Fixes: out of array access Fixes: 14110/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AGM_fuzzer-5649184864075776 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
rgb24
24431 UNITS in yuv2packed2, 16384 runs, 0 skips
13783 UNITS in yuv2packed2, 16383 runs, 1 skips
bgr24
24396 UNITS in yuv2packed2, 16384 runs, 0 skips
14059 UNITS in yuv2packed2, 16384 runs, 0 skips
rgba
26815 UNITS in yuv2packed2, 16383 runs, 1 skips
12797 UNITS in yuv2packed2, 16383 runs, 1 skips
bgra
27060 UNITS in yuv2packed2, 16384 runs, 0 skips
13138 UNITS in yuv2packed2, 16384 runs, 0 skips
argb
26998 UNITS in yuv2packed2, 16384 runs, 0 skips
12728 UNITS in yuv2packed2, 16381 runs, 3 skips
bgra
26651 UNITS in yuv2packed2, 16384 runs, 0 skips
13124 UNITS in yuv2packed2, 16384 runs, 0 skips
This is a low speedup, but the x86 mmx version also gets only ~2x. The mmx version
is also heavily inaccurate, while the vsx version has high accuracy.
libavutil/hwcontext_opencl: Fix channel order in format support check
The `opencl_get_plane_format` function was incorrectly determining the
value used to set the image channel order. This resulted in all RGB
pixel formats being set to the `CL_RGBA` pixel format, regardless of
whether or not they actually *were* RGBA.
This patch fixes the issue by using the `offset` and depth of components
rather than the loop index to determine the value of `order`.
Signed-off-by: Jarek Samic <cldfire3@gmail.com> Signed-off-by: Mark Thompson <sw@jkqxz.net>
Jun Zhao [Thu, 4 Apr 2019 15:47:46 +0000 (23:47 +0800)]
lavf/matroskaenc: Fix memory leak after write trailer
Fix memory leak after write trailer for #7827, only store a audio
packet whose buffer has size greater than zero in cur_audio_pkt.
Audio packets with size zero, but with side-data currently lead to
memleaks, in the Matroska muxer, because they are not properly freed:
They are currently put into an AVPacket in the MatroskaMuxContext to
ensure that the necessary audio is always available for a new cluster,
but are only written and freed when their size is > 0.
As the only use we have for such packets consists in updating the
CodecPrivate it makes no sense to store these packets at all and this
is how this commit solves the memleak.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@googlemail.com> Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
avformat/av1: Initialize padding in ff_isom_write_av1c
Otherwise, AV1 encodes with FFmpeg trigger use-of-uninitialized-value
warnings under MemorySanitizer, and the output buffer potentially
changes from run to run.
When asetnsamples uses output samples < input samples, remaining samples build up in the fifo over time.
Fix this by marking the filter as ready again if there are enough samples.
