ffmpeg.git
16 months agoavcodec/wavpack: Fix overflow in adding tail
Michael Niedermayer [Thu, 7 Jun 2018 22:07:04 +0000 (00:07 +0200)]
avcodec/wavpack: Fix overflow in adding tail

Fixes: signed integer overflow: 2146907204 + 26846088 cannot be represented in type 'int'
Fixes: 8105/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVPACK_fuzzer-6233036682166272

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d13379fb79708f550460dd6d698023bf26f968d5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/shorten: Fix multiple integer overflows
Michael Niedermayer [Tue, 5 Jun 2018 11:19:35 +0000 (13:19 +0200)]
avcodec/shorten: Fix multiple integer overflows

Fixes: signed integer overflow: 3 * 1006632960 cannot be represented in type 'int'
Fixes: 8278/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5692857166856192

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f2abd36b3863188894fd21964c662b6c17268bfb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/shorten: Fix undefined shift in fix_bitshift()
Michael Niedermayer [Tue, 5 Jun 2018 11:15:34 +0000 (13:15 +0200)]
avcodec/shorten: Fix undefined shift in fix_bitshift()

Fixes: left shift of negative value -9
Fixes: 8571/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5715966875926528

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 606c7148231404544005c0827b83c165dd6b39a8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/shorten: Fix a negative left shift in shorten_decode_frame()
Michael Niedermayer [Tue, 5 Jun 2018 11:12:54 +0000 (13:12 +0200)]
avcodec/shorten: Fix a negative left shift in shorten_decode_frame()

Fixes: left shift of negative value -9057
Fixes: 8527/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5666853924896768

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a711efe922b2bf1d363bdf7f8357656c3e35021e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/shorten: Sanity check nmeans
Michael Niedermayer [Tue, 5 Jun 2018 11:03:48 +0000 (13:03 +0200)]
avcodec/shorten: Sanity check nmeans

Fixes: OOM
Fixes: 8195/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5179785826271232

The reference software appears to use longs for 32bits and it uses int for nmeans
hinting that the intended maximum size was not 32bit.

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d91a0b503d7a886587281bc1ee42476aa5e89f85)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/shorten: Check non COMM chunk len before skip in decode_aiff_header()
Michael Niedermayer [Tue, 5 Jun 2018 00:33:43 +0000 (02:33 +0200)]
avcodec/shorten: Check non COMM chunk len before skip in decode_aiff_header()

Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 8024/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5109204648984576

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 424a81df107b63a166894a4aee3d27702ae3f459)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/mjpegdec: Fix integer overflow in ljpeg_decode_rgb_scan()
Michael Niedermayer [Tue, 5 Jun 2018 00:17:24 +0000 (02:17 +0200)]
avcodec/mjpegdec: Fix integer overflow in ljpeg_decode_rgb_scan()

Fixes: signed integer overflow: 32768 + 2147450880 cannot be represented in type 'int'
Fixes: 7885/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THP_fuzzer-5298834394578944

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 936f4a2c2e14ec753e8835f2e820b4cd9aec9a56)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/truemotion2: Fix overflow in tm2_apply_deltas()
Michael Niedermayer [Tue, 5 Jun 2018 00:09:59 +0000 (02:09 +0200)]
avcodec/truemotion2: Fix overflow in tm2_apply_deltas()

Fixes: signed integer overflow: 1077952576 + 1077952576 cannot be represented in type 'int'
Fixes: 7712/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5056281753681920

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 79c6047c3668c639f717b3a7001a34dddba0ede2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/opus_silk: Change silk_lsf2lpc() slightly toward silk/NLSF2A.c
Michael Niedermayer [Sat, 2 Jun 2018 23:33:54 +0000 (01:33 +0200)]
avcodec/opus_silk: Change silk_lsf2lpc() slightly toward silk/NLSF2A.c

Fixes: runtime error: signed integer overflow: -1440457022 - 785819492 cannot be represented in type 'int'
Fixes: 7700/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_OPUS_fuzzer-6595838684954624

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e7dda51150b73e5fbdccf4c2d3a72e356980fba3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/amrwbdec: Fix division by 0 in find_hb_gain()
Michael Niedermayer [Sat, 2 Jun 2018 22:48:06 +0000 (00:48 +0200)]
avcodec/amrwbdec: Fix division by 0 in find_hb_gain()

This restructures the code slightly toward D_UTIL_dec_synthesis()

Fixes: 7420/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AMRWB_fuzzer-6577305112543232

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit dce80a4b47efaba97707bda781a9ee57f5a26974)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/h263dec: Reinitialize idct context if it has not been setup for the active...
Michael Niedermayer [Mon, 28 May 2018 20:29:58 +0000 (22:29 +0200)]
avcodec/h263dec: Reinitialize idct context if it has not been setup for the active profile

The profile after reading headers can be different from when the context was initialized

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 44a2415a6d94f841f2026bb70b8b3c19ba68aa72)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/idctdsp: Clear idct/idct_add for studio profile
Michael Niedermayer [Mon, 28 May 2018 20:29:57 +0000 (22:29 +0200)]
avcodec/idctdsp: Clear idct/idct_add for studio profile

This does not leave them "as before" which may be a value from a previous profile

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8c50d0cccfe4c9f25a8494f76da55dcdc2275058)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavformat/mov: replace a value error by clipping into valid range in mov_read_stsc()
Michael Niedermayer [Mon, 21 May 2018 01:16:58 +0000 (03:16 +0200)]
avformat/mov: replace a value error by clipping into valid range in mov_read_stsc()

Fixes: #7165

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fe84f70819d6f5aab3c4823290e0d32b99d6de78)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavformat/bintext: Reduce detection for random .bin files as it more likely is not...
Michael Niedermayer [Sat, 12 May 2018 16:33:26 +0000 (18:33 +0200)]
avformat/bintext: Reduce detection for random .bin files as it more likely is not a multimedia related file

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 919e37377a76f63d030d680fcb9506a3f8cc2d62)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavformat/mov: Break out early if chunk_count is 0 in mov_build_index()
Michael Niedermayer [Tue, 15 May 2018 15:06:59 +0000 (17:06 +0200)]
avformat/mov: Break out early if chunk_count is 0 in mov_build_index()

Without this some operations might overflow (undefined behavior)
even though the index adding loop would never execute

