PRId64 and PRIu64 already expand to the complete specifier; adding
another 'd' at the end is wrong and just leads to warnings that say
that only an option like '-frames:v 2d' will be used, although said
option won't be accepted at all ('Expected int64 for frames:v but found
2d').
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Marton Balint <cus@passwd.hu>
avformat/nsvdec: Fix memleaks on errors while reading the header
Fixes: memleaks Fixes: 21084/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5655975492321280 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 685813396 + 1803454769 cannot be represented in type 'int' Fixes: 21073/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SIREN_fuzzer-5744900508483584 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/ffwavesynth: Fix integer overflow in computation of ddphi
Fixes: signed integer overflow: 1302123111085380114 - -8319005078741256972 cannot be represented in type 'long' Fixes: 20991/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5148554161291264 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Nicolas George <george@nsup.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Jan Ekström [Wed, 11 Mar 2020 23:22:15 +0000 (01:22 +0200)]
fate/ffmpeg: add test for time limited sub2video instance
Utilizes a subpicture sample with one decodable subpicture for the
test.
Based on a failing test case in reported by Michael in
https://ffmpeg.org/pipermail/ffmpeg-devel/2019-February/240398.html
which at the time had no test case for it.
Additionally, this is the first test case for the presentation
graphics format.
Each time the sub2video structure is initialized, the sub2video
subpicture is initialized together with the first received heartbeat.
The heartbeat's PTS is utilized as the subpicture start time.
Additionally, add some documentation on the stages.
It doesn't do anything: All allocated blocks have already been freed in
write_header.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: James Almer <jamrial@gmail.com>
Marton Balint [Thu, 5 Mar 2020 20:36:20 +0000 (21:36 +0100)]
avformat/mxfenc: allow all frame rates if -strict mode is set to unofficial or lower
There was no consensus wheter or not to allow unofficial frame rates due to
possible interoperability issues, a compromise is to only allow it if -strict
mode is set to unofficial.
If an AVFormatContext could be allocated, but white-/blacklists couldn't
be copied, the AVFormatContext would leak as it was only accessible
through a local variable that goes out of scope when one goes to fail.
Furthermore, in case writing a header of a submuxer failed, the options
used for said call could leak.
Both of these memleaks have been fixed.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avformat/mux: Remove redundant checks for write errors
If writing a packet didn't directly return an error, the AVIOContext's
error flag is checked for errors (if existing) by write_packet(). And if
write_packet() didn't indicate an error, its callers checked the error
flag of the AVIOContext (if existing). The latter check is redundant.
The reason for checking twice lies in the FFmpeg-Libav split: The check
in write_packet() has been added in 9ad1e0c1 in Libav. FFmpeg already
had the other checks (since aec9390a), but when 9ad1e0c1 was merged
(in 1f1c1008), no one noticed the redundant checks.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avformat/mxfenc: Reorder fields in MXFIndexEntry to make it smaller
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Lynne [Sun, 1 Mar 2020 11:23:53 +0000 (11:23 +0000)]
diracdec: rewrite golomb reader
This version is able to output multiple coefficients at a time and
is able to altogether remove actual golomb code parsing.
Its also able to partially recover the last coefficient in case
the packet is incomplete.
Total decoder performance gain for 8bit 420 1080p lossless: 40%.
Total decoder performance gain for 10bit 420 1080p lossless: 40%.
clang was able to vectorize the loop much better than
my handwritten assembly, but gcc was very naive and didn't.
Lookup table is a rewritten version of vc2hqdecode.
Lynne [Thu, 12 Mar 2020 18:03:43 +0000 (18:03 +0000)]
hwcontext_vulkan: duplicate DMABUF objects before importing them
The specifications are very vague about who has ownership, and in this case,
Vulkan takes ownership of all DMABUF FDs passed to it, causing errors
to occur if someone gave us images for mapping which were meant to be kept.
The old behavior worked with one-way VAAPI and DMABUF imports, but was broken
with clients like wlroots' dmabuf-capture.
Lynne [Thu, 12 Mar 2020 18:01:07 +0000 (18:01 +0000)]
hwcontext_vulkan: initialize semaphores of DMABUF imports
There was a recent change in Intel's driver that triggered a driver-internal
error if the semaphore given to the command buffer wasn't initialized.
Given that the specifications require the semaphore to be initialized,
this is within spec. Unlike what's causing it in the first place, which is
that there are no ways to extract/import dma sync objects from DMABUFs,
so we must leave our semaphores bare.
