summaryrefslogtreecommitdiff
path: root/libavcodec
Commit message (Collapse)AuthorAge
* avcodec/h263dec: Reinitialize idct context if it has not been setup for the ↵Michael Niedermayer2018-05-30
| | | | | | | | active profile The profile after reading headers can be different from when the context was initialized Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/idctdsp: Clear idct/idct_add for studio profileMichael Niedermayer2018-05-30
| | | | | | This does not leave them "as before" which may be a value from a previous profile Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/idctdsp: Transmit studio_profile to init instead of using ↵Michael Niedermayer2018-05-30
| | | | | | | | | | | | | AVCodecContext profile These 2 fields are not always the same, it is simpler to always use the same field for detecting studio profile Fixes: null pointer dereference Fixes: ffmpeg_crash_3.avi Found-by: Thuan Pham <thuanpv@comp.nus.edu.sg>, Marcel Böhme, Andrew Santosa and Alexandru RazvanCaciulescu with AFLSmart Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/qtrle: Do not output duplicated frames on insufficient inputMichael Niedermayer2018-05-30
| | | | | | | | | | | | This improves performance and makes qtrle behave more similar to other decoders. Libavcodec does generally not output known duplicated frames, instead the calling Application can insert them as it needs. Fixes: Timeout Fixes: 6383/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QTRLE_fuzzer-6199846902956032 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vc1: store zero MVs for all blocks in a MBJerome Borsboom2018-05-28
| | | | | | | | Direct prediction for interlace frame B pictures references the mv in the second block in an MB in the backward reference frame for the twomv case. When the backward reference frame is an I frame, this value may be unset. Signed-off-by: Jerome Borsboom <jerome.borsboom@carpalis.nl>
* avcodec/vc1: fix mquant calculation for interlace field picturesJerome Borsboom2018-05-28
| | | | | | | | | For interlace field pictures s->mb_height indicates the height of the full picture in MBs, i.e. the two fields combined. A single field is half this size. When calculating mquant for interlace field pictures, the bottom edge is the last MB row of the field. Signed-off-by: Jerome Borsboom <jerome.borsboom@carpalis.nl>
* avcodec/allcodecs: Provide empty codec_list in allcodecs when ossfuzz is usedMichael Niedermayer2018-05-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | The last workaround is not sufficient to make oss fuzz work with the iterate API as it did not provide a FFmpeg that external libs can be linked to. This patch does not fully restore the pre iterate functionality. My attempts to do this have so far failed. The problem with this solution is that it renders the fuzzers virtual system ffmpeg (libs) non functional. Which differs from a real system compared to the virtual system tested by the fuzzer. It should theoretically not matter as the system ffmpeg wouldnt be used. But with more cases being fuzzed we likely will hit a case where a external lib is involved and it does matter ... Working around this may be possible with weak symbols but so far my attempts failed Alternatively multiple ffmpeg could be built, this becomes messy though quickly as they need to be all linked together. That is we need a FFmpeg that has the iterate API modified so it can work with the resources available to ossfuzz. And at the same time we need a ffmpeg that has its full functionality for any external libs which use ffmpeg and are used by ffmpeg. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ac3dec: Check that the number of channels with dependant streams is ↵Michael Niedermayer2018-05-27
| | | | | | | | | | | valid Fixes: left shift of 1 by 63 places cannot be represented in type 'long long' Fixes: out of array access Fixes: 7284/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AC3_fuzzer-5767914968842240 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ac3dec: Fix null pointer dereference in ac3_decode_frame()Michael Niedermayer2018-05-27
| | | | | | | | Fixes: index 8 out of bounds for type 'uint8_t *[8]' Fixes: 7273/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EAC3_fuzzer-6296497667702784 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/aacdec_fixed: use 64bit to avoid overflow in rounding in ↵Michael Niedermayer2018-05-27
| | | | | | | | | | apply_dependent_coupling_fixed() Fixes: signed integer overflow: -2141499320 + -14469590 cannot be represented in type 'int' Fixes: 7351/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-6351214791884800 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* oavcodec/aacpsdsp_template: Use unsigned for hs0X to prevent undefined behaviorMichael Niedermayer2018-05-27
| | | | | | | | Fixes: signed integer overflow: 1073741842 + 1784008138 cannot be represented in type 'int' Fixes: 6792/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5677589835284480 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/g723_1dec: Clip bits2 in both directionsMichael Niedermayer2018-05-27
