ffmpeg.git
21 months agoChangelog: Update for the last 3 commits n3.4.1
Michael Niedermayer [Sun, 10 Dec 2017 20:20:05 +0000 (21:20 +0100)]
Changelog: Update for the last 3 commits

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavcodec/vp9_superframe_split_bsf: Fix integer overflow in frame_size/total_size checks
Michael Niedermayer [Wed, 6 Dec 2017 21:42:05 +0000 (22:42 +0100)]
avcodec/vp9_superframe_split_bsf: Fix integer overflow in frame_size/total_size checks

Fixes: signed integer overflow: -1698586465 + -551542752 cannot be represented in type 'int'
Fixes: 4490/clusterfuzz-testcase-minimized-5210014592532480

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit eaff5fcb7cde8d1614755269773d471d3a3d1bfc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavcodec/amrwbdec: Fix division by 0 in voice_factor()
Michael Niedermayer [Thu, 7 Dec 2017 14:32:54 +0000 (15:32 +0100)]
avcodec/amrwbdec: Fix division by 0 in voice_factor()

The added value matches "Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); LTE; Extended Adaptive Multi-Rate - Wideband (AMR-WB+) codec; Floating-point ANSI-C code (3GPP TS 26.304 version 14.0.0 Release 14)
Extended Adaptive Multi-Rate - Wideband (AMR-WB+) codec; Floating-point ANSI-C code"

Fixes: runtime error: division by zero
Fixes: 4415/clusterfuzz-testcase-minimized-4677752314658816

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1d0817d56b66797118880358ea7d7a2acfdca429)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavformat/utils: Fix warning: ISO C90 forbids mixed declarations and code
Michael Niedermayer [Fri, 8 Dec 2017 09:59:05 +0000 (10:59 +0100)]
avformat/utils: Fix warning: ISO C90 forbids mixed declarations and code

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavcodec/decode: reset codec on receiving packet after EOF in compat_decode
James Cowgill [Thu, 9 Nov 2017 12:21:23 +0000 (12:21 +0000)]
avcodec/decode: reset codec on receiving packet after EOF in compat_decode

In commit 061a0c14bb57 ("decode: restructure the core decoding code"), the
deprecated avcodec_decode_* APIs were reworked so that they called into the
new avcodec_send_packet / avcodec_receive_frame API. This had the side effect
of prohibiting sending new packets containing data after a drain
packet, but in previous versions of FFmpeg this "worked" and some
applications relied on it.

To restore some compatibility, reset the codec if we receive a new non-drain
packet using the old API after draining has completed. While this does
not give the same behaviour as the old API did, in the majority of cases
it works and it does not require changes to any other part of the decoding
code.

Fixes ticket #6775
Signed-off-by: James Cowgill <jcowgill@debian.org>
Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit 02ba4b91b5616ecbebee5c9565e1be7af2a6b980)

21 months agoUpdate for 3.4.1
Michael Niedermayer [Fri, 8 Dec 2017 09:22:30 +0000 (10:22 +0100)]
Update for 3.4.1

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavcodec/diracdsp: Fix integer overflow in PUT_SIGNED_RECT_CLAMPED()
Michael Niedermayer [Sat, 2 Dec 2017 20:53:22 +0000 (21:53 +0100)]
avcodec/diracdsp: Fix integer overflow in PUT_SIGNED_RECT_CLAMPED()

Fixes: runtime error: signed integer overflow: 2147483646 + 2048 cannot be represented in type 'int'
Fixes: 4479/clusterfuzz-testcase-minimized-6529894147162112

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 610dd74502a58e8bb0f1d8fcbc7015f86b78d70e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavcodec/dirac_dwt: Fix integer overflows in COMPOSE_DAUB97*
Michael Niedermayer [Sat, 2 Dec 2017 20:48:04 +0000 (21:48 +0100)]
avcodec/dirac_dwt: Fix integer overflows in COMPOSE_DAUB97*

Fixes: 4478/clusterfuzz-testcase-minimized-4752113767809024
Fixes: runtime error: signed integer overflow: -2147483626 + -319489 cannot be represented in type 'int'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5e9a13a5a33bf7566591216e335f2529612100bb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavcodec/extract_extradata_bsf: Fix leak discovered via fuzzing
Nikolas Bowe [Tue, 5 Dec 2017 23:11:26 +0000 (15:11 -0800)]
avcodec/extract_extradata_bsf: Fix leak discovered via fuzzing

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5a412a5c3cc216ae1d15e6b884bda7214b73a5b0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavcodec/vorbis: Fix another 1 << 31 > int32_t::max() with 1u.
Dale Curtis [Thu, 30 Nov 2017 20:20:36 +0000 (12:20 -0800)]
avcodec/vorbis: Fix another 1 << 31 > int32_t::max() with 1u.

Didn't notice this one when 9648cc6d was landed.

Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 95bacb521af8cd28f146f045437c9f75717a493a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavcodec/vorbis: 1 << 31 > int32_t::max(), so use 1u << 31 instead.
Dale Curtis [Wed, 22 Nov 2017 18:58:39 +0000 (10:58 -0800)]
avcodec/vorbis: 1 << 31 > int32_t::max(), so use 1u << 31 instead.

Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9648cc6d7fdbb0a260bed1e3e23300569cff9579)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavformat/utils: Prevent undefined shift with wrap_bits > 64.
Dale Curtis [Fri, 17 Nov 2017 21:35:56 +0000 (13:35 -0800)]
avformat/utils: Prevent undefined shift with wrap_bits > 64.