No testcase known

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 56e76bd0579cc7f7b28860885d9e569a39daf41b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/fic: Avoid some magic numbers related to cursors
Michael Niedermayer [Sat, 5 May 2018 21:42:36 +0000 (23:42 +0200)]
avcodec/fic: Avoid some magic numbers related to cursors

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c6a11714c4b1227be62cbc36651ccfc415e8e623)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/mpeg4video: Detect reference studio streams as studio streams
Michael Niedermayer [Sun, 29 Apr 2018 21:39:41 +0000 (23:39 +0200)]
avcodec/mpeg4video: Detect reference studio streams as studio streams

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ba97d75ac6254db90c64d3c7aacdd0548dca7b24)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/mpeg4videodec: Do not corrupt bits_per_raw_sample
Michael Niedermayer [Sun, 29 Apr 2018 18:49:21 +0000 (20:49 +0200)]
avcodec/mpeg4videodec: Do not corrupt bits_per_raw_sample

Reviewed-by: Kieran Kunhya <kierank@obe.tv>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9e5d0860c043ba5d1e48c0f8c42b0fe3b6cbeba4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/mpeg4videode: Eliminate out of loop VOP startcode reading for studio profile
Michael Niedermayer [Sun, 29 Apr 2018 17:09:05 +0000 (19:09 +0200)]
avcodec/mpeg4videode: Eliminate out of loop VOP startcode reading for studio profile

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9f73ae31e075104c7613d481a09a8b102e6449e9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/g2meet: ask for sample with overflowing RGB
Michael Niedermayer [Wed, 16 May 2018 20:50:19 +0000 (22:50 +0200)]
avcodec/g2meet: ask for sample with overflowing RGB

Suggested-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ab834b8f36c8157b7015e849405cbf6ae21e672f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/idctdsp: Transmit studio_profile to init instead of using AVCodecContext...
Michael Niedermayer [Mon, 28 May 2018 19:19:08 +0000 (21:19 +0200)]
avcodec/idctdsp: Transmit studio_profile to init instead of using AVCodecContext profile

These 2 fields are not always the same, it is simpler to always use the same field
for detecting studio profile

Fixes: null pointer dereference
Fixes: ffmpeg_crash_3.avi

Found-by: Thuan Pham <thuanpv@comp.nus.edu.sg>, Marcel Böhme, Andrew Santosa and Alexandru RazvanCaciulescu with AFLSmart
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b3332a182f8ba33a34542e4a0370f38b914ccf7d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/ac3dec: Check that the number of channels with dependant streams is valid
Michael Niedermayer [Fri, 25 May 2018 20:55:19 +0000 (22:55 +0200)]
avcodec/ac3dec: Check that the number of channels with dependant streams is valid

Fixes: left shift of 1 by 63 places cannot be represented in type 'long long'
Fixes: out of array access
Fixes: 7284/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AC3_fuzzer-5767914968842240

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e3275f937dc38e740c74539f2f6aad5bfdba2bf1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/ac3dec: Fix null pointer dereference in ac3_decode_frame()
Michael Niedermayer [Fri, 25 May 2018 20:22:27 +0000 (22:22 +0200)]
avcodec/ac3dec: Fix null pointer dereference in ac3_decode_frame()

Fixes: index 8 out of bounds for type 'uint8_t *[8]'
Fixes: 7273/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EAC3_fuzzer-6296497667702784

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e3f656f2dea6ef6e2a14e72931f3d6f205f732c8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/aacdec_fixed: use 64bit to avoid overflow in rounding in apply_dependent_coup...
Michael Niedermayer [Fri, 25 May 2018 20:06:48 +0000 (22:06 +0200)]
avcodec/aacdec_fixed: use 64bit to avoid overflow in rounding in apply_dependent_coupling_fixed()

Fixes: signed integer overflow: -2141499320 + -14469590 cannot be represented in type 'int'
Fixes: 7351/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-6351214791884800

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 90475db97e2e5931d295df6ab86519fa2e14d259)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agooavcodec/aacpsdsp_template: Use unsigned for hs0X to prevent undefined behavior
Michael Niedermayer [Fri, 25 May 2018 20:02:20 +0000 (22:02 +0200)]
oavcodec/aacpsdsp_template: Use unsigned for hs0X to prevent undefined behavior

Fixes: signed integer overflow: 1073741842 + 1784008138 cannot be represented in type 'int'
Fixes: 6792/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5677589835284480

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 62cb6fadf33de6db386deac92853d4b95c930015)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/g723_1dec: Clip bits2 in both directions
Michael Niedermayer [Fri, 25 May 2018 19:56:04 +0000 (21:56 +0200)]
avcodec/g723_1dec: Clip bits2 in both directions

Fixes: shift exponent 33 is too large for 32-bit type 'int'
Fixes: 6743/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G723_1_fuzzer-5823772687859712

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 53f241218d9eac368e2e1c58bcca9bbdf10fd0e1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/mpeg4videoenc: Use 64 bit for times in mpeg4_encode_gop_header()
Michael Niedermayer [Mon, 21 May 2018 21:08:05 +0000 (23:08 +0200)]
avcodec/mpeg4videoenc: Use 64 bit for times in mpeg4_encode_gop_header()

Fixes truncation
Fixes Assertion n <= 31 && value < (1U << n) failed at libavcodec/put_bits.h:169
Fixes: ffmpeg_crash_2.avi

Found-by: Thuan Pham <thuanpv@comp.nus.edu.sg>, Marcel Böhme, Andrew Santosa and Alexandru RazvanCaciulescu with AFLSmart
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e1182fac1afba92a4975917823a5f644bee7e6e8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/mlpdec: Only change noise_type if the related fields are valid
Michael Niedermayer [Thu, 17 May 2018 11:58:46 +0000 (13:58 +0200)]
avcodec/mlpdec: Only change noise_type if the related fields are valid

Fixes: inconsistency
Fixes:runtime error: index 8 out of bounds for type 'int32_t [8]'
Fixes: 6686/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEHD_fuzzer-5191383498358784

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 63c4a4b0d692bc86142790276358ba35129f2290)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoindeo4: Decode all or nothing of a band header.
Michael Niedermayer [Thu, 17 May 2018 11:40:38 +0000 (13:40 +0200)]
indeo4: Decode all or nothing of a band header.

