summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* MAINTAINERS: add myself to libavfilter/dnnGuo, Yejun2019-12-03
| | | | | Signed-off-by: Guo, Yejun <yejun.guo@intel.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* libavformat/utils: Fix code indentationLinjie Fu2019-12-03
| | | | | | | Introduced since 077939626eeaa0c1364065414c18ab9b3a072281. Signed-off-by: Linjie Fu <linjie.fu@intel.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avfilter/vf_unsharp: Don't dereference NULLAndreas Rheinhardt2019-12-03
| | | | | | | | | | | | | | | | The unsharp filter uses an array of arrays of uint32_t, each of which is separately allocated. These arrays also need to freed separately; but before doing so, one needs to check whether the array of arrays has actually been allocated, otherwise one would dereference a NULL pointer. This fixes #8408. Furthermore, the array of arrays needs to be zero-initialized so that no uninitialized pointer will be freed in case an allocation of one of the individual arrays fails. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* fate/cbs: add svc AV1 testsJames Almer2019-12-02
| | | | Signed-off-by: James Almer <jamrial@gmail.com>
* avcodec/av1_parser: skip frames with spatial_id > 0James Almer2019-12-02
| | | | | | This fixes marking keyframes in svc samples. Signed-off-by: James Almer <jamrial@gmail.com>
* avfilter/buffersrc: remove write-only variableZhao Zhili2019-12-02
|
* fate/cbs: add a decode model AV1 testJames Almer2019-12-01
| | | | Signed-off-by: James Almer <jamrial@gmail.com>
* fate/cbs: add a switch frame AV1 testJames Almer2019-12-01
| | | | Signed-off-by: James Almer <jamrial@gmail.com>
* Revert "avcodec/cbs_av1_syntax_template: Check ref_frame_idx before use"James Almer2019-12-01
| | | | | | | | This reverts commit 8174e5c77d8a94b57b6b1bcbb90728cf8b08ab6b. It's no longer needed after the previous commit. Signed-off-by: James Almer <jamrial@gmail.com>
* avcodec/cbs_av1: implement missing set_frame_refs() functionJames Almer2019-12-01
| | | | | | | | | Defined in Section 7.8 This finishes implementing support for frames using frame_refs_short_signaling. Signed-off-by: James Almer <jamrial@gmail.com>
* avcodec/alsdec: Discard frames for which no channel could be decodedMichael Niedermayer2019-12-01
| | | | | | | | Fixes: Timeout (80sec -> 33sec) Fixes: 18668/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5710836719157248 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/alsdec: Avoid 1 layer of pointer dereferences in INTERLEAVE_OUTPUT()Michael Niedermayer2019-12-01
| | | | | | | This optimizes the code slightly (116 -> 80sec) Testcase: 18668/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5710836719157248 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/g729dec: Avoid one multiply by using init_get_bits8()Michael Niedermayer2019-12-01
| | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/g729dec: Avoid using buf_sizeMichael Niedermayer2019-12-01
| | | | | | | | | | | buf_size is not updated as buf is advanced so it is wrong after the first iteration Fixes: Timeout (160sec -> 27sec) Fixes: 18658/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G729_fuzzer-5729784269373440 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/g729dec: Factor block_size outMichael Niedermayer2019-12-01
| | | | | | This will be used in the next commit Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/g729dec: require buf_size to be non 0Michael Niedermayer2019-12-01
| | | | | | | | | | The 0 case was added with the support for multiple packets. It appears unintended and causes extra complexity and out of array accesses (though within padding) No testcase Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/g729dec: Check for KELVIN && 6k4Michael Niedermayer2019-12-01
| | | | | | | | | | This combination would assume different block sizes throughout the code so its better to error out. Fixes: signed integer overflow: -1082385168 * 2 cannot be represented in type 'int' Fixes: 19110/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ACELP_KELVIN_fuzzer-5643993950191616 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/alac: Fix integer overflow in lpc_prediction() with signMichael Niedermayer2019-12-01