2LL << (wrap_bits=64 - 1) does not fit in int64_t; change the
code to use a uint64_t (2ULL) and add an av_assert2() to
ensure wrap_bits <= 64.

Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 03fbc0daa7e37af024f8b017a28105c32bbe25ca)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavcodec/j2kenc: Fix out of array access in encode_cblk()
Michael Niedermayer [Thu, 30 Nov 2017 22:42:04 +0000 (23:42 +0100)]
avcodec/j2kenc: Fix out of array access in encode_cblk()

Fixes: 4427/clusterfuzz-testcase-minimized-5106919271301120

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0674087004538599797688785f6ac82358abc23b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavcodec/hevcdsp_template: Fix undefined shift in put_hevc_epel_bi_w_h()
Michael Niedermayer [Thu, 30 Nov 2017 20:27:37 +0000 (21:27 +0100)]
avcodec/hevcdsp_template: Fix undefined shift in put_hevc_epel_bi_w_h()

Fixes: runtime error: left shift of negative value -127
Fixes: 4397/clusterfuzz-testcase-minimized-4779061080489984

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0409d333115e623b5ccdbb364d64ca2a52fd8467)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agolavf/mov: fix huge alloc in mov_read_ctts
John Stebbins [Sun, 26 Nov 2017 15:32:30 +0000 (07:32 -0800)]
lavf/mov: fix huge alloc in mov_read_ctts

An invalid file may cause huge alloc.  Delay expansion of ctts entries
until the number of samples is known in mov_build_index.

Fixes: 23

Found-by: zhao dongzhuo, AD-lab of Venustech
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2d015d3bf9fed59c65a3819a35fedbb8b7dde623)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavcodec/mlpdsp: Fix signed integer overflow, 2nd try
Michael Niedermayer [Mon, 20 Nov 2017 17:45:45 +0000 (18:45 +0100)]
avcodec/mlpdsp: Fix signed integer overflow, 2nd try

The outputted bits should match what is used in the lossless check

Fixes: runtime error: signed integer overflow: -538697856 * 256 cannot be represented in type 'int'
Fixes: 4326/clusterfuzz-testcase-minimized-5689449645080576

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 97c00edaa043043c29d985653e7e1687b56dfa23)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavcodec/h264idct_template: Fix integer overflow in ff_h264_idct8_add
Michael Niedermayer [Mon, 20 Nov 2017 02:08:20 +0000 (03:08 +0100)]
avcodec/h264idct_template: Fix integer overflow in ff_h264_idct8_add

Fixes: signed integer overflow: 452986184 - -2113885312 cannot be represented in type 'int'
Fixes: 4196/clusterfuzz-testcase-minimized-5580648594014208

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9cc926da7d9920d17b76584e7212309ab5c02387)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavcodec/kgv1dec: Check that there is enough input for maximum RLE compression
Michael Niedermayer [Wed, 22 Nov 2017 19:14:54 +0000 (20:14 +0100)]
avcodec/kgv1dec: Check that there is enough input for maximum RLE compression

Fixes: Timeout
Fixes: 4271/clusterfuzz-testcase-4676667768307712

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3aad94bf2b140cfba8ae69d018da05d4948ef37f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavformat/aacdec: Fix leak in adts_aac_read_packet()
Michael Niedermayer [Sat, 25 Nov 2017 18:22:51 +0000 (19:22 +0100)]
avformat/aacdec: Fix leak in adts_aac_read_packet()

Fixes: chromium-773637/clusterfuzz-testcase-minimized-6418078673141760

Found-by: ossfuzz/chromium
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2779d33ed99898675e0b3884fabe1ce6839f36d1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavcodec/dirac_dwt: Fix integer overflow in COMPOSE_FIDELITYi*
Michael Niedermayer [Sat, 25 Nov 2017 02:15:16 +0000 (03:15 +0100)]
avcodec/dirac_dwt: Fix integer overflow in COMPOSE_FIDELITYi*

Fixes: runtime error: signed integer overflow: -2143827186 - 7404944 cannot be represented in type 'int'
Fixes: 4354/clusterfuzz-testcase-minimized-4671122764201984

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2b6964f764382742bb052a1ee3b7167cac35332f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavcodec/sbrdsp_fixed: Fix integer overflow
Michael Niedermayer [Wed, 22 Nov 2017 19:18:40 +0000 (20:18 +0100)]
avcodec/sbrdsp_fixed: Fix integer overflow

Fixes: signed integer overflow: 2147483598 + 64 cannot be represented in type 'int'
Fixes: 4337/clusterfuzz-testcase-minimized-6192658616680448

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 12a511f2c265d6319b7fdc332a6aa8aca1535309)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavcodec/mpeg4videodec: Check also for negative versions in the validity check
Michael Niedermayer [Tue, 21 Nov 2017 02:15:53 +0000 (03:15 +0100)]
avcodec/mpeg4videodec: Check also for negative versions in the validity check

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0e7865ce4152f8b04cda6a698bbee4fd4a94009d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoClose ogg stream upon error when using AV_EF_EXPLODE.
Dale Curtis [Mon, 20 Nov 2017 20:07:57 +0000 (12:07 -0800)]
Close ogg stream upon error when using AV_EF_EXPLODE.

Without this there can be multiple memory leaks for unrecognized
ogg streams.

Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bce8fc0754c4b31f574a4372c6d7996ed29f7c2a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoFix undefined shift on assumed 8-bit input.
Dale Curtis [Sat, 18 Nov 2017 00:05:30 +0000 (16:05 -0800)]
Fix undefined shift on assumed 8-bit input.

decode_user_data() attempts to create an integer |build|
value with 8 bits of spacing for 3 components. However
each component is an int32_t, so shifting each component
is undefined for values outside of the 8 bit range.

This patch simply clamps input to 8-bits per component
and prints out a warning that the values were clamped.

Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7010dd98b575d2e39fca947e609b85be7490b269)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoUse ff_thread_once for fixed, float table init.
Dale Curtis [Fri, 17 Nov 2017 22:51:09 +0000 (14:51 -0800)]
Use ff_thread_once for fixed, float table init.

These tables are static so they should only be initialized once
instead of on every call to ff_mpadsp_init().

Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5eaaffaf64d1854493f0fe9ec822eed1b3cd9fe1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoFix leak of frame_duration_buffer in mov_fix_index().
Dale Curtis [Fri, 17 Nov 2017 22:53:25 +0000 (14:53 -0800)]
Fix leak of frame_duration_buffer in mov_fix_index().

Should be unconditionally freed at the end of mov_fix_index() in
case it hasn't been used during the fix up.

Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Reviewed-by: Sasi Inguva <isasi-at-google.com@ffmpeg.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d073be2291e40129d107ca4573097d6d6d2dbf68)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavformat/mov: Propagate errors in mov_switch_root.
Jacob Trimble [Mon, 20 Nov 2017 20:05:02 +0000 (12:05 -0800)]
avformat/mov: Propagate errors in mov_switch_root.

Signed-off-by: Jacob Trimble <modmaker@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2d9cf3bf16b94cd9db10dabad695c69c5cff4f58)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavcodec/hevcdsp_template: Fix invalid shift in put_hevc_epel_bi_w_v()
Michael Niedermayer [Fri, 17 Nov 2017 21:01:29 +0000 (22:01 +0100)]
avcodec/hevcdsp_template: Fix invalid shift in put_hevc_epel_bi_w_v()

Fixes: runtime error: left shift of negative value -255
Fixes: 4037/clusterfuzz-testcase-minimized-5290998163832832

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7d88586e4728e97349f98e07ff782bb168ab96c3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavcodec/mlpdsp: Fix undefined shift ff_mlp_pack_output()
Michael Niedermayer [Wed, 15 Nov 2017 02:38:37 +0000 (03:38 +0100)]
avcodec/mlpdsp: Fix undefined shift ff_mlp_pack_output()

Fixes: runtime error: left shift of negative value -7862264
Fixes: 4074/clusterfuzz-testcase-minimized-4516104123711488

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4f7f70738e8dd77a698a5e28bba552ea7064af21)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavcodec/zmbv: Check that the buffer is large enough for mvec
Michael Niedermayer [Wed, 15 Nov 2017 16:11:12 +0000 (17:11 +0100)]
avcodec/zmbv: Check that the buffer is large enough for mvec

Fixes: Timeout
Fixes: 4143/clusterfuzz-testcase-4736864637419520

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2ab9568a2c3349039eec29fb960fe39de354b514)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavcodec/dirac_dwt: Fix integer overflow in COMPOSE_DD137iL0()
Michael Niedermayer [Tue, 14 Nov 2017 02:40:07 +0000 (03:40 +0100)]
avcodec/dirac_dwt: Fix integer overflow in COMPOSE_DD137iL0()

Fixes: 4035/clusterfuzz-testcase-minimized-6479308925173760
Fixes: runtime error: signed integer overflow: 9 * 402653183 cannot be represented in type 'int'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 73964680d7bce6d81ddc553a24d73e9a1c9156f9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavcodec/wmv2dec: Check end of bitstream in parse_mb_skip() and ff_wmv2_decode_mb()
Michael Niedermayer [Sat, 16 Sep 2017 23:28:07 +0000 (01:28 +0200)]
avcodec/wmv2dec: Check end of bitstream in parse_mb_skip() and ff_wmv2_decode_mb()

Fixes: Timeout
Fixes: 3200/clusterfuzz-testcase-5750022136135680

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 65e0a7c473f23f1833538ffecf53c81fe500b5e4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavcodec/snowdec: Check for remaining bitstream in decode_blocks()
Michael Niedermayer [Wed, 15 Nov 2017 20:17:16 +0000 (21:17 +0100)]
avcodec/snowdec: Check for remaining bitstream in decode_blocks()

Fixes: Timeout
Fixes: 3142/clusterfuzz-testcase-5007853163118592

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4527ec2216109867498edc3ac8a17fd879b5d017)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavcodec/snowdec: Check intra block dc differences.
Michael Niedermayer [Wed, 15 Nov 2017 20:17:15 +0000 (21:17 +0100)]
avcodec/snowdec: Check intra block dc differences.