This avoids inconsistent value combinations.
Alternatively it would be possible to add more checks and careful use of
temporary variables, but my try of this quickly seemed to become
a rather large change.
The disadvantage of this, is that the struct is copied back and forth.

Fixes: index 6 out of bounds for type 'const uint16_t [5][16]'
Fixes: 6557/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INDEO4_fuzzer-4787296550256640

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 10c8521265da86118597336c5589e26de377a374)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/ac3dec: Use frame_size if superframe_size is 0
Michael Niedermayer [Thu, 17 May 2018 23:48:38 +0000 (01:48 +0200)]
avcodec/ac3dec: Use frame_size if superframe_size is 0

Fixes: Infinite loop
Fixes: 7669/clusterfuzz-testcase-ffmpeg_AV_CODEC_ID_AC3_FIXED_fuzzer-4689042185650176
Fixes: 7670/clusterfuzz-testcase-ffmpeg_AV_CODEC_ID_AC3_fuzzer-4706306762997760
Fixes: 7672/clusterfuzz-testcase-ffmpeg_AV_CODEC_ID_EAC3_fuzzer-4702108499574784

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f77eee67e25b13e32e899efb6fdf01719914353e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavformat/mov: Only fail for STCO/STSC contradictions if both exist
Michael Niedermayer [Tue, 15 May 2018 15:07:00 +0000 (17:07 +0200)]
avformat/mov: Only fail for STCO/STSC contradictions if both exist

Fixes regression with playback of GF9720Repeal20the20Eighth20with20Helen20Linehan.m4a
See: crbug 822666

Found-by: "Mattias Wadman <mattias.wadman@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2c2d689c56646cce64d02a3b75f61c12c5589260)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/dirac_dwt: Fix integer overflow in COMPOSE_DD97iH0 / COMPOSE_DD137iL0
Michael Niedermayer [Sun, 13 May 2018 22:10:33 +0000 (00:10 +0200)]
avcodec/dirac_dwt: Fix integer overflow in COMPOSE_DD97iH0 / COMPOSE_DD137iL0

Fixes: negation of -2147483648 cannot be represented in type 'int32_t' (aka 'int');
Fixes: 6500/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-4523620274536448

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cb944fc7f1327443a0cf449afbce5a3e8712f90f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/fic: Check available input space for cursor
Michael Niedermayer [Sat, 5 May 2018 20:00:01 +0000 (22:00 +0200)]
avcodec/fic: Check available input space for cursor

Fixes: out of array read
Fixes: 6546/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FIC_fuzzer-6317064647081984

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cb2f7ea96b4f6e03ebf0c0563677745fc65f148e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/mpeg4videodec: Check bps (VOL header) before VOP for studio profile
Michael Niedermayer [Sun, 29 Apr 2018 18:28:46 +0000 (20:28 +0200)]
avcodec/mpeg4videodec: Check bps (VOL header) before VOP for studio profile

Fixes: runtime error: shift exponent -1 is negative
Fixes: 7486/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-4977380939530240

Fixes: runtime error: index 36 out of bounds for type 'const uint8_t [32]'
Fixes: 7566/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-6536620682510336

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b3a18511cc93082ebecce0861bc15d7f548492e0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/g2meet: Check RGB upper limit
Michael Niedermayer [Fri, 27 Apr 2018 18:16:13 +0000 (20:16 +0200)]
avcodec/g2meet: Check RGB upper limit

Fixes: runtime error: left shift of 1876744317 by 16 places cannot be represented in type 'int'
Fixes: 6799/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G2M_fuzzer-5115274731716608

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4dd2c8b9ea46b4e008a8bfc2077834428cd5a17c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/jpeg2000dec: Fix undefined shift in the jpeg2000_decode_packets_po_iteration...
Michael Niedermayer [Fri, 4 May 2018 17:18:25 +0000 (19:18 +0200)]
avcodec/jpeg2000dec: Fix undefined shift in the jpeg2000_decode_packets_po_iteration() CPRL case

Fixes: shift exponent 47 is too large for 32-bit type 'int'
Fixes: 7955/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-6016721977606144

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 652ba72ed3124f201f98eea9bafb2232b535f549)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/jpeg2000dec: Skip init for component in CPRL if nothing is to be done
Michael Niedermayer [Fri, 4 May 2018 17:11:36 +0000 (19:11 +0200)]
avcodec/jpeg2000dec: Skip init for component in CPRL if nothing is to be done

Fixes: assertion failure
Fixes: 7949/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-4819602782552064

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a96c131eb53b00de154f4773d96a3b323ea3daed)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/g2meet: Change order of operations to avoid undefined behavior
Michael Niedermayer [Fri, 4 May 2018 16:16:08 +0000 (18:16 +0200)]
avcodec/g2meet: Change order of operations to avoid undefined behavior

Fixes: signed integer overflow: 65280 * 196032 cannot be represented in type 'int'
Fixes: 7279/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G2M_fuzzer-5977332473921536

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0a4745145840d97619c424961c1b5c625dbf516c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/flac_parser: Fix infinite loop
Michael Niedermayer [Mon, 30 Apr 2018 20:20:28 +0000 (22:20 +0200)]
avcodec/flac_parser: Fix infinite loop

Fixes: crbug/827204

Reported-by: Frank Liberato <liberato@google.com>
Reviewed-by: Frank Liberato <liberato@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 15a2e35e9e74bba5a27e39c26da5be2361f27945)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/mpeg4videodec: Split decode_studio_vol_header() out of decode_studiovisualobj...
Michael Niedermayer [Sun, 29 Apr 2018 19:19:15 +0000 (21:19 +0200)]
avcodec/mpeg4videodec: Split decode_studio_vol_header() out of decode_studiovisualobject()

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 177133a0f4b41b3c98b9cbc7f8f45755412c537b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/mpeg4videodec: Move decode_studiovisualobject() parsing in the branch for...
Michael Niedermayer [Sun, 29 Apr 2018 19:19:14 +0000 (21:19 +0200)]
avcodec/mpeg4videodec: Move decode_studiovisualobject() parsing in the branch for visual object parsing

Fixes: runtime error: shift exponent -1 is negative
Fixes: 7510/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5024523356209152