Regression since ef3babb2c70f564dc1634b3f29c6e35a2b2dc239 Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
rgb24
214278 UNITS in yuv2packedX, 16384 runs, 0 skips
33249 UNITS in yuv2packedX, 16384 runs, 0 skips
bgr24
214616 UNITS in yuv2packedX, 16384 runs, 0 skips
33233 UNITS in yuv2packedX, 16384 runs, 0 skips
rgba
214517 UNITS in yuv2packedX, 16384 runs, 0 skips
33271 UNITS in yuv2packedX, 16384 runs, 0 skips
bgra
214973 UNITS in yuv2packedX, 16384 runs, 0 skips
33397 UNITS in yuv2packedX, 16384 runs, 0 skips
argb
214613 UNITS in yuv2packedX, 16384 runs, 0 skips
33310 UNITS in yuv2packedX, 16384 runs, 0 skips
bgra
214637 UNITS in yuv2packedX, 16384 runs, 0 skips
33330 UNITS in yuv2packedX, 16384 runs, 0 skips
rgb24
52763 UNITS in yuv2packed2, 16384 runs, 0 skips
13453 UNITS in yuv2packed2, 16384 runs, 0 skips
bgr24
53144 UNITS in yuv2packed2, 16384 runs, 0 skips
13616 UNITS in yuv2packed2, 16384 runs, 0 skips
rgba
52796 UNITS in yuv2packed2, 16384 runs, 0 skips
12904 UNITS in yuv2packed2, 16384 runs, 0 skips
bgra
52732 UNITS in yuv2packed2, 16384 runs, 0 skips
13262 UNITS in yuv2packed2, 16384 runs, 0 skips
argb
52661 UNITS in yuv2packed2, 16384 runs, 0 skips
12879 UNITS in yuv2packed2, 16384 runs, 0 skips
bgra
52662 UNITS in yuv2packed2, 16384 runs, 0 skips
12932 UNITS in yuv2packed2, 16384 runs, 0 skips
rgb24
18192 UNITS in yuv2packed1, 32767 runs, 1 skips
9983 UNITS in yuv2packed1, 32760 runs, 8 skips
bgr24
18665 UNITS in yuv2packed1, 32766 runs, 2 skips
9925 UNITS in yuv2packed1, 32763 runs, 5 skips
rgba
20239 UNITS in yuv2packed1, 32767 runs, 1 skips
8794 UNITS in yuv2packed1, 32759 runs, 9 skips
bgra
20354 UNITS in yuv2packed1, 32768 runs, 0 skips
8770 UNITS in yuv2packed1, 32761 runs, 7 skips
argb
20185 UNITS in yuv2packed1, 32768 runs, 0 skips
8761 UNITS in yuv2packed1, 32761 runs, 7 skips
bgra
20360 UNITS in yuv2packed1, 32766 runs, 2 skips
8759 UNITS in yuv2packed1, 32764 runs, 4 skips
This is a low speedup, but the x86 mmx version also gets only ~2x. The mmx version
is also heavily inaccurate, while the vsx version has high accuracy.
Octavio Alvarez [Thu, 28 Mar 2019 04:52:32 +0000 (22:52 -0600)]
lavd/x11grab: fix vertical repositioning
There is a calculation error in xcbgrab_reposition() that breaks
vertical repositioning on follow_mouse. It made the bottom
reposition occur when moving the mouse lower than N pixels after
the capture bottom edge, instead of before.
This commit fixes the calculation to match the documentation.
follow_mouse: centered or number of pixels. The documentation says:
When it is specified with "centered", the grabbing region follows
the mouse pointer and keeps the pointer at the center of region;
otherwise, the region follows only when the mouse pointer reaches
within PIXELS (greater than zero) to the edge of region.
Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself Fixes: 13999/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AGM_fuzzer-5644405991538688 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
1. The case of an unknown-sized element inside a finite-sized element
(which is against the specifications) was not caught.
2. The error message wasn't helpful: It compared the length of the child
with the offset of the end of the parent and claimed that the first
exceeds the latter, although that is not necessarily true.
3. Unknown-sized elements that are not parsed can't be skipped. Given
that according to the Matroska specifications only the segment and the
clusters can be of unknown-size, this is handled by not allowing any
other units to have infinite size whereas the earlier code would seek
back by 1 byte upon encountering an infinite-size element that ought
to be skipped.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@googlemail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/agm: More completely check size before using it
Fixes: out of array access Fixes: 13997/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AGM_fuzzer-5701427252428800 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Zhong Li [Fri, 11 Jan 2019 07:09:07 +0000 (15:09 +0800)]
lavc/qsvenc: enable hevc gpb option
GPB is the default type, just contains forward references but the
slice_type is B slice with higher encoding efficiency than regular P
slice, but lower performance.
Add an option to allow user to set regular P slice.