Fixes: Timeout
Fixes: 3142/clusterfuzz-testcase-5007853163118592

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c3b9bbcc6edf2d83fe4857484cfa0839872188c6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavformat/mov: Check size of STSC allocation
Fredrik Hubinette [Thu, 16 Nov 2017 01:24:30 +0000 (17:24 -0800)]
avformat/mov: Check size of STSC allocation

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a6fdd75fe6440d2f4150cb456a9078aa68b00fdb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavcodec/vc2enc: Clear coef_buf on allocation
Michael Niedermayer [Wed, 15 Nov 2017 15:53:34 +0000 (16:53 +0100)]
avcodec/vc2enc: Clear coef_buf on allocation

Fixes: Use of uninitialized memory
Fixes: assertion failure

Reviewed-by: <atomnuker>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6d00905f8134a2932e5c00dd1ec8b2a1f0a38035)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavcodec/h264dec: Fix potential array overread
Michael Niedermayer [Sat, 21 Oct 2017 16:04:44 +0000 (18:04 +0200)]
avcodec/h264dec: Fix potential array overread

add padding before scantable arrays

See: 522d850e68ec4b77d3477b3c8f55b1ba00a9d69a

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 380b48fb9fdc7b0c40d67e026f9b3accb12794eb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavcodec/x86/mpegvideodsp: Fix signedness bug in need_emu
Michael Niedermayer [Mon, 13 Nov 2017 19:47:48 +0000 (20:47 +0100)]
avcodec/x86/mpegvideodsp: Fix signedness bug in need_emu

Fixes: out of array read
Fixes: 3516/attachment-311488.dat

Found-by: Insu Yun, Georgia Tech.
Tested-by: wuninsu@gmail.com
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 58cf31cee7a456057f337b3102a03206d833d5e8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavcodec/aacpsdsp_template: Fix integer overflows in ps_decorrelate_c()
Michael Niedermayer [Sun, 5 Nov 2017 20:20:08 +0000 (21:20 +0100)]
avcodec/aacpsdsp_template: Fix integer overflows in ps_decorrelate_c()

Fixes: runtime error: signed integer overflow: 1939661764 - -454942263 cannot be represented in type 'int'
Fixes: 3191/clusterfuzz-testcase-minimized-5688798451073024

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2afe05402f05d485f0c356b04dc562f0510d317d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavcodec/aacdec_fixed: Fix undefined shift
Michael Niedermayer [Sun, 5 Nov 2017 20:20:07 +0000 (21:20 +0100)]
avcodec/aacdec_fixed: Fix undefined shift

Fixes: runtime error: left shift of negative value -801112064
Fixes: 3492/clusterfuzz-testcase-minimized-5784775283441664

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fca198fb5bf42ba6b765b3f75b11738e4b4fc2a9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavcodec/mdct_*: Fix integer overflow in addition in RESCALE()
Michael Niedermayer [Sun, 5 Nov 2017 20:20:06 +0000 (21:20 +0100)]
avcodec/mdct_*: Fix integer overflow in addition in RESCALE()

Fixes: runtime error: signed integer overflow: 1219998458 - -1469874012 cannot be represented in type 'int'
Fixes: 3443/clusterfuzz-testcase-minimized-5369987105554432

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 770c934fa1635f4fadf5db4fc5cc5ad15d82455a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavcodec/snowdec: Fix integer overflow in header parsing
Michael Niedermayer [Sun, 5 Nov 2017 20:20:05 +0000 (21:20 +0100)]
avcodec/snowdec: Fix integer overflow in header parsing

Fixes: 3984/clusterfuzz-testcase-minimized-5265759929368576
Fixes: runtime error: signed integer overflow: -1085585801 + -1094995529 cannot be represented in type 'int'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c897a9285846b6a072b9650976afd4f091b7a71f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavcodec/cngdec: Fix integer clipping
Michael Niedermayer [Thu, 2 Nov 2017 17:34:09 +0000 (18:34 +0100)]
avcodec/cngdec: Fix integer clipping

Fixes: runtime error: value -36211.7 is outside the range of representable values of type 'short'
Fixes: 2992/clusterfuzz-testcase-6649611793989632

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 51090133b31bc719ea868db15d3ee38e9dbe90f1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavcodec/sbrdsp_fixed: Fix integer overflow in shift in sbr_hf_g_filt_c()
Michael Niedermayer [Wed, 1 Nov 2017 13:00:20 +0000 (14:00 +0100)]
avcodec/sbrdsp_fixed: Fix integer overflow in shift in sbr_hf_g_filt_c()

Fixes: runtime error: shift exponent 66 is too large for 64-bit type 'long long'
Fixes: 3642/clusterfuzz-testcase-minimized-5443853801750528

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 981e99ab99986935affad7c164ebdfe28e8ea7f8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavcodec/aacsbr_fixed: Fix division by zero in sbr_gain_calc()
Michael Niedermayer [Wed, 1 Nov 2017 13:00:19 +0000 (14:00 +0100)]
avcodec/aacsbr_fixed: Fix division by zero in sbr_gain_calc()

Fixes: 3642/clusterfuzz-testcase-minimized-5443853801750528

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7d1dec466895eed12f2c79b7ab5447f5390fe869)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavutil/softfloat: Add FLOAT_MIN
Michael Niedermayer [Wed, 1 Nov 2017 13:00:18 +0000 (14:00 +0100)]
avutil/softfloat: Add FLOAT_MIN

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e34fe61bf45331d2e6d2840604f799fa4b55c843)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavcodec/h264idct_template: Fix integer overflows in ff_h264_idct8_add()
Michael Niedermayer [Sat, 4 Nov 2017 00:19:20 +0000 (01:19 +0100)]
avcodec/h264idct_template: Fix integer overflows in ff_h264_idct8_add()

Fixes: runtime error: signed integer overflow: -503316480 + -2013265038 cannot be represented in type 'int'
Fixes: 3805/clusterfuzz-testcase-minimized-6578427831255040