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e03bf251d8784f4d1df2c22381c902087e151e31)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/mpeg4video_parser: Avoid litteral 0x1B6, use named constant instead
Michael Niedermayer [Mon, 30 Apr 2018 16:17:20 +0000 (18:17 +0200)]
avcodec/mpeg4video_parser: Avoid litteral 0x1B6, use named constant instead

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c0aa89eeee2af2a4898258b29badea2f935a4836)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/mpeg4video_parser: Fix incorrect spliting of MPEG-4 studio frames
Michael Niedermayer [Sun, 29 Apr 2018 21:56:15 +0000 (23:56 +0200)]
avcodec/mpeg4video_parser: Fix incorrect spliting of MPEG-4 studio frames

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a47bd1cd1c714ac94cea9d3a26b58de521a7debc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavformat/m4vdec: Use the same constant names as libavcodec
Michael Niedermayer [Mon, 30 Apr 2018 16:09:41 +0000 (18:09 +0200)]
avformat/m4vdec: Use the same constant names as libavcodec

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0f176bb8e0896f233b35054530f76c4a778b968f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavformat/m4vdec: Fix detection of raw MPEG-4 ES Studio
Michael Niedermayer [Sun, 29 Apr 2018 21:56:14 +0000 (23:56 +0200)]
avformat/m4vdec: Fix detection of raw MPEG-4 ES Studio

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 34dbdcfc20d69b7b67fd13112445cd05b9b5d979)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/wavpack: Fix integer overflow in DEC_MED() / INC_MED()
Michael Niedermayer [Fri, 27 Apr 2018 19:44:07 +0000 (21:44 +0200)]
avcodec/wavpack: Fix integer overflow in DEC_MED() / INC_MED()

Fixes: runtime error: signed integer overflow: 2147483637 + 128 cannot be represented in type 'int'
Fixes: 6701/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVPACK_fuzzer-5358324934508544

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6e95d80e6fae978f8a44afc24b0c5097a062719f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/wavpack: Fix integer overflow in wv_unpack_stereo()
Michael Niedermayer [Fri, 27 Apr 2018 19:44:06 +0000 (21:44 +0200)]
avcodec/wavpack: Fix integer overflow in wv_unpack_stereo()

Fixes: runtime error: signed integer overflow: 2147483531 + 16384 cannot be represented in type 'int'
Fixes: 6615/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVPACK_fuzzer-5165715515506688

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit da038c07f02dfc10380001c11b3d047eca7cb8c9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/error_resilience: Fix integer overflow in filter181()
Michael Niedermayer [Sun, 22 Apr 2018 19:46:05 +0000 (21:46 +0200)]
avcodec/error_resilience: Fix integer overflow in filter181()

Fixes: runtime error: signed integer overflow: 197710 * 10923 cannot be represented in type 'int'
Fixes: 7010/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5667127596941312

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1c97035e3b1677d6f0c5b6161ebfeffcf7bb638d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/h263dec: Check slice_ret in mspeg4 slice loop
Michael Niedermayer [Sun, 22 Apr 2018 19:07:45 +0000 (21:07 +0200)]
avcodec/h263dec: Check slice_ret in mspeg4 slice loop

Fixes infinite loop
Fixes: 6858/clusterfuzz-testcase-ffmpeg_AV_CODEC_ID_MSMPEG4V3_fuzzer-4681563766784000
Fixes: 6890/clusterfuzz-testcase-ffmpeg_AV_CODEC_ID_WMV1_fuzzer-4756103142309888

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit de841fbea7655b74a9663001e01008a86c88779a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/elsdec: Fix memleaks
Michael Niedermayer [Tue, 24 Apr 2018 23:54:17 +0000 (01:54 +0200)]
avcodec/elsdec: Fix memleaks

Fixes: 6798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G2M_fuzzer-5135899701542912

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0bd0401336df4e4ca7f3da6a7e226904fd7d5add)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/vc1_block: simplify ac_val computation
Michael Niedermayer [Mon, 23 Apr 2018 00:08:10 +0000 (02:08 +0200)]
avcodec/vc1_block: simplify ac_val computation

also fixes: runtime error: index 1456 out of bounds for type 'int16_t [16]'

Found-by: durandal_1707
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d06b01fc2d4f5e031d45f9460d1eea610d23d6c5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/ffv1enc: Check that the crc + version combination is supported
Michael Niedermayer [Sat, 21 Apr 2018 20:19:31 +0000 (22:19 +0200)]
avcodec/ffv1enc: Check that the crc + version combination is supported

The crc flag is only stored since version 3 thus before this crcs do not
work. We increase the version as needed same as we do with pix_fmts

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d9706f79c17a33bf97e51a7d6ab211ce83a463ee)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoconfigure: The eac3_core bitstream filter needs the ac3 parser.
Carl Eugen Hoyos [Tue, 12 Jun 2018 08:02:44 +0000 (10:02 +0200)]
configure: The eac3_core bitstream filter needs the ac3 parser.

Fixes linking with "--disable-everything --enable-bsf=eac3_core".
(cherry picked from commit 9461e7d3a598e78811146b730db68d3a5b2532b0)

16 months agoconfigure: fix arm inline asm checks
John Cox [Wed, 30 May 2018 16:30:31 +0000 (17:30 +0100)]
configure: fix arm inline asm checks

Commit 8c893aa3cd5 removed quotes that were required to detect
inline asm in clang:

check_insn armv5te qadd r0, r0, r0
.../test.c:1:34: error: expected string literal in 'asm'
void foo(void){ __asm__ volatile(qadd r0, r0, r0); }

The correct code is:

void foo(void){ __asm__ volatile("qadd r0, r0, r0"); }

Commit message written by Frank Liberato <liberato@chromium.org>

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit ad94f1c8abe68a2b38536cc96a31327c6be7b105)

16 months agolavf/libssh: translate a read of 0 to EOF
Jan Ekström [Mon, 28 May 2018 00:21:35 +0000 (03:21 +0300)]
lavf/libssh: translate a read of 0 to EOF

Yet another case of forgotten 0 =! EOF translation.

While the documentation for this specific synchronous read
function does not mention it, the documentation for
`sftp_async_read` documents it, as well as looking at the
implementation of this function leads one to find
`if (handle->eof) { return 0; }`.

Reported by stnutt on IRC.