Fix ticket#6870
Test data on Intel Kabylake (i7-7567U CPU @ 3.50GHz):
1. ffmpeg -hwaccel qsv -c:v h264_qsv -i bbb_sunflower_1080p_30fps_normal.mp4 -vsync passthrough
-vframes 1000 -c:v hevc_qsv -gpb 0 -bf 0 -q 25 test_gpb_off_bf0_kbl.mp4
transcoding fps: 85
encoded file size of test_gpb_off_bf0_kbl.mp4: 21960100 (bytes)
Gyan Doshi [Sat, 30 Mar 2019 18:30:50 +0000 (00:00 +0530)]
lavf/movenc: fix tmcd writing for non-MP4/MOV modes
write_tmcd allows tmcd track to be created with any mode but in
mov_write_header, index for first tmcd track is only set for modes
MP4 or MOV, causing a crash if tmcd creation is attempted with other
modes.
Matthew Fearnley [Fri, 29 Mar 2019 22:03:03 +0000 (22:03 +0000)]
libavcodec/zmbv: change 24-bit decoder channel order, from RGB24 to BGR24
This brings the channel order in line with that used in 32-bit mode (BGR0).
24-bit decoding is disabled by default (#ifdef ZMBV_ENABLE_24BPP), and no
prior encoders or sample videos are known to exist for this bit depth, so
I consider this change in implementation is unlikely to affect anyone.
The decision has been made in agreement with the DOSBox Development Team
(dosbox.crew@gmail.com), specifically with harekiet, who wrote the original
codec.
avcodec/rscc: Check that the to be uncompressed input is large enough
Fixes: Out of array access Fixes: 13984/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RSCC_fuzzer-5734128093233152 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/ivi: Reduce dereferencing structs in inner loop of ivi_process_empty_tile()
This speeds the code up by about 15%
Testcase: 13779/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INDEO4_fuzzer-5699589711069184
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Jun Li [Sun, 31 Mar 2019 04:35:51 +0000 (21:35 -0700)]
avformat/doc, http, icecast, rtsp: Add option to disable send-expect-100
Fix ticket #7297
The current setting for send-expect-100 option is either
enabled if applicable or forced enabled, no option to force
disable the header. This change is to expand the option setting
to provide more flexibility, which is useful for rstp case.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
yuyv422
126354 UNITS in yuv2packedX, 16384 runs, 0 skips
16383 UNITS in yuv2packedX, 16382 runs, 2 skips
yvyu422
117669 UNITS in yuv2packedX, 16384 runs, 0 skips
16271 UNITS in yuv2packedX, 16379 runs, 5 skips
uyvy422
117310 UNITS in yuv2packedX, 16384 runs, 0 skips
16226 UNITS in yuv2packedX, 16382 runs, 2 skips
yuyv422
19339 UNITS in yuv2packed2, 16384 runs, 0 skips
3718 UNITS in yuv2packed2, 16383 runs, 1 skips
yvyu422
19438 UNITS in yuv2packed2, 16384 runs, 0 skips
3800 UNITS in yuv2packed2, 16380 runs, 4 skips
uyvy422
19128 UNITS in yuv2packed2, 16384 runs, 0 skips
3721 UNITS in yuv2packed2, 16380 runs, 4 skips
yuyv422
14513 UNITS in yuv2packed1, 32768 runs, 0 skips
949 UNITS in yuv2packed1, 32767 runs, 1 skips
yvyu422
14516 UNITS in yuv2packed1, 32767 runs, 1 skips
943 UNITS in yuv2packed1, 32767 runs, 1 skips
uyvy422
14530 UNITS in yuv2packed1, 32767 runs, 1 skips
941 UNITS in yuv2packed1, 32766 runs, 2 skips
Similarly to the previous changes, we don't need to synchronise
after a memcpy to device memory. On the other hand, we need to
keep synchronising after a copy to host memory, otherwise there's
no guarantee that subsequent host reads will return valid data.
I put this call in by habit, rather than because there was any
actual need. The filter is simply processing frames one after
the other and has no need to synchronise.
malakudi on the devtalk forums noticed a slowdown when using nvenc
with temporal/spatial aq and that the slowdown went away if the
sync call was removed. I also verified that in the basic encoding
case there's an observable speedup.
I also verified that we aren't doing unnecessary sync calls in any
other filter.