Guo, Yejun [Fri, 21 Feb 2020 12:40:07 +0000 (20:40 +0800)]
avfilter/vf_dnn_processing.c: add frame size change support for planar yuv format
The Y channel is handled by dnn, and also resized by dnn. The UV channels
are resized with swscale.
The command to use espcn.pb (see vf_sr) looks like:
./ffmpeg -i 480p.jpg -vf format=yuv420p,dnn_processing=dnn_backend=tensorflow:model=espcn.pb:input=x:output=y -y tmp.espcn.jpg
Signed-off-by: Guo, Yejun <yejun.guo@intel.com> Reviewed-by: Pedro Arthur <bygrandao@gmail.com>
Guo, Yejun [Fri, 21 Feb 2020 06:20:48 +0000 (14:20 +0800)]
avfilter/vf_dnn_processing.c: add planar yuv format support
Only the Y channel is handled by dnn, the UV channels are copied
without changes.
The command to use srcnn.pb (see vf_sr) looks like:
./ffmpeg -i 480p.jpg -vf format=yuv420p,scale=w=iw*2:h=ih*2,dnn_processing=dnn_backend=tensorflow:model=srcnn.pb:input=x:output=y -y srcnn.jpg
Signed-off-by: Guo, Yejun <yejun.guo@intel.com> Reviewed-by: Pedro Arthur <bygrandao@gmail.com>
Hongcheng Zhong [Fri, 6 Mar 2020 03:58:22 +0000 (11:58 +0800)]
avformat/hlsenc: Fix initial setting for start_pts
This patch fixes Bug #8469
If x264 baseline profile is used with other profiles,
start_pts will be initialized to audio stream's first pts,
while the duration is calculated based on video stream's pts.
In this patch the start_pts is initialized with the correct stream's first pts.
Signed-off-by: Hongcheng Zhong <sj.hc_Zhong@sjtu.edu.cn> Reviewed-by: Steven Liu <liuqi05@kuaishou.com>
Fixes: out of array access Fixes: 19734/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5673507031875584 Fixes: 19353/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5703944462663680 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/adpcm: Fix invalid shift in AV_CODEC_ID_ADPCM_PSX
Fixes: left shift of negative value -1 Fixes: 20859/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_PSX_fuzzer-5720391507247104 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/mpeg12dec: Fix invalid shift in mpeg2_fast_decode_block_intra()
Fixes: left shift of negative value -695 Fixes: 19232/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG1VIDEO_fuzzer-5702856963522560 Fixes: 19555/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG1VIDEO_fuzzer-5741218147598336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
David Bryant [Mon, 9 Mar 2020 22:23:53 +0000 (15:23 -0700)]
avcodec/wavpack: add support for DSD files
Add support for WavPack DSD files to the existing WavPack decoder using
avcodec/dsd to perform the 8:1 decimation to 32-bit float samples. We must
serialize the dsd2pcm operation (cross-boundary filtering) but would like
to use frame-level multithreading for the CPU-intensive DSD decompression,
and this is accomplished with ff_thread_report/await_progress(). Because
the dsd2pcm operation is independent across channels we use slice-based
multithreading for that part.
Also a few things were removed from the existing WavPack decoder that
weren't being used (primarily the SavedContext stuff) and the WavPack
demuxer was enhanced to correctly determine the sampling rate of DSD
files (and of course to no longer reject them).
avcodec/cbs_h2645: Treat slices without data as invalid
Slices that end after their header (meaning slices after the header
without any data before the rbsp_stop_one_bit or possibly without any
rbsp_stop_one_bit at all) are invalid and are now dropped. This ensures
that one doesn't run into two asserts in cbs_h2645_write_slice_data().
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Fixes: 19629/clusterfuzz-testcase-minimized-ffmpeg_BSF_H264_METADATA_fuzzer-5676822528524288 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Up until now, v4l2_m2m would write via snprintf() into an intermediate
buffer and then copy from there (via strncpy()) to the end buffer. This
commit changes this by removing the intermediate buffer.
The call to strncpy() was actually of the form strncpy(dst, src,
strlen(src) + 1) which is unsafe in general, but safe in this instance
because dst and src were both of the same size and src was a proper
zero-terminated string. But this nevertheless led to a compiler warning
"‘strncpy’ specified bound depends on the length of the source argument
[-Wstringop-overflow=]" in GCC 9.2. strlen() was unnecessary anyway.
Reviewed-by: Andriy Gelman <andriy.gelman@gmail.com> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: James Almer <jamrial@gmail.com>