| | | | | | | | Fixes: signed integer overflow: -2147483648 * -1 cannot be represented in type 'int' Fixes: 18643/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5672182449700864 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wmaprodec: Fix buflen computation in save_bits()Michael Niedermayer2019-12-01
| | | | | | | | Fixes: Assertion failure Fixes: 18630/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAPRO_fuzzer-5201588654440448 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vc1_block: Fix integer overflow in AC rescaling in ↵Michael Niedermayer2019-12-01
| | | | | | | | | | vc1_decode_i_block_adv() Fixes: signed integer overflow: 50176 * 262144 cannot be represented in type 'int' Fixes: 18629/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5182370286403584 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vmdaudio: Check chunk counts to avoid integer overflowMichael Niedermayer2019-12-01
| | | | | | | | Fixes: signed integer overflow: 4 * 538976288 cannot be represented in type 'int' Fixes: 18622/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VMDAUDIO_fuzzer-5092166174507008 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mxfdec: Clear metadata_sets_count in mxf_read_close()Michael Niedermayer2019-12-01
| | | | | | This avoids problems if the function is called twice Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/flac_picture: Return directly if nothing has been allocatedAndreas Rheinhardt2019-12-01
| | | | | Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/flac_picture: Switch to bytestream2 APIAndreas Rheinhardt2019-12-01
| | | | | | | | | | | | | | | | | | | ff_flac_parse_picture() parses a buffer containing a flac metadata picture block by wrapping it in an AVIOContext and using the AVIOContext API. Consequently, when not enough data could be read AVERROR(EIO) was returned although reading didn't really fail: A block that contains a subfield whose size field indicates that it is so big as to extend beyond the buffer is just invalid. This commit changes this by using the bytestream2 API instead; furthermore, the checks for whether there is enough data left are performed before allocating a buffer for said data. Finally, if the length of the picture description is bigger than INT_MAX, it will now raise an error. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/flac_picture: Simplify checksAndreas Rheinhardt2019-12-01
| | | | | | | | | | | | | | | | | | During parsing a flac picture metadata block, the mimetype is read as follows: Its 32b size field is read and checked for being in the range 1..63; afterwards, the actual mimetype-string is read into a buffer of size 64, where the length to read is the minimum of the length field and the size of the destination buffer -1. Then an assert guards that length is indeed < the size of the destination buffer before the string in the buffer is zero-terminated. The FFMIN as well as the assert are actually redundant, as it has been checked that the string (even after terminating) fits into the buffer. In order to make this clear, reword the check "len >= 64" to "len >= sizeof(mimetype)" and drop the FFMIN as well as the assert. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/smoothstreamingenc: removed unused check of avformat_free_contextSteven Liu2019-12-02
| | | | | | Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Reviewed-by: Jun Zhao <barryjzhao@tencent.com> Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
* avformat/rtpenc_mpegts: removed unused check of avformat_free_contextSteven Liu2019-12-02
| | | | | | Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Reviewed-by: Jun Zhao <barryjzhao@tencent.com> Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
* avformat/hdsenc: removed unused check of avformat_free_contextSteven Liu2019-12-02
| | | | | | Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Reviewed-by: Jun Zhao <barryjzhao@tencent.com> Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
* avformat/dashenc: remove unused check of avformat_free_contextSteven Liu2019-12-02
| | | | | | | Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Reviewed-by: Jun Zhao <barryjzhao@tencent.com> Reviewed-by: Jeyapal, Karthick <kjeyapal@akamai.com> Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