(cherry picked from commit 26892c7615395f331f6143535f03a2957973e2e0)

17 months agoffprobe: fix SEGV when new streams are added
Aman Gupta [Tue, 8 May 2018 19:46:12 +0000 (12:46 -0700)]
ffprobe: fix SEGV when new streams are added

Signed-off-by: Aman Gupta <aman@tmm1.net>
(cherry picked from commit 12ceaf0fbacb20b86bdc343ba2bbc71d2fff72e0)

17 months agoavformat/mpegts: fix incorrect indentation
Aman Gupta [Tue, 15 May 2018 18:47:30 +0000 (11:47 -0700)]
avformat/mpegts: fix incorrect indentation

Signed-off-by: Aman Gupta <aman@tmm1.net>
(cherry picked from commit 64bf915cd851ab604cb87cd463725fd1c6460a1c)

17 months agoavformat/mpegts: initialize section_buf to fix valgrind test failure
Aman Gupta [Mon, 14 May 2018 17:24:44 +0000 (10:24 -0700)]
avformat/mpegts: initialize section_buf to fix valgrind test failure

http://fate.ffmpeg.org/report.cgi?slot=x86_64-archlinux-gcc-valgrind&time=20180513001958

Signed-off-by: Aman Gupta <aman@tmm1.net>
(cherry picked from commit 42a03e77000692ad6de032b8cf684e1d6ec73790)

17 months agoavformat/mpegts: reindent after last change
Aman Gupta [Wed, 9 May 2018 21:31:30 +0000 (14:31 -0700)]
avformat/mpegts: reindent after last change

Signed-off-by: Aman Gupta <aman@tmm1.net>
(cherry picked from commit 7db022e67bab568a560c8bd55f5840e71a34dc15)

17 months agoavformat/mpegts: parse sections with multiple tables
Aman Gupta [Wed, 9 May 2018 21:20:48 +0000 (14:20 -0700)]
avformat/mpegts: parse sections with multiple tables

Fixes PMT parsing in some mpegts streams which contain
multiple tables within the PMT pid. Previously, the parser
assumed only one table was present in each packet, and discarded
the rest of the section data after attempting to parse the first
table.

A similar issue was documented in the BeyondTV software[1], which
helped me diagnose the same bug in the ffmpeg mpegts demuxer. I also
tried DVBInspector, libdvbpsi's dvbinfo, and tstools' tsinfo to
help debug. The former two properly read PMTs with multiple tables,
whereas the last has the same bug as ffmpeg.

I've created a minimal sample[2] which contains the combined PMT.
Here's what ffmpeg probe shows before and after this patch:

Before:

    Input #0, mpegts, from 'combined-pmt-tids.ts':
      Duration: 00:00:01.08, start: 4932.966167, bitrate: 741 kb/s
      Program 1
      No Program
        Stream #0:0[0xf9d]: Audio: ac3, 48000 Hz, mono, fltp, 96 kb/s
        Stream #0:1[0xf9b]: Audio: mp3, 0 channels, fltp
        Stream #0:2[0xf9c]: Unknown: none

After:

    Input #0, mpegts, from 'combined-pmt-tids.ts':
      Duration: 00:00:01.11, start: 4932.966167, bitrate: 718 kb/s
      Program 1
        Stream #0:0[0xf9b]: Video: mpeg2video ([2][0][0][0] / 0x0002), none(tv, top first), 29.97 fps, 29.97 tbr, 90k tbn, 90k tbc
        Stream #0:1[0xf9c](eng): Audio: ac3 (AC-3 / 0x332D4341), 48000 Hz, 5.1(side), fltp, 384 kb/s
        Stream #0:2[0xf9d](spa): Audio: ac3 (AC-3 / 0x332D4341), 48000 Hz, mono, fltp, 96 kb/s

With the patch, the PMT is parsed correctly so the streams are
created in the correct order, are associated with "Program 1",
and their codecs are set correctly.

[1] http://forums.snapstream.com/vb/showpost.php?p=343816&postcount=201
[2] https://s3.amazonaws.com/tmm1/combined-pmt-tids.ts

Signed-off-by: Aman Gupta <aman@tmm1.net>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9152c1e495551535886cfd7a8d7c0a206691443e)

17 months agoavformat/mpegts: clean up whitespace
Aman Gupta [Wed, 9 May 2018 19:43:38 +0000 (12:43 -0700)]
avformat/mpegts: clean up whitespace

Signed-off-by: Aman Gupta <aman@tmm1.net>
(cherry picked from commit 07d9c31055e6e07629506246d68d93b84bec1507)

17 months agoavformat/mpegts: use MAX_SECTION_SIZE instead of hardcoded value
Aman Gupta [Wed, 9 May 2018 19:42:14 +0000 (12:42 -0700)]
avformat/mpegts: use MAX_SECTION_SIZE instead of hardcoded value

Signed-off-by: Aman Gupta <aman@tmm1.net>
(cherry picked from commit 1a14e39145816597b97db46dbb30e37feddf246c)

17 months agoavformat/mpegts: skip non-PMT tids earlier
Aman Gupta [Tue, 8 May 2018 22:07:35 +0000 (15:07 -0700)]
avformat/mpegts: skip non-PMT tids earlier

This mimics the logic flow in all the other callbacks
(pat_cb, sdt_cb, m4sl_cb), and avoids calling skip_identical()
for non PMT_TID packets.

Since skip_identical modifies internal state like
MpegTSSectionFilter.last_ver, this change prevents unnecessary
reprocessing on some streams which contain multiple tables in
the PMT pid. This can be observed with streams from certain US
cable providers, which include both tid=0x2 and another unspecified
tid=0xc0.

Signed-off-by: Aman Gupta <aman@tmm1.net>
(cherry picked from commit 2c500f50972c19f25ebca783ba9374d6a0c23efb)

17 months agoavcodec/mediacodecdec: add workaround for buggy amlogic mpeg2 decoder
Aman Gupta [Thu, 26 Apr 2018 18:51:15 +0000 (11:51 -0700)]
avcodec/mediacodecdec: add workaround for buggy amlogic mpeg2 decoder

I tested the previous mediacodec changes on seven different Android
TV devices, with both mpeg2 and h264 content. All except one worked
as expected. The exception was the MiBox3 running Android 6.0.1,
where playback would freeze on a frame every few seconds. I tested
two other AMLogic devices with newer Android versions that did not
show the same problem. H264 decoding on the MiBox3 was also not affected,
so this workaround applies only to OMX.amlogic.mpeg2.decoder.awesome
on Android API22.