| | | | | | | | Fixes: shift exponent 33 is too large for 32-bit type 'int' Fixes: 6743/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G723_1_fuzzer-5823772687859712 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpeg4videoenc: Use 64 bit for times in mpeg4_encode_gop_header()Michael Niedermayer2018-05-27
| | | | | | | | | | Fixes truncation Fixes Assertion n <= 31 && value < (1U << n) failed at libavcodec/put_bits.h:169 Fixes: ffmpeg_crash_2.avi Found-by: Thuan Pham <thuanpv@comp.nus.edu.sg>, Marcel Böhme, Andrew Santosa and Alexandru RazvanCaciulescu with AFLSmart Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* lavc/hevcdec: Treat clean random access nals as keyframes for -skip_frame.Carl Eugen Hoyos2018-05-27
| | | | | | Fixes ticket #7227. Reviewed-by: Mark Thompson
* lavc/cfhd: interlaced frame decoding addedGagandeep Singh2018-05-27
| | | | ticket #5522 output of given samples significantly improved
* avcodec/mlpdec: Only change noise_type if the related fields are validMichael Niedermayer2018-05-26
| | | | | | | | | Fixes: inconsistency Fixes:runtime error: index 8 out of bounds for type 'int32_t [8]' Fixes: 6686/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEHD_fuzzer-5191383498358784 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* indeo4: Decode all or nothing of a band header.Michael Niedermayer2018-05-26
| | | | | | | | | | | | | | This avoids inconsistent value combinations. Alternatively it would be possible to add more checks and careful use of temporary variables, but my try of this quickly seemed to become a rather large change. The disadvantage of this, is that the struct is copied back and forth. Fixes: index 6 out of bounds for type 'const uint16_t [5][16]' Fixes: 6557/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INDEO4_fuzzer-4787296550256640 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ac3dec: Use frame_size if superframe_size is 0Michael Niedermayer2018-05-26
| | | | | | | | | | Fixes: Infinite loop Fixes: 7669/clusterfuzz-testcase-ffmpeg_AV_CODEC_ID_AC3_FIXED_fuzzer-4689042185650176 Fixes: 7670/clusterfuzz-testcase-ffmpeg_AV_CODEC_ID_AC3_fuzzer-4706306762997760 Fixes: 7672/clusterfuzz-testcase-ffmpeg_AV_CODEC_ID_EAC3_fuzzer-4702108499574784 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* lavc/hevc_ps: Use correct pix_fmt AV_PIX_FMT_GRAY9 for 9-bit 4:0:0 input.Carl Eugen Hoyos2018-05-25
|
* lavc/j2kenc: Support AV_PIX_FMT_PAL8.Carl Eugen Hoyos2018-05-25
|
* lavc/jpeg2000dec: Move a variable declaration closer to its usage.Carl Eugen Hoyos2018-05-22
|
* lavc/jpeg2000dec: Use a define to clarify the meaning of a constant.Carl Eugen Hoyos2018-05-22
|
* lavc/h264_parse: Remove a superfluous linebreak.Carl Eugen Hoyos2018-05-22
|
* avcodec/libvpxenc: fix setting amount of threads used for encodingJames Almer2018-05-21
| | | | | | | | | | | | The libvpx doxy says that a value of 0 for the g_threads field is equivalent to a value of 1, whereas for avctx->thread_count it means the maximum amount of threads possible for the host system. Use av_cpu_count() to get the correct thread count when auto threads is requested. Reviewed-by: James Zern <jzern@google.com> Signed-off-by: James Almer <jamrial@gmail.com>
* avcodec/vc1: FIELDTX is only present in interlaced frame I/BI picturesJerome Borsboom2018-05-20
| | | | | | | | If v->fieldtx_is_raw is not reset to zero, it may spill over from a previous interlaced frame I/BI picture. Signed-off-by: Jerome Borsboom <jerome.borsboom@carpalis.nl> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vc1: fix calculation of the last line of a sliceJerome Borsboom2018-05-20
| | | | | | | | Only for the last slice of the first field is the last line of the slice equal to the height of the field. Signed-off-by: Jerome Borsboom <jerome.borsboom@carpalis.nl> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vc1: DIRECTBIT is only present in inter MBsJerome Borsboom2018-05-20
| | | | | | | | | DIRECTBIT was decoded before the intra/inter MB branching when decoding interlace frame B pictures. Resulting in mistakenly also decoding it for intra MBs where this syntax element is not present. Signed-off-by: Jerome Borsboom <jerome.borsboom@carpalis.nl> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/videotoolbox: fix decoding of some HEVC videosAman Gupta2018-05-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | In a normal hwaccel, the AVHWFramesContext sets AVFrame.hw_frames_ctx when it initializes a new AVFrame in av_hwframe_get_buffer(). But the VT hwaccel doesn't know what hw_frames_ctx to assign when the AVFrame is first created, because it depends on the format of the pixbuf that the decoder eventually decides to return. Thus newly created AVFrames always have a NULL hw_frames_ctx, and the hwaccel would only assign the ctx once a frame was done decoding. This worked fine with the H264 decoder, but with the HEVC decoder the frame's data may be moved to another empty AVFrame. Since the empty AVFrame never had hw_frames_ctx set, a frame with a NULL ctx could be returned to the API user. This patch works around the issue by moving the derived hw_frames_ctx from the AVFrame to a new VTHWFrame which now holds both the CVPixelBufferRef and the AVBuffer. The hw_frames_ctx is only copied to the AVFrame right before it is about to be returned to the user in videotoolbox_postproc_frame() (since in the case of VT, the hw_frames_ctx is only there for the API user anyway). Fixes playback on macOS and iOS of some hevc videos like https://s3.amazonaws.com/tmm1/videotoolbox/germany-hevc-zdf.ts Signed-off-by: Aman Gupta <aman@tmm1.net>