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e131b8cedb00043dcc97cc05ca04749ec8ff57de)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavcodec/xan: Check for bitstream end in xan_huffman_decode()
Michael Niedermayer [Fri, 3 Nov 2017 16:48:29 +0000 (17:48 +0100)]
avcodec/xan: Check for bitstream end in xan_huffman_decode()

Fixes: Timeout
Fixes: 3707/clusterfuzz-testcase-6465922706440192

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4b51437dccd62fc5491280db44e3c21b44aeeb3f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavcodec/exr: fix undefined shift in pxr24_uncompress()
Michael Niedermayer [Sat, 4 Nov 2017 00:19:19 +0000 (01:19 +0100)]
avcodec/exr: fix undefined shift in pxr24_uncompress()

Fixes: runtime error: left shift of 255 by 24 places cannot be represented in type 'int'
Fixes: 3787/clusterfuzz-testcase-minimized-5728764920070144

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 66f0c958bfd5475658b432d1af4d2e174b2dfcda)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavformat: Free the internal codec context at the end
Luca Barbato [Tue, 11 Apr 2017 23:46:30 +0000 (01:46 +0200)]
avformat: Free the internal codec context at the end

Avoid a use after free in avformat_find_stream_info.

(cherry picked from commit 9e4a5eb51b9f3b2bff0ef08e0074b7fe4893075d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavcodec/h264idct_template: Fix integer overflows in ff_h264_idct8_add()
Michael Niedermayer [Mon, 30 Oct 2017 22:21:41 +0000 (23:21 +0100)]
avcodec/h264idct_template: Fix integer overflows in ff_h264_idct8_add()

Fixes: runtime error: signed integer overflow: 924846844 + 1457520640 cannot be represented in type 'int'
Fixes: 3416/clusterfuzz-testcase-minimized-6125587682820096

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2b739e1cb8f6ce8baead03ce5c999103ba78f24f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavcodec/xan: Improve overlapping check
Michael Niedermayer [Mon, 30 Oct 2017 22:21:40 +0000 (23:21 +0100)]
avcodec/xan: Improve overlapping check

Fixes: memcpy-param-overlap
Fixes: 3612/clusterfuzz-testcase-minimized-6393461273001984

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e8fafef1db43ead4eae5a6301ccc300e73aa47da)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavcodec/aacdec_fixed: Fix integer overflow in apply_dependent_coupling_fixed()
Michael Niedermayer [Fri, 27 Oct 2017 00:23:21 +0000 (02:23 +0200)]
avcodec/aacdec_fixed: Fix integer overflow in apply_dependent_coupling_fixed()

Fixes: runtime error: signed integer overflow: 623487 * 536870912 cannot be represented in type 'int'
Fixes: 3594/clusterfuzz-testcase-minimized-4650622935629824

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 41d96af2a74cb5df50346b160067facd43149667)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavcodec/aacdec_fixed: Fix integer overflow in predict()
Michael Niedermayer [Fri, 27 Oct 2017 00:23:20 +0000 (02:23 +0200)]
avcodec/aacdec_fixed: Fix integer overflow in predict()

Fixes: runtime error: signed integer overflow: -2110708110 + -82837504 cannot be represented in type 'int'
Fixes: 3547/clusterfuzz-testcase-minimized-6009386439802880

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0976752420706c0a8b3cb8fd61497a47c7d7270f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavcodec/jpeglsdec: Check for end of bitstream in ls_decode_line()
Michael Niedermayer [Wed, 25 Oct 2017 22:02:57 +0000 (00:02 +0200)]
avcodec/jpeglsdec: Check for end of bitstream in ls_decode_line()

Fixes: 1773/clusterfuzz-testcase-minimized-4832523987189760

Fixes: Timeout

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f80224ed19a4c012549fd460d529c7c04e68cf21)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavcodec/jpeglsdec: Check ilv for being a supported value
Michael Niedermayer [Wed, 25 Oct 2017 22:02:56 +0000 (00:02 +0200)]
avcodec/jpeglsdec: Check ilv for being a supported value

Fixes: 1773/clusterfuzz-testcase-minimized-4832523987189760

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fe533628b9604e2f8e5179d5c5dd17c3cb764265)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agotests/ffserver.regression.ref: update checksums to what ffserver currently produces
Michael Niedermayer [Sun, 22 Oct 2017 15:11:21 +0000 (17:11 +0200)]
tests/ffserver.regression.ref: update checksums to what ffserver currently produces

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 431eccd61e155190a7762314938799076cffeb67)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoffserver: Fix off by 1 error in path
Michael Niedermayer [Sun, 22 Oct 2017 15:11:20 +0000 (17:11 +0200)]
ffserver: Fix off by 1 error in path

Code suggested by ubitux

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 617f0c65e1bac8983a5b6521818c1b9b57f0804b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
21 months agoavcodec/proresdec: align dequantization matrix buffers
James Almer [Thu, 16 Nov 2017 00:13:07 +0000 (21:13 -0300)]
avcodec/proresdec: align dequantization matrix buffers

Should fix ticket #6838

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit f399172d6e842fbdd05c599cdbbb1668c8c354be)

21 months agoavformat/matroskaenc: add missing allocation failure checks for stream durations
James Almer [Tue, 28 Nov 2017 04:23:23 +0000 (01:23 -0300)]
avformat/matroskaenc: add missing allocation failure checks for stream durations

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 5f67073b4cb12abf21ed840948b271903d61bf3b)

21 months agoavformat/matroskaenc: actually enforce the stream limit
James Almer [Mon, 27 Nov 2017 16:39:42 +0000 (13:39 -0300)]
avformat/matroskaenc: actually enforce the stream limit

Prevents out of array accesses. Adressess ticket #6873

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 9d464dc3fccb53f1e7c83e3453084c1a7fb90503)

21 months agoconfigure: Fix dependencies of aac_at decoder.
Jacob Trimble [Thu, 30 Nov 2017 22:58:59 +0000 (14:58 -0800)]
configure: Fix dependencies of aac_at decoder.