There is a rumor that Xiaomi is planning to release Android Oreo for
the MiBox3, so I will revisit in a few months to confirm whether this
is specific to os/driver version or the chipset used in that device.

Signed-off-by: Aman Gupta <aman@tmm1.net>
Signed-off-by: Matthieu Bouron <matthieu.bouron@gmail.com>
(cherry picked from commit 9b563f6584b5ba2292975f0917268ac7b37497eb)

17 months agoavcodec/mediacodecdec: wait on first frame after input buffers are full
Aman Gupta [Wed, 25 Apr 2018 01:54:45 +0000 (18:54 -0700)]
avcodec/mediacodecdec: wait on first frame after input buffers are full

The output_buffer_count==0 special case is no longer required, and
can cause spurious EAGAIN to surface to the user when input buffers
are filled up. Since the caller now knows if the decoder is accepting
new input (via current_input_buffer>=0), let the wait parameter
control whether we block or not.

Signed-off-by: Aman Gupta <aman@tmm1.net>
Signed-off-by: Matthieu Bouron <matthieu.bouron@gmail.com>
(cherry picked from commit a75bb5496ac6e7e194f1c6fd3b87f02a52e74adb)

17 months agoavcodec/mediacodecdec: restructure mediacodec_receive_frame
Aman Gupta [Tue, 24 Apr 2018 19:40:38 +0000 (12:40 -0700)]
avcodec/mediacodecdec: restructure mediacodec_receive_frame

The new logic follows a recommendation by @rcombs to use
dequeueInputBuffer with a timeout of 0 as a way to detect
whether the codec wants more data. The dequeued buffer index is
kept in MediaCodecDecContext until it can be used next.

A similar technique is also used by the Google's official media
player Exoplayer: see MediaCodecRenderer.feedInputBuffer().

Signed-off-by: Aman Gupta <aman@tmm1.net>
Signed-off-by: Matthieu Bouron <matthieu.bouron@gmail.com>
(cherry picked from commit f6681feda641c026d84f6d207f661bf9b87d9d70)

17 months agoavcodec/mediacodec_wrapper: add helper to fetch SDK_INT
Aman Gupta [Thu, 26 Apr 2018 18:50:55 +0000 (11:50 -0700)]
avcodec/mediacodec_wrapper: add helper to fetch SDK_INT

Signed-off-by: Matthieu Bouron <matthieu.bouron@gmail.com>
Signed-off-by: Aman Gupta <aman@tmm1.net>
(cherry picked from commit fe0a6bcbda0f51d0613dbbd42a7635c22530ce95)

17 months agoavcodec/mediacodecdec: refactor pts handling
Aman Gupta [Tue, 24 Apr 2018 20:51:15 +0000 (13:51 -0700)]
avcodec/mediacodecdec: refactor pts handling

Also fixes a bug where EOS buffer was sent with incorrect
pts when not using surface generation.

Signed-off-by: Matthieu Bouron <matthieu.bouron@gmail.com>
Signed-off-by: Aman Gupta <aman@tmm1.net>
(cherry picked from commit d8e92a89edd8e73cdc7f125f078c576df10b66f2)

17 months agoavcodec/mediacodecdec: use AV_TIME_BASE_Q
Aman Gupta [Tue, 24 Apr 2018 20:45:30 +0000 (13:45 -0700)]
avcodec/mediacodecdec: use AV_TIME_BASE_Q

Signed-off-by: Matthieu Bouron <matthieu.bouron@gmail.com>
Signed-off-by: Jan Ekström <jeebjp@gmail.com>
Signed-off-by: Aman Gupta <aman@tmm1.net>
(cherry picked from commit 7a4639b1eba31f88490c85663c75fb1414307680)

17 months agoavcodec/mediacodecdec: clarify delay_flush specific code
Aman Gupta [Tue, 24 Apr 2018 02:21:19 +0000 (19:21 -0700)]
avcodec/mediacodecdec: clarify delay_flush specific code

As of 2a0eb8685, ff_mediacodec_dec_is_flushing() only returns
true in delay_flush mode. Make this more obvious by adding
delay_flush to the if statement.

Signed-off-by: Matthieu Bouron <matthieu.bouron@gmail.com>
Signed-off-by: Aman Gupta <aman@tmm1.net>
(cherry picked from commit 6a7a84b2d11e6c5e2ca2023a6886ca75b8b10030)

17 months agoavcodec/videotoolbox: fix decoding of some HEVC videos
Aman Gupta [Fri, 4 May 2018 22:41:30 +0000 (15:41 -0700)]
avcodec/videotoolbox: fix decoding of some HEVC videos

In a normal hwaccel, the AVHWFramesContext sets AVFrame.hw_frames_ctx
when it initializes a new AVFrame in av_hwframe_get_buffer().

But the VT hwaccel doesn't know what hw_frames_ctx to assign when
the AVFrame is first created, because it depends on the format of
the pixbuf that the decoder eventually decides to return. Thus
newly created AVFrames always have a NULL hw_frames_ctx, and the
hwaccel would only assign the ctx once a frame was done decoding.
This worked fine with the H264 decoder, but with the HEVC decoder
the frame's data may be moved to another empty AVFrame. Since the
empty AVFrame never had hw_frames_ctx set, a frame with a NULL
ctx could be returned to the API user.

This patch works around the issue by moving the derived
hw_frames_ctx from the AVFrame to a new VTHWFrame which now holds
both the CVPixelBufferRef and the AVBuffer. The hw_frames_ctx
is only copied to the AVFrame right before it is about to be
returned to the user in videotoolbox_postproc_frame() (since
in the case of VT, the hw_frames_ctx is only there for the API
user anyway).

Fixes playback on macOS and iOS of some hevc videos like
https://s3.amazonaws.com/tmm1/videotoolbox/germany-hevc-zdf.ts

Signed-off-by: Aman Gupta <aman@tmm1.net>
(cherry picked from commit 8f146b526ff8d63adc02e1c5db15850f4589230b)

17 months agoavcodec/hevc: remove videotoolbox hack
Aman Gupta [Fri, 4 May 2018 21:57:50 +0000 (14:57 -0700)]
avcodec/hevc: remove videotoolbox hack

No longer required since 63d875772d. The equivalent hack
for h264 was removed in that commit, but this one was missed.