* avformat/avc: add missing return error valueJames Almer2019-11-30
| | | | Signed-off-by: James Almer <jamrial@gmail.com>
* lavc/extract_extradata: Use bytestream apiAndriy Gelman2019-11-30
| | | | | Signed-off-by: Andriy Gelman <andriy.gelman@gmail.com> Signed-off-by: James Almer <jamrial@gmail.com>
* avcodec/extract_extradata_bsf: Don't unref uninitialized buffersAndreas Rheinhardt2019-11-30
| | | | | | | | This happens if allocating extradata fails and s->remove is unset. Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: James Almer <jamrial@gmail.com>
* avformat/avc: fix sps buffer offset when calling ff_avc_decode_sps()James Almer2019-11-29
| | | | | | Skip the avcC specific size bytes and the NAL header bits. Signed-off-by: James Almer <jamrial@gmail.com>
* fate/demux: add an AV1 Annex B testJames Almer2019-11-29
| | | | Signed-off-by: James Almer <jamrial@gmail.com>
* avcodec/av1_parser: export stream dimensions in avctxJames Almer2019-11-29
| | | | | | This is required to demux annexb samples when a decoder isn't available. Signed-off-by: James Almer <jamrial@gmail.com>
* fate/lavf-container: add an H264 mp4 remux testJames Almer2019-11-29
| | | | | | | This uses a raw h264 bitstream as source, in order to test the avcC generation code. Signed-off-by: James Almer <jamrial@gmail.com>
* fate/lavf-container: add an AV1 mp4 remux testJames Almer2019-11-29
| | | | Signed-off-by: James Almer <jamrial@gmail.com>
* libavdevice/lavfi: check avfilter_graph_dump return valueZhao Zhili2019-11-29
| | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/avio: Use ffurl_closepAndreas Rheinhardt2019-11-29
| | | | | Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avfilter/vf_hqdn3d: add support for commandsPaul B Mahol2019-11-29
|
* avfilter/vf_hqdn3d: add support for 12bit and 14bit yuv formatsPaul B Mahol2019-11-29
|
* lavc/mvha: Check init_get_bits8() for failureJun Zhao2019-11-29
| | | | | | fix potential null pointer dereference Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
* lavf/vividas: check avformat_new_stream() returnJun Zhao2019-11-29
| | | | | | | check avformat_new_stream() return. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
* avfilter/vf_yadif: rename config_props -> config_output, link -> outlinkLimin Wang2019-11-29
| | | | | Signed-off-by: Limin Wang <lance.lmwang@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/vividas: Avoid allocation of AVIOContextAndreas Rheinhardt2019-11-29
| | | | | | | | | | Put an AVIOContext whose lifetime doesn't extend beyond the function where it is allocated on the stack instead of allocating and freeing it. This also avoids the need to free it, which in this case fixes possible memleaks on error. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/avc: write the missing bits in the AVC Decoder Configuration BoxJames Almer2019-11-28
| | | | Signed-off-by: James Almer <jamrial@gmail.com>
* avformat/movenc: Avoid allocation for small dynamic buffersAndreas Rheinhardt2019-11-28
| | | | | | | | By using avio_get_dyn_buf() + ffio_free_dyn_buf() instead of avio_close_dyn_buf() + av_free() one can avoid an allocation + copy for small dynamic buffers. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
* avformat/matroskaenc: Avoid allocation for small dynamic buffersAndreas Rheinhardt2019-11-28
| | | | | | | | By using avio_get_dyn_buf() + ffio_free_dyn_buf() instead of avio_close_dyn_buf() + av_free() one can avoid an allocation + copy for small dynamic buffers (i.e. small master elements). Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
* avformat/id3v2enc: Avoid allocation for small tagsAndreas Rheinhardt2019-11-28
| | | | | | | | By using avio_get_dyn_buf() + ffio_free_dyn_buf() instead of avio_close_dyn_buf() + av_free() one can avoid an allocation + copy for small tags. Furthermore, it simplifies freeing. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
* avformat/avc: Avoid allocation for small SPS/PPS arraysAndreas Rheinhardt2019-11-28
| | | | | | | | By using avio_get_dyn_buf() + ffio_free_dyn_buf() instead of avio_close_dyn_buf() + av_free() one can avoid an allocation + copy for small extradata. Furthermore, it simplifies freeing. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-12 01:36:24 +0000