The following are the newly added options:
arnr_max_frames, arnr_strength, aq_mode, denoise_noise_level, denoise_block_size,
rc_undershoot_pct, rc_overshoot_pct, minsection_pct, maxsection_pct, frame_parallel,
enable_cdef, enable_global_motion, and intrabc.
Also added macros for compiling for aom 1.0.0 and fixed the default values.
Zhong Li [Mon, 25 Mar 2019 22:10:21 +0000 (06:10 +0800)]
lavc/qsvenc: fix hevc vps extradata issues
cbs trace qsv vps header failed due to some reasons:
1. vps_temporal_id_nesting_flag is not set but spec required it must to
be 1 when vps_max_sub_layers_minus1 is equal to 0.
2. vps_num_hrd_parameters is not set and written.
3. other issues in ff_hevc_encode_nal_vps() (fixed in pervious commit_id: 520226b683).
Thierry Foucu [Wed, 27 Mar 2019 21:11:59 +0000 (14:11 -0700)]
fftools/ffmpeg: Check if we do have also a filter_complex filter.
Right now, the code check for no filter description, but if we use a
filter_complex, the code will use the AVFrame.duration which could be
wrong in case of using fps filter.
How to reproduce the problem:
ffmpeg -f lavfi -i testsrc=duration=1 -vf fps=fps=50 -vsync 1 -f null -
output 50 frames
Dong, Jerry [Thu, 28 Mar 2019 11:40:53 +0000 (19:40 +0800)]
swscale/swscale_unscaled: fixed the issue that when width/height is not 2-multiple, transition of nv12 to u/v planes is not completed.
Signed-off-by: Dong, Jerry <jerry.dong@intel.com> Signed-off-by: Decai Lin <decai.lin@intel.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Zhong Li [Wed, 27 Mar 2019 11:39:41 +0000 (19:39 +0800)]
lavc/qsvenc_h264: remove the privite option trellis
There are many problems of current qsv trellis option:
1. Duplicated with AVCodecContext definition
2. MFX_TRELLIS_XXX is introduced by MSDK API 1.17
Currently Without MSDK API checking thus may cause compilation issue.
3. user is inclined to enable trellis when set "-trellis 1", but
actually it is to disable since MFX_TRELLIS_OFF is equal to 1.
4. It is too complex for user to enable trellis for every frame(I/P/B).
Just simply remove the private option, and switch to the AVCodecContext
definition. Compatibility should not a big problem (except can't exact map)
since the option name is same as AVCodecContext.
Signed-off-by: Zhong Li <zhong.li@intel.com> Reviewed-by: Carl Eugen Hoyos <ceffmpeg@gmail.com> Reviewed-by: Moritz Barsnick <barsnick@gmx.net>
avcodec/hevcdec: Avoid only partly skiping duplicate first slices
Fixes: NULL pointer dereference and out of array access Fixes: 13871/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5746167087890432 Fixes: 13845/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5650370728034304
This also fixes the return code for explode mode
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: James Almer <jamrial@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The following output formats get about 4.5x speedup:
rgb24
39980 UNITS in yuv2packed1, 32768 runs, 0 skips
8774 UNITS in yuv2packed1, 32768 runs, 0 skips
bgr24
40069 UNITS in yuv2packed1, 32768 runs, 0 skips
8772 UNITS in yuv2packed1, 32766 runs, 2 skips
rgba
39759 UNITS in yuv2packed1, 32768 runs, 0 skips
8681 UNITS in yuv2packed1, 32767 runs, 1 skips
bgra
39729 UNITS in yuv2packed1, 32768 runs, 0 skips
8696 UNITS in yuv2packed1, 32766 runs, 2 skips
argb
39766 UNITS in yuv2packed1, 32768 runs, 0 skips
8672 UNITS in yuv2packed1, 32766 runs, 2 skips
bgra
39784 UNITS in yuv2packed1, 32768 runs, 0 skips
8659 UNITS in yuv2packed1, 32767 runs, 1 skips