Signed-off-by: Aman Gupta <aman@tmm1.net>
(cherry picked from commit a19bac8fc8b6a8df4030f79a6192b20492b02cef)

17 months agoavcodec/videotoolbox: split h264/hevc callbacks
Aman Gupta [Fri, 4 May 2018 21:58:08 +0000 (14:58 -0700)]
avcodec/videotoolbox: split h264/hevc callbacks

Previously the shared callbacks were trying to interpret
avctx->priv_data as H264Context*

Signed-off-by: Aman Gupta <aman@tmm1.net>
(cherry picked from commit 07d175d0b0b22912784f35d29e139cf025a03221)

17 months agoavcodec/videotoolbox: cleanups
Aman Gupta [Fri, 4 May 2018 21:57:32 +0000 (14:57 -0700)]
avcodec/videotoolbox: cleanups

No functional changes.

Signed-off-by: Aman Gupta <aman@tmm1.net>
(cherry picked from commit dd77cca1c4b45ec499435f4c484838f6b0b045fe)

17 months agoavcodec/videotoolbox: fix kVTCouldNotFindVideoDecoderErr trying to decode HEVC on iOS
Aman Gupta [Thu, 19 Apr 2018 22:34:01 +0000 (15:34 -0700)]
avcodec/videotoolbox: fix kVTCouldNotFindVideoDecoderErr trying to decode HEVC on iOS

Older iOS devices don't have a hardware HEVC decoder, but the
software decoder offered by VideoToolbox is well-optimized and
performs much better than the ffmpeg decoder.

Signed-off-by: Aman Gupta <aman@tmm1.net>
(cherry picked from commit bcff983dc340e76518935111146c0e1daf4cb37b)

17 months agoavcodec/videotoolbox: improve logging of decoder errors
Aman Gupta [Sat, 5 May 2018 01:24:31 +0000 (18:24 -0700)]
avcodec/videotoolbox: improve logging of decoder errors

Signed-off-by: Aman Gupta <aman@tmm1.net>
(cherry picked from commit 84e03db9a334611d261cb09c534a56bf57a49cd9)

17 months agoavcodec/xwddec: fix palette alpha
Marton Balint [Sun, 6 May 2018 16:18:19 +0000 (18:18 +0200)]
avcodec/xwddec: fix palette alpha

Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit 50d6b7bd830eddd403c50f1be3e57f1b4a98ed69)

17 months agoavformat/webm_chunk: always use a static buffer for get_chunk_filename
Marton Balint [Sun, 13 May 2018 20:14:22 +0000 (22:14 +0200)]
avformat/webm_chunk: always use a static buffer for get_chunk_filename

My conversation from AVFormatContext->filename to AVFormatContext->url was
wrong in this case because get_chunk_filename uses filename as an output
buffer, and not as an input buffer.

Fixes ticket #7188.

Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit 2dbe936bf7f9e0fe7e8f05e5c3b78fb1afbff164)

17 months agoconfigure: fix configure check for lilv-0
Niklas Haas [Sun, 13 May 2018 15:07:48 +0000 (17:07 +0200)]
configure: fix configure check for lilv-0

This should be included as `<lilv/lilv.h>`, same as is done in af_lv2.c.
Forcing the extra lilv-0 breaks platforms where the include dir is
`/usr/include/lilv/lilv.h` rather than
`/usr/include/lilv-0/lilv/lilv.h`.

The new include path works for both, because the `pkg-config --cflags`
includes `-I/usr/include/lilv-0`.

(cherry picked from commit 32234e03a792e3ceca58359d6f2b7244ceb6b77f)

17 months agoavcodec/nvdec_hevc: fix scaling lists
Philip Langdale [Thu, 10 May 2018 01:48:59 +0000 (18:48 -0700)]
avcodec/nvdec_hevc: fix scaling lists

The main issue here was the use of [i] instead of [i * 3] for the 32x32
matrix. As part of fixing this, I changed the code to match that used
in vdpau_hevc, which I spent a lot of time verifying.

I also changed to calculating NumPocTotalCurr using the existing helper,
which is what vdpau does.

Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
(cherry picked from commit 1261003700322789d62a892e3325f8b58349d051)

17 months agoavcodec/hevcdec: make ff_hevc_frame_nb_refs take a const pointer
Timo Rothenpieler [Thu, 10 May 2018 10:22:34 +0000 (12:22 +0200)]
avcodec/hevcdec: make ff_hevc_frame_nb_refs take a const pointer

(cherry picked from commit 46c1ee19171c4704ad7dec65b1c716a727238486)

17 months agolavf/bluray: translate a read of 0 to EOF
Jan Ekström [Sun, 6 May 2018 14:15:52 +0000 (17:15 +0300)]
lavf/bluray: translate a read of 0 to EOF

Yet another case of forgotten 0 =! EOF translation. The libbluray
documentation specifically mentions that a read of 0 is EOF.

Reported by Fyr on IRC.

(cherry picked from commit b995ec078f42bac95eda18fbd1b4387477b55d0d)

17 months agolavf/dashenc: don't call flush_init_segment before avformat_write_header
Rodger Combs [Fri, 27 Apr 2018 00:51:35 +0000 (03:51 +0300)]
lavf/dashenc: don't call flush_init_segment before avformat_write_header

Fixes crash when muxing MKV-in-DASH

17 months agoavdevice/decklink_dec: unref packets on avpacket_queue_put error
Marton Balint [Sun, 22 Apr 2018 21:09:05 +0000 (23:09 +0200)]
avdevice/decklink_dec: unref packets on avpacket_queue_put error

Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit 649087fa83a50e04a4ddd7f2f5f740a18ac28902)

17 months agoavcodec/hnm4video: fix palette alpha
Marton Balint [Mon, 23 Apr 2018 18:46:49 +0000 (20:46 +0200)]
avcodec/hnm4video: fix palette alpha

Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit 4c501bafc08c0260c299074d119b85ba39ab334a)

17 months agoavcodec/anm: fix palette alpha
Marton Balint [Mon, 23 Apr 2018 18:46:25 +0000 (20:46 +0200)]
avcodec/anm: fix palette alpha

Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit e894d958fce6f47cbe1e4a5e3f2c74af47057125)

17 months agoavformat/qtpalette: parse color table according to the QuickTime file format specs
Marton Balint [Thu, 19 Apr 2018 18:11:02 +0000 (20:11 +0200)]
avformat/qtpalette: parse color table according to the QuickTime file format specs

The specs says that the the first color component in the color array is
not alpha, but simply 0.