Signed-off-by: Jacob Trimble <modmaker@google.com>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 83ecdc9a920d7f0b69d1a25d63757adb887a1f25)

21 months agoDon't manipulate duration when it's AV_NOPTS_VALUE.
Dale Curtis [Tue, 28 Nov 2017 22:26:55 +0000 (14:26 -0800)]
Don't manipulate duration when it's AV_NOPTS_VALUE.

This leads to signed integer overflow.

Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit c5fd57f483d2ad8e34551b78509f1e14136f73c0)

22 months agolavfi/af_pan: fix sign handling in channel coefficient parser
Michael Roitzsch [Sat, 18 Nov 2017 12:33:08 +0000 (13:33 +0100)]
lavfi/af_pan: fix sign handling in channel coefficient parser

When a channel formula ends with a subtraction, the next formula will
otherwise have its first coefficient negated.

(cherry picked from commit 4f4e19914ddca5096bf7639c7c99a9045e436e8b)

22 months agoavformat/hlsenc: write fmp4 init header after first AV frame
Steven Liu [Tue, 14 Nov 2017 02:31:26 +0000 (10:31 +0800)]
avformat/hlsenc: write fmp4 init header after first AV frame

fix ticket id: 6825

Signed-off-by: Steven Liu <lq@onvideo.cn>
Tested-by: Aman Gupta <aman@tmm1.net>
22 months agoavformat/hlsenc: allocate space for terminating null
Timo Rothenpieler [Mon, 13 Nov 2017 02:44:16 +0000 (10:44 +0800)]
avformat/hlsenc: allocate space for terminating null

Fixes CID #1420394

22 months agoavformat/hlsenc: reindent hlsenc code
Steven Liu [Thu, 2 Nov 2017 14:30:06 +0000 (22:30 +0800)]
avformat/hlsenc: reindent hlsenc code

Signed-off-by: Steven Liu <lq@onvideo.cn>
22 months agoavformat/hlsenc: check hls segment mode for ignore the init filename
Steven Liu [Thu, 2 Nov 2017 14:29:28 +0000 (22:29 +0800)]
avformat/hlsenc: check hls segment mode for ignore the init filename

ignore the fmp4_init_filename when in normal hls segment mode

Signed-off-by: Steven Liu <lq@onvideo.cn>
22 months agoavformat/hlsenc: reindent hlsenc code
Steven Liu [Sun, 29 Oct 2017 04:32:24 +0000 (12:32 +0800)]
avformat/hlsenc: reindent hlsenc code

Signed-off-by: Steven Liu <lq@onvideo.cn>
22 months agoavformat/hlsenc: fix missing first segment bug in fmp4 mode
Steven Liu [Sun, 29 Oct 2017 04:31:49 +0000 (12:31 +0800)]
avformat/hlsenc: fix missing first segment bug in fmp4 mode

fix ticket id: #6776
fix code logic error, need not check first segment.

Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
22 months agoavformat/hlsenc: fix base_output_dirname is null when basename_size is 0 bug
Steven Liu [Sun, 29 Oct 2017 04:30:44 +0000 (12:30 +0800)]
avformat/hlsenc: fix base_output_dirname is null when basename_size is 0 bug

fix ticket id: #6777
when use argument hls_segment_filename, the basename_size will be 0

Signed-off-by: Steven Liu <lq@onvideo.cn>
22 months agoffplay: use SDL2 audio API
Marton Balint [Sat, 4 Nov 2017 18:31:54 +0000 (19:31 +0100)]
ffplay: use SDL2 audio API

It allows us to specify what kind of audio parameter changes are allowed.

Should fix ticket #6721.

Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit d68a557df4937b695a5f6a14877d92647be95aaa)

22 months agoffplay: only use hardware accelerated SDL texture formats
Marton Balint [Sat, 28 Oct 2017 20:46:08 +0000 (22:46 +0200)]
ffplay: only use hardware accelerated SDL texture formats

Typically only a small subset of the SDL texture formats are supported directly
by the SDL renderer drivers, the rest is software emulated. It's better if
libswscale does the format conversion to a hardware-accelerated texture format
instead of SDL.

This should fix video render slowdowns with some texture formats after
3bd2228d05a05eab5f91ac00b01efac9cb07649b.

Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit 415038f2bd321a3b41564d4e0c6c17d7a096c397)

22 months agoffplay: create the window and the renderer before starting playback
Marton Balint [Sat, 28 Oct 2017 20:06:22 +0000 (22:06 +0200)]
ffplay: create the window and the renderer before starting playback

Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit 84d31e2475c41b0a69a11c4cba54755d034bb341)

22 months agoffmpeg: always init output stream before reaping filters
Marton Balint [Tue, 3 Oct 2017 22:43:30 +0000 (00:43 +0200)]
ffmpeg: always init output stream before reaping filters

Otherwise the frame size of the codec is not set in the buffersink.