* opusenc: use for loops with declarationsRostislav Pehlivanov2018-05-18
| | | | Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>
* lavc/v210dec: Skip Canopus C210 extradata.Carl Eugen Hoyos2018-05-17
| | | | | | | | Unbreaks files with unknown extradata, the Canopus decoder accepts both files with and without this extradata (24 byte "INFO", 16 byte "RDRT", rest "FIEL"). Reported-by: Peter Bubestinger Tested-by: Piotr Bandurski
* avcodec/dirac_dwt: Fix integer overflow in COMPOSE_DD97iH0 / COMPOSE_DD137iL0Michael Niedermayer2018-05-17
| | | | | | | | Fixes: negation of -2147483648 cannot be represented in type 'int32_t' (aka 'int'); Fixes: 6500/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-4523620274536448 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/fic: Check available input space for cursorMichael Niedermayer2018-05-17
| | | | | | | | Fixes: out of array read Fixes: 6546/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FIC_fuzzer-6317064647081984 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/fic: Avoid some magic numbers related to cursorsMichael Niedermayer2018-05-17
| | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpeg4video: Detect reference studio streams as studio streamsMichael Niedermayer2018-05-17
| | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpeg4videodec: Check bps (VOL header) before VOP for studio profileMichael Niedermayer2018-05-17
| | | | | | | | | | | Fixes: runtime error: shift exponent -1 is negative Fixes: 7486/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-4977380939530240 Fixes: runtime error: index 36 out of bounds for type 'const uint8_t [32]' Fixes: 7566/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-6536620682510336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpeg4videodec: Do not corrupt bits_per_raw_sampleMichael Niedermayer2018-05-17
| | | | | Reviewed-by: Kieran Kunhya <kierank@obe.tv> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpeg4videode: Eliminate out of loop VOP startcode reading for studio ↵Michael Niedermayer2018-05-17
| | | | | | profile Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/g2meet: ask for sample with overflowing RGBMichael Niedermayer2018-05-17
| | | | | | Suggested-by: Tomas Härdin <tjoppen@acc.umu.se> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/g2meet: Check RGB upper limitMichael Niedermayer2018-05-17
| | | | | | | | Fixes: runtime error: left shift of 1876744317 by 16 places cannot be represented in type 'int' Fixes: 6799/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G2M_fuzzer-5115274731716608 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/xwddec: fix palette alphaMarton Balint2018-05-16
| | | | Signed-off-by: Marton Balint <cus@passwd.hu>
* lavc/h2645_parse: add h264_nal_unit_name for h264 NAL type.Jun Zhao2018-05-16
| | | | Signed-off-by: Jun Zhao <mypopydev@gmail.com>
* lavc/h2645_parse: rename the nal_unit_name to hevc_nal_unit_name.Jun Zhao2018-05-16
| | | | | | | Rename the nal_unit_name to hevc_nal_unit_name, will add a h264_nal_unit_name function. Signed-off-by: Jun Zhao <mypopydev@gmail.com>
* lavc/h2645_parse: log more HEVC NAL type.Jun Zhao2018-05-16
| | | | Signed-off-by: Jun Zhao <mypopydev@gmail.com>
* avcodec: Disable new iterate API for ossfuzzMichael Niedermayer2018-05-16
| | | | | | | | | | | | | | | | | A few days ago ossfuzz stoped testing new FFmpeg as it run out of diskspacee https://oss-fuzz-build-logs.storage.googleapis.com/index.html An alternative would be to revert the API. This changes for example -rwxr-x--- 1 michael michael 144803654 May 14 12:54 tools/target_dec_ac3_fixed_fuzzer* to -rwxr-x--- 1 michael michael 30333852 May 14 12:51 tools/target_dec_ac3_fixed_fuzzer* Which should massively decrease space requirements Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/h2645_parse: skip NALUs with no content after stripping all the ↵James Almer2018-05-14
| | | | | | | | trailing zeros The GetBitContext is effectively empty in them. Signed-off-by: James Almer <jamrial@gmail.com>
* avcodec/vp3: Check that there will be sufficient input for the coded ↵Michael Niedermayer2018-05-13
| | | | | | | | | | fragments in unpack_superblocks() Fixes: Timeout Fixes: 6292/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP3_fuzzer-4871218218926080 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* cbs_h264: Add support for mastering display SEI messagesMark Thompson2018-05-10
|
* cbs_h264: Add support for pan-scan rectangle SEI messagesMark Thompson2018-05-10
|
* h264_metadata: Fix AUD writingMark Thompson2018-05-10
| | | | | The aud structure exists on the stack, so the variable was previously out-of-scope when the unit is written.
* h264_metadata: Remove redundant setting of SEI payload sizeMark Thompson2018-05-10
| | | | This should be derived from the data length rather than set explicitly.
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-21 21:44:35 +0000