avcodec/ac3_parser: Check init_get_bits8() for failure
Fixes: null pointer dereference Fixes: ffmpeg_crash_6.avi Found-by: Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu with AFLSmart Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avformat/movenc: Check that frame_types other than EAC3_FRAME_TYPE_INDEPENDENT have a supported substream id
Fixes: out of array access Fixes: ffmpeg_bof_1.avi Found-by: Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu with AFLSmart Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: null pointer dereference Fixes: 8946/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DPX_fuzzer-5078915222601728 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Carl Eugen Hoyos <ceffmpeg@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/ra144: Fix integer overflow in ff_eval_refl()
Fixes: signed integer overflow: -4096 * -524288 cannot be represented in type 'int' Fixes: 8650/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RA_144_fuzzer-5734816036159488 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/magicyuv: Check bits left in flags&1 branch
Fixes: Timeout Fixes: 8690/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MAGICYUV_fuzzer-6542020913922048 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
It is possible for there to be multiple encryption init info structure.
For example, to support multiple key systems or in key rotation. This
changes the AVEncryptionInitInfo struct to be a linked list so there
can be multiple structs without breaking ABI.
Signed-off-by: Jacob Trimble <modmaker@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Marton Balint [Mon, 11 Jun 2018 21:19:37 +0000 (23:19 +0200)]
ffplay: ignore keypress events before a window is created
Current ffplay code assumes that the read thread is in its main loop before any
key events are captured, but apparently on IOS even keypresses without a window
are forwared.
Gyan Doshi [Sat, 16 Jun 2018 10:01:51 +0000 (15:31 +0530)]
avformat/movenc: read track title from correct key
da9cc22d5bd allowed the MOV muxer to relay a custom stream handler name,
whether populated from the input stream or user-set. However, the entry
key didn't match the key set by the MOV demuxer, so it wasn't
effective. Fixed.
Due to the change, four FATE refs have to be updated. Verified that the
target payload of the tests hasn't changed in terms of CRC.
CLI options -maxrate, -bufsize and -rc_init_occupancy can now be picked
up by the x265 wrapper. Min. rc init has to be 1001 to avoid x265
setting it to vbv-bufsize.
Aman Gupta [Mon, 11 Jun 2018 07:43:31 +0000 (00:43 -0700)]
avformat/mpegts: parse large PMTs with multiple tables
In 9152c1e4955, the mpegts parser was taught how to parse
PMT sections which contained multiple tables. That commit
fixed parsing of PMT packets from some cable providers,
which included a special SCTE table (0xc0) before the
standard program map table (0x2).
Sometimes, however, the combined 0xc0 and 0x2 tables are
larger than a single TS packet (188 bytes). The mpegts parser
already attempts to parse sections which span multiple packets,
but still assumed that the split section only contained one
table.
This patch fixes parsing of such a sample[1].
Before:
Input #0, mpegts, from 'combined-pmt-tids-split.ts':
Duration: 00:00:01.26, start: 39188.931756, bitrate: 597 kb/s
Program 1
No Program
Stream #0:0[0xeff]: Audio: ac3, 48000 Hz, mono, fltp, 64 kb/s
Stream #0:1[0xefd]: Audio: mp3, 0 channels, fltp
Stream #0:2[0xefe]: Unknown: none
With the patch, the PMT is parsed correctly so the streams are
created in the correct order, are associated with "Program 1",
and their codecs are set correctly.
Aman Gupta [Mon, 18 Jun 2018 18:53:27 +0000 (11:53 -0700)]
Revert "avcodec/mediacodecdec: wait on first frame after input buffers are full"
@xyz reported a regression on his Sony Xperia Z3 Tablet Compact where
playback would intermittently fail to start, essentially deadlocking in
the decoder. Bisecting narrowed down the issue to this commit, which was
meant as an optimization but is not necessary.
Jerome Borsboom [Fri, 8 Jun 2018 09:01:26 +0000 (11:01 +0200)]
avcodec/vc1: add Simple and Main profile to vc1_put_signed_blocks_clamped
Simple and Main Profile also need unsigned put_pixels_clamped. Add an argument
to choose between signed and unsigned put_pixels and change function name to
vc1_put_blocks_clamped.
Jerome Borsboom [Wed, 9 May 2018 05:50:28 +0000 (07:50 +0200)]
avcodec/vc1: support multi-slice field interlaced pictures with hwaccel
When using hardware accelerated decoding for multi-slice field interlaced pictures,
only the first slice was decoded. This patch adds the neccesary looping over the
remaining slices that may exist in field interlaced pictures. Additionally, we align
the calculation of mby_start for the second field with the method given in VC-1 spec.
Jerome Borsboom [Wed, 9 May 2018 05:50:23 +0000 (07:50 +0200)]
avcodec/vaapi_vc1: slice_vertical_position starts from zero for the second field
Contrary to VC-1 spec, VAAPI expects the row address of the first
macroblock row in the first slice to start from zero for the second
field in a field interlaced picture.
Jerome Borsboom [Wed, 6 Jun 2018 18:47:23 +0000 (20:47 +0200)]
avcodec/vc1: add Simple and Main profile to vc1_put_signed_blocks_clamped
Simple and Main profile also need unsigned put_pixels_clamped. Add an argument
to choose between signed and unsigned put_pixels and change function name to
vc1_put_blocks_clamped.
Jerome Borsboom [Fri, 8 Jun 2018 09:01:20 +0000 (11:01 +0200)]
avcodec/vc1: fix overlap and loop filtering for Simple and Main profile
Overlap filtering I and BI frames for Simple and Main profile is only
dependent on PQUANT. Restrict testing for CONDOVER and OVERFLAGS to
advanced profile. Change from mb_width to end_mb_x in ff_vc1_i_loop_filter
to avoid breaking the Microsoft Screen 2 decoder.
Jerome Borsboom [Wed, 30 May 2018 11:53:48 +0000 (13:53 +0200)]
avcodec/vc1: fix overlap smoothing filter for P frames
The v_overlap_filter needs to run on the colocated block of the previous
macroblock. For the luma plane, the colocated block is located two blocks
on the left instead of one. In addition, the overlap filter needs to run
on the non-edge blocks of the first macroblock row and column.
avcodec/aacdec_fixed: Fix undefined integer overflow in apply_independent_coupling_fixed()
Fixes: signed integer overflow: 1195517 * 2048 cannot be represented in type 'int' Fixes: 8636/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-4695836326887424 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/dirac_dwt_template: Fix undefined behavior in interleave()
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 8697/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5197148130902016 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avutil/common: Fix undefined behavior in av_clip_uintp2_c()
Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself Fixes: 8521/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5639024952737792 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
fftools/ffmpeg: Fallback to duration if sample rate is unavailable
Regression since: af1761f7 Fixes: Division by 0 Fixes: ffmpeg_crash_1 Found-by: Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu with AFLSmart Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>