Fixes ticket #6603 and the following simpler case:

ffmpeg -c aac -filter_complex "sine=d=0.1,asetnsamples=1025" out.aac

Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit f4090940bd3024e69d236257d327f11d1e496229)

22 months agovc2enc_dwt: pad the temporary buffer by the slice size
Rostislav Pehlivanov [Wed, 8 Nov 2017 23:50:04 +0000 (23:50 +0000)]
vc2enc_dwt: pad the temporary buffer by the slice size

Since non-Haar wavelets need to look into pixels outside the frame, we
need to pad the buffer. The old factor of two seemed to be a workaround
that fact and only padded to the left and bottom. This correctly pads
by the slice size and as such reduces memory usage and potential
exploits.
Reported by Liu Bingchang.

Ideally, there should be no temporary buffer but the encoder is designed
to deinterleave the coefficients into the classical wavelet structure
with the lower frequency values in the top left corner.

Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>
(cherry picked from commit 3228ac730c11eca49d5680d5550128e397061c85)

22 months agolavu/arm: Check for have_vfp_vm instead of !have_vfpv3 for float_dsp_vfp
Martin Storsjö [Mon, 23 Oct 2017 07:48:02 +0000 (10:48 +0300)]
lavu/arm: Check for have_vfp_vm instead of !have_vfpv3 for float_dsp_vfp

This was missed in e754c8e8 / e2710e790c0 since those functions
weren't exercised by checkasm.

Fixes ticket #6766.
(cherry picked from commit f1fd12ef858cf7efe843aa3063894a11b2d1e7d5)

23 months agohwcontext_vaapi: Remove use of vaExportSurfaceHandle() n3.4
Mark Thompson [Sun, 15 Oct 2017 11:45:15 +0000 (12:45 +0100)]
hwcontext_vaapi: Remove use of vaExportSurfaceHandle()

It is not present in libva 2.0.

23 months agoUpdate versions for 3.4 release
Michael Niedermayer [Sun, 15 Oct 2017 00:30:15 +0000 (02:30 +0200)]
Update versions for 3.4 release

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
23 months agoavcodec/snowdec: Check mv_scale
Michael Niedermayer [Fri, 13 Oct 2017 01:06:54 +0000 (03:06 +0200)]
avcodec/snowdec: Check mv_scale

Fixes: runtime error: signed integer overflow: 2 * -1094995530 cannot be represented in type 'int'
Fixes: 3512/clusterfuzz-testcase-minimized-4812747210489856

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 393d6fc7395611a38792e3c271b2be42ac45e672)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
23 months agoavcodec/pafvideo: Check for bitstream end in decode_0()
Michael Niedermayer [Fri, 13 Oct 2017 01:06:53 +0000 (03:06 +0200)]
avcodec/pafvideo: Check for bitstream end in decode_0()

Fixes: Timeout
Fixes: 3529/clusterfuzz-testcase-5057068371279872

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9c85329cd02e9284892bf263ce6133b2fc479792)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
23 months agoffmpeg.c: Fallback to duration_dts, when duration_pts can't be determined.
Sasi Inguva [Tue, 10 Oct 2017 17:36:58 +0000 (10:36 -0700)]
ffmpeg.c: Fallback to duration_dts, when duration_pts can't be determined.

This is required for FLV files, for which duration_pts comes out to be zero.

Signed-off-by: Sasi Inguva <isasi@google.com>
Reviewed-by: Thomas Mundt <tmundt75@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2b006ccf8318d84101ed83b75df4c9682a963217)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
23 months agoFix visual glitch with XvMC, caused by wrong idct permutation.
Ivan Kalvachev [Sun, 8 Oct 2017 22:25:00 +0000 (01:25 +0300)]
Fix visual glitch with XvMC, caused by wrong idct permutation.

In the past XvMC forced simple_idct since
it was using FF_IDCT_PERM_NONE.
However now we have SIMD variants of simple_idct that
are using FF_IDCT_PERM_TRANSPOSE and if they are selected
XvMC would get coefficients in the wrong order.

The patch creates new FF_IDCT_NONE that
is used only for this kind of hardware decoding
and that fallbacks to the old C only simple idct.

Signed-off-by: Ivan Kalvachev <ikalvachev@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9054439bad3307dafd9fbadc57e66c276baf22e2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
23 months agoconfigure: force erroring out in check_disable_warning() if an option doesn't exists
James Almer [Fri, 13 Oct 2017 15:34:34 +0000 (12:34 -0300)]
configure: force erroring out in check_disable_warning() if an option doesn't exists

Should prevent some options from being added to cflags when they
don't exist and the compiler only warns about it.

Reviewd-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit ad56e8057d8af0201ed0cb65acc12e5889d4afcc)

23 months agoFix crash if av_vdpau_bind_context() is not used.
Ivan Kalvachev [Sun, 8 Oct 2017 23:40:26 +0000 (02:40 +0300)]
Fix crash if av_vdpau_bind_context() is not used.

The public functions av_alloc_vdpaucontext() and
av_vdpau_alloc_context() are allocating AVVDPAUContext
structure that is supposed to be placed in avctx->hwaccel_context.

However the rest of libavcodec/vdpau.c uses avctx->hwaccel_context
as struct VDPAUHWContext, that is bigger and does contain
AVVDPAUContext as first member.

The usage includes write to the new variables in the bigger stuct,
without checking for block size.

Fix by always allocating the bigger structure.

