is done by making avio_get_dyn_buf() return
a pointer to the data in the write buffer if nothing has been written to
the main buffer yet. The dynamic buffer will then be freed using
ffio_free_dynamic_buffer (which needed to be modified not to call
avio_close_dyn_buf() internally).

So a typical use-case like:

size = avio_close_dyn_buf(dyn_pb, &buf);
do something with buf
av_free(buf);

can be converted to:

size = avio_get_dyn_buf(dyn_pb, &buf);
do something with buf
ffio_free_dynamic_buffer(&dyn_pb);

In more complex scenarios this can simplify freeing as well, because it
is now clear that freeing always has to be performed via
ffio_free_dynamic_buffer().

Of course, in case this saves an allocation it also saves a memcpy.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
5 months agoavfilter/vf_libvmaf: Check for av_frame_alloc failure
Limin Wang [Wed, 20 Nov 2019 15:24:22 +0000 (23:24 +0800)]
avfilter/vf_libvmaf: Check for av_frame_alloc failure

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavformat/flacenc: Add const to ff_flac_write_header() parameter
Andreas Rheinhardt [Wed, 27 Nov 2019 07:48:56 +0000 (08:48 +0100)]
avformat/flacenc: Add const to ff_flac_write_header() parameter

The extradata is not changed at all.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/vp8: fix multiple ff_thread_finish_setup() calls
Zhao Zhili [Thu, 14 Nov 2019 04:29:55 +0000 (12:29 +0800)]
avcodec/vp8: fix multiple ff_thread_finish_setup() calls

webp decoder doesn't set update_thread_context field

$ ffmpeg -i rgb_q80.webp -f null -
[webp @ 0x7ffbd5823200] Multiple ff_thread_finish_setup() calls

Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavfilter/vf_colorconstancy: av_frame_free(&in) in case of error or direct flag is...
Limin Wang [Wed, 27 Nov 2019 10:46:51 +0000 (18:46 +0800)]
avfilter/vf_colorconstancy: av_frame_free(&in) in case of error or direct flag is false

Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agolavc/qsvenc: Fix some code indentations
Linjie Fu [Tue, 26 Nov 2019 03:53:16 +0000 (11:53 +0800)]
lavc/qsvenc: Fix some code indentations

Signed-off-by: Linjie Fu <linjie.fu@intel.com>
5 months agodoc/encoder: add the missing qsv encoders
Zhong Li [Wed, 27 Nov 2019 07:04:23 +0000 (07:04 +0000)]
doc/encoder: add the missing qsv encoders

Reviewed-by: Gyan Doshi <ffmpeg@gyani.pro>
Signed-off-by: Zhong Li <zhongli_dev@126.com>
5 months agolavc/rav1e: log and doc updated for const quantizer mode
Zhong Li [Tue, 12 Nov 2019 09:09:20 +0000 (09:09 +0000)]
lavc/rav1e: log and doc updated for const quantizer mode

Signed-off-by: Zhong Li <zhongli_dev@126.com>
5 months agoAdd options for spatial layers.
Thierry Foucu [Thu, 28 Nov 2019 00:25:33 +0000 (16:25 -0800)]
Add options for spatial layers.

Disable by default to output all the layers, to match libaomdec wrapper.
Add option to select the operating point for the spatial layers.
Update the documentation with the new options.

Signed-off-by: James Almer <jamrial@gmail.com>
5 months agoavcodec: add mvha video decoder
Paul B Mahol [Mon, 25 Nov 2019 11:59:56 +0000 (12:59 +0100)]
avcodec: add mvha video decoder

5 months agoavcodec: add mvdv video decoder
Paul B Mahol [Sat, 23 Nov 2019 12:46:55 +0000 (13:46 +0100)]
avcodec: add mvdv video decoder

5 months agoavformat/hls: correct grammatical errors of m3u8_hold_counters option
Steven Liu [Wed, 27 Nov 2019 11:04:00 +0000 (19:04 +0800)]
avformat/hls: correct grammatical errors of m3u8_hold_counters option

Suggested-by: Gyan <ffmpeg@gyani.pro>
Suggested-by: Rodney Baker <rodney.baker@iinet.net.au>
Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
5 months agolavc/qsvenc: Fix compilation for some build environments.
Carl Eugen Hoyos [Tue, 26 Nov 2019 23:03:33 +0000 (00:03 +0100)]
lavc/qsvenc: Fix compilation for some build environments.

Reported and tested by Sean Darcy.

5 months agoavutil/hwcontext_cuda: allow using primary CUDA device context
Oleg Dobkin [Mon, 18 Nov 2019 13:35:49 +0000 (15:35 +0200)]
avutil/hwcontext_cuda: allow using primary CUDA device context

Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
5 months agoavformat/hlsenc: set strict_std_compliance from the parent AVFormatContext
Steven Liu [Mon, 25 Nov 2019 03:15:13 +0000 (11:15 +0800)]
avformat/hlsenc: set strict_std_compliance from the parent AVFormatContext

fix ticket: 8388

Reviewed-by: Jan Ekström <jeebjp@gmail.com>
Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
6 months agoavcodec/v210dec: add support for frame and slice threading
Limin Wang [Mon, 25 Nov 2019 03:45:10 +0000 (11:45 +0800)]
avcodec/v210dec: add support for frame and slice threading

1, Test server configure:
[root@localhost ~]# cat /proc/cpuinfo  |grep "model name"
 model name      : Intel(R) Xeon(R) CPU E5-2650 v2 @ 2.60GHz
 model name      : Intel(R) Xeon(R) CPU E5-2650 v2 @ 2.60GHz
 ...

[root@localhost ~]# free -h
              total        used        free      shared  buff/cache   available
              Mem:           102G        1.1G        100G         16M        657M        100G
              Swap:          4.0G          0B        4.0G

2, Test result:
encode the v210 input data for testing:
./ffmpeg -y -i 4k_422.ts  -c:v v210 -vframes 10 test.avi

master:
./ffmpeg -y -threads 1 -stream_loop 1000 -i ./test.avi -benchmark -f null -
frame=10010 fps= 60 q=-0.0 Lsize=N/A time=00:38:26.30 bitrate=N/A speed=13.7x
video:5240kB audio:432432kB subtitle:0kB other streams:0kB global headers:0kB muxing overhead: unknown
bench: utime=101.869s stime=66.181s rtime=167.996s
bench: maxrss=186552kB

patch applied:
./ffmpeg -y -threads 2 -thread_type slice -stream_loop 1000 -i ./test.avi -benchmark -f null -
frame=10010 fps= 72 q=-0.0 Lsize=N/A time=00:38:26.30 bitrate=N/A speed=16.5x
video:5240kB audio:432432kB subtitle:0kB other streams:0kB global headers:0kB muxing overhead: unknown
bench: utime=103.562s stime=74.858s rtime=139.599s
bench: maxrss=188616kB

./ffmpeg -y -threads 2 -thread_type frame -stream_loop 1000 -i ./test.avi -benchmark -f null -
frame=10010 fps= 85 q=-0.0 Lsize=N/A time=00:38:26.30 bitrate=N/A speed=19.6x
video:5240kB audio:432432kB subtitle:0kB other streams:0kB global headers:0kB muxing overhead: unknown
bench: utime=114.310s stime=92.685s rtime=117.693s
bench: maxrss=231896kB

Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>