Fixes 0 alpha of fate-suite/cvid/catfight-cvid-pal8-partial.mov

Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit c60a824ee87ae3b15ed1cb92b780bec9b642b019)

17 months agoffplay: Fix realloc_texture when input texture is NULL.
Matt Oliver [Tue, 10 Apr 2018 13:01:18 +0000 (23:01 +1000)]
ffplay: Fix realloc_texture when input texture is NULL.

SDL_QueryTexture and SDL_DestroyTexture require that the input texture
pointer be non-null. Debug builds of SDL will correctly check for this
and break program execution. This patch fixes this by checking the
status of the texture pointer.

Signed-off-by: Matt Oliver <protogonoi@gmail.com>
(cherry picked from commit 6be690685a8876a61f87b2b8bf30547e09030a96)

17 months agohwcontext_vaapi: Fix compilation with libva versions < 1.4.0
Mark Thompson [Fri, 27 Apr 2018 12:41:56 +0000 (13:41 +0100)]
hwcontext_vaapi: Fix compilation with libva versions < 1.4.0

The BufferHandle API was added in libva 1.4.0 / VAAPI 0.36.0.

(cherry picked from commit 92a0a6bea9dc3087fa8d232b750db1dd0d70b157)

17 months agolavf/qsv: clone the frame which may be managed by framework
Ruiling Song [Tue, 3 Apr 2018 01:50:20 +0000 (09:50 +0800)]
lavf/qsv: clone the frame which may be managed by framework

For filters based on framesync, the input frame was managed
by framesync, so we should not directly keep and destroy it,
instead we make a clone of it here, or else double-free will occur.
But for other filters not based on framesync, we still need to
free the input frame inside filter_frame.

Signed-off-by: Ruiling Song <ruiling.song@intel.com>
(cherry picked from commit d865783b6c8d4f96f5094ed72eff0f5a4a4908af)

17 months agolavf: make overlay_qsv work based on framesync
Ruiling Song [Tue, 3 Apr 2018 01:50:19 +0000 (09:50 +0800)]
lavf: make overlay_qsv work based on framesync

The existing version which was cherry-picked from Libav does not work
with FFmpeg framework, because ff_request_frame() was totally
different between Libav (recursive) and FFmpeg (non-recursive).
The existing overlay_qsv implementation depends on the recursive version
of ff_request_frame to trigger immediate call to request_frame() on input pad.
But this has been removed in FFmpeg since "lavfi: make request_frame() non-recursive."
Now that we have handy framesync support in FFmpeg, so I make it work
based on framesync. Some other fixing which is also needed to make
overlay_qsv work are put in a separate patch.

Signed-off-by: Ruiling Song <ruiling.song@intel.com>
(cherry picked from commit f3341a0452419c57faf4d28aebb24be5d41312f3)

17 months agoavformat/segafilm - revert keyframe detection
Gyan Doshi [Sat, 21 Apr 2018 07:14:12 +0000 (12:44 +0530)]
avformat/segafilm - revert keyframe detection

Keyframe detection was inverted in cfe1a9d311 in order to fix keyframe
flags set for the sample attached to trac #7091. However, that sample is
errantly muxed.

As noted at
https://web.archive.org/web/20020803104640/http://www.pcisys.net:80/~melanson/codecs/film-format.txt,
the original keyframe detection logic is correct, and this patch
restores it.

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 9f9f56e6791f6c44ac8e4b97a8da5816ed542332)

17 months agoavformat/utils: refactor upstream_stream_timings
Aman Gupta [Thu, 19 Apr 2018 23:50:43 +0000 (16:50 -0700)]
avformat/utils: refactor upstream_stream_timings

Signed-off-by: Aman Gupta <aman@tmm1.net>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7b8daa771cbdafa6775e476c65afa659cc1afaac)

17 months agoavformat/utils: ignore outlier durations on subtitle/data streams as well
Aman Gupta [Thu, 19 Apr 2018 20:29:24 +0000 (13:29 -0700)]
avformat/utils: ignore outlier durations on subtitle/data streams as well

Similar to 4c9c4fe8b21, but for durations. This fixes #7151, where
the report duration and bitrate on a mpegts stream is wildly off
due to the dvb_teletext stream's timings.

Signed-off-by: Aman Gupta <aman@tmm1.net>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fd6e89586c01d068fc8d2cea24292bf8ae836f74)

18 months agoChangelog: replace <next> by 4.0 n4.0
Michael Niedermayer [Thu, 19 Apr 2018 23:54:19 +0000 (01:54 +0200)]
Changelog: replace <next> by 4.0

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agolavf/http.c: Free allocated client URLContext in case of error.
Stephan Holljes [Fri, 12 Jan 2018 18:16:29 +0000 (19:16 +0100)]
lavf/http.c: Free allocated client URLContext in case of error.

Signed-off-by: Stephan Holljes <klaxa1337@googlemail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7b6b8c92652d6683d97515352e4a9a4147b7da7c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavdevice/android_camera: Fix AVClass.version
Michael Niedermayer [Thu, 19 Apr 2018 21:44:33 +0000 (23:44 +0200)]
avdevice/android_camera: Fix AVClass.version

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 13b77af2f0b56d6c87bb147947337981c21f4245)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec: Fix AVClass .version
Michael Niedermayer [Thu, 19 Apr 2018 21:44:13 +0000 (23:44 +0200)]
avcodec: Fix AVClass .version

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c0bce367e4932f0fb09195e6978ac1a5a60480a4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/sheervideodata: Fix libavutil include
Michael Niedermayer [Thu, 19 Apr 2018 21:34:11 +0000 (23:34 +0200)]
avcodec/sheervideodata: Fix libavutil include

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3dfe3436ac78607d7baf6f1f7f48691343d9d929)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/sbc: Fix non static function prefix
Michael Niedermayer [Thu, 19 Apr 2018 21:32:07 +0000 (23:32 +0200)]
avcodec/sbc: Fix non static function prefix

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9f1b99e7d076c9de1fefe971f1c70c96ebcf071b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>