Signed-off-by: Ivan Kalvachev <ikalvachev@gmail.com>
(cherry picked from commit 3a6ded7cfcb33e06ade98c5791eae06453f65668)

23 months agoconfigure: remove libdl dependency from libndi_newtek
Marton Balint [Tue, 10 Oct 2017 21:30:29 +0000 (23:30 +0200)]
configure: remove libdl dependency from libndi_newtek

We are not using dynamic loading for libndi.

Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit 58143b15adda6391ec07f3eb19e80ed91d801edd)

23 months agoadd release notes based on release 3.3
Michael Niedermayer [Wed, 12 Apr 2017 00:26:45 +0000 (02:26 +0200)]
add release notes based on release 3.3

Name suggestion was from Helmut K. C. Tessarek

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 07e7ebf52de9257fef1398c1dc5edb847b78ab21)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
23 months agoavcodec/rkmppdec: check wether typo
Michael Niedermayer [Wed, 11 Oct 2017 00:15:21 +0000 (02:15 +0200)]
avcodec/rkmppdec: check wether typo

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
23 months agoavcodec/opusenc_psy: Fix mixed declaration and statement
Michael Niedermayer [Wed, 11 Oct 2017 00:13:16 +0000 (02:13 +0200)]
avcodec/opusenc_psy: Fix mixed declaration and statement

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
23 months agodoc/APIchanges: Add 3.4 cut point
Michael Niedermayer [Tue, 10 Oct 2017 23:23:03 +0000 (01:23 +0200)]
doc/APIchanges: Add 3.4 cut point

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
23 months agoBump minor versions for branching 3.4
Michael Niedermayer [Tue, 10 Oct 2017 23:21:12 +0000 (01:21 +0200)]
Bump minor versions for branching 3.4

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
23 months agodoc/APIchanges: Update
Michael Niedermayer [Tue, 10 Oct 2017 22:12:12 +0000 (00:12 +0200)]
doc/APIchanges: Update

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
23 months agoavutil/frame: Fix project name
Michael Niedermayer [Tue, 10 Oct 2017 22:01:10 +0000 (00:01 +0200)]
avutil/frame: Fix project name

Issue introduced in: caa12027baf1180453846c58da08fc87accc0ff6

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
23 months agoavcodec/mips: Improve avc uni copy mc msa functions
Kaustubh Raste [Mon, 9 Oct 2017 12:18:45 +0000 (17:48 +0530)]
avcodec/mips: Improve avc uni copy mc msa functions

Load the specific bytes instead of MSA load.

Signed-off-by: Kaustubh Raste <kaustubh.raste@imgtec.com>
Reviewed-by: Manojkumar Bhosale <Manojkumar.Bhosale@imgtec.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
23 months agoavcodec/mips: Improve hevc uni-w horiz mc msa functions
Kaustubh Raste [Mon, 9 Oct 2017 12:17:34 +0000 (17:47 +0530)]
avcodec/mips: Improve hevc uni-w horiz mc msa functions

Load the specific destination bytes instead of MSA load and pack.
Pack the data to half word before clipping.
Use immediate unsigned saturation for clip to max saving one vector register.

Signed-off-by: Kaustubh Raste <kaustubh.raste@imgtec.com>
Reviewed-by: Manojkumar Bhosale <Manojkumar.Bhosale@imgtec.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
23 months agoavcodec/mips: Improve avc put mc 21, 23 and 02 msa functions
Kaustubh Raste [Mon, 9 Oct 2017 12:11:40 +0000 (17:41 +0530)]
avcodec/mips: Improve avc put mc 21, 23 and 02 msa functions

Remove loops and unroll as block sizes are known.

Signed-off-by: Kaustubh Raste <kaustubh.raste@imgtec.com>
Reviewed-by: Manojkumar Bhosale <Manojkumar.Bhosale@imgtec.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
23 months agoavcodec/mips: Improve avc chroma hv mc msa functions
Kaustubh Raste [Mon, 9 Oct 2017 08:45:37 +0000 (14:15 +0530)]
avcodec/mips: Improve avc chroma hv mc msa functions

Replace generic with block size specific function.

Signed-off-by: Kaustubh Raste <kaustubh.raste@imgtec.com>
Reviewed-by: Manojkumar Bhosale <Manojkumar.Bhosale@imgtec.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
23 months agoavcodec/mips: Improve avc bi-weighted mc msa functions
Kaustubh Raste [Mon, 9 Oct 2017 07:18:39 +0000 (12:48 +0530)]
avcodec/mips: Improve avc bi-weighted mc msa functions

Replace generic with block size specific function.

Signed-off-by: Kaustubh Raste <kaustubh.raste@imgtec.com>
Reviewed-by: Manojkumar Bhosale <Manojkumar.Bhosale@imgtec.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
23 months agoavcodec/mips: preload data in hevc sao edge 135 degree filter msa functions
Kaustubh Raste [Mon, 9 Oct 2017 06:01:20 +0000 (11:31 +0530)]
avcodec/mips: preload data in hevc sao edge 135 degree filter msa functions

Signed-off-by: Kaustubh Raste <kaustubh.raste@imgtec.com>
Reviewed-by: Manojkumar Bhosale <Manojkumar.Bhosale@imgtec.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
23 months agoavcodec/ffv1dec: Fix out of array read in slice counting
Michael Niedermayer [Mon, 9 Oct 2017 09:49:28 +0000 (11:49 +0200)]
avcodec/ffv1dec: Fix out of array read in slice counting

Fixes: test-201710.mp4

Found-by: 连一汉 <lianyihan@360.cn> and Zhibin Hu
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>