Anssi Hannula [Thu, 20 Feb 2020 21:04:50 +0000 (23:04 +0200)]
avformat/spdifenc: fix TrueHD streams over 48kHz
Commit 36e156bef02 ("avformat/spdifenc: fix handling of large TrueHD
frame") added an obviously incorrect bitshift that caused incorrect
samples-per-frame calculation for TrueHD streams over 48kHz.
Anssi Hannula [Wed, 19 Feb 2020 20:46:35 +0000 (22:46 +0200)]
avformat/spdifenc: fix handling of large TrueHD frames
The TrueHD IEC 61937 encapsulation code uses a very naive method of
always inserting 24 TrueHD frames evenly in a MAT frame. This does not
work for larger frames as they may exceed the size of 1/24th of a MAT
frame.
To fix that, use the input_timing field in the TrueHD frame to determine
the proper position of the TrueHD frame in the MAT frame. That field is
basically a dts field, telling the time to feed this frame to the
decoder in sample count units.
This can cause a TrueHD frame to be split between two MAT frames, so a
second concatenation hd_buf is added, alternating with the first buffer.
Large frames are preceded by smaller frames that have input_timing
values that cause the frames to be sent out faster than the nominal rate
(i.e. increasing decoder latency, long decoder buffer), allowing the
larger frames to then be sent out slower than the nominal rate as the
decoder has enough data buffered to keep it busy.
Anssi Hannula [Thu, 20 Feb 2020 19:49:50 +0000 (21:49 +0200)]
avformat/spdifenc: make hd_buf an array
This is preparation for adding a second hd_buf in a followup commit.
Also, slightly improve the comments for hd_buf_x members to clarify
which ones are actually used and kept up-to-date depending on which
codec is being muxed.
avformat/wtvdec: Forward errors when reading packet
wtvfile_read_packet did not abide by the requirements of an
AVIOContext's read_packet-function: If it did not read anything,
it returned zero, which currently leads to a warning in read_packet_wrapper
in aviobuf.c. Said warning will be an av_assert2 as soon as
FF_API_OLD_AVIO_EOF_0 is zero (probably the next major version bump).
So instead forward the error code from the underlying protocol.
This error/assert is triggered in the wtv-demux FATE test.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: out of array access Fixes: 20660/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDM2_fuzzer-5658290216501248 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
JonCookCubic [Tue, 21 Jan 2020 13:06:43 +0000 (13:06 +0000)]
libavcodec/qsvenc.c: Set mjpeg height and width alignment
Currently width_align and height_align are zero when encoding with mjpeg_qsv,
which causes "Error submitting the frame for encoding". This patch sets the alignments.
There is a little bit more about the problem here http://ffmpeg.org/pipermail/ffmpeg-user/2019-November/046143.html
Signed-off-by: JonCookCubic <jon.cook@cubicmotion.com> Signed-off-by: Zhong Li <zhongli_dev@126.com>
avformat/utils: Fix integer overflow with complex time bases in avformat_find_stream_info()
Fixes: signed integer overflow: 2045163756 * 2 cannot be represented in type 'int' Fixes: Ticket5132 Found-by: tsmith Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avformat/avidec: Avoid integer overflow in NI switch check
Fixes: signed integer overflow: 0 - -9223372036854775808 cannot be represented in type 'long' Fixes: Ticket8149 Found-by: Suhwan Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
fftools/ffmpeg: Fix integer overflow in duration computation in seek_to_start()
Fixes: signed integer overflow: -9223372036854775808 - 9223372036854775807 cannot be represented in type 'long' Fixes: Ticket8142 Found-by: Suhwan Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avfilter/vf_aspect: Fix integer overflow in compute_dar()
Fixes: signed integer overflow: 1562273630 * 17 cannot be represented in type 'int' Fixes: Ticket8323 Found-by: Suhwan Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This muxer does not have any private options and so does not need a
private class.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Marton Balint [Thu, 6 Feb 2020 22:32:10 +0000 (23:32 +0100)]
avformat/ftp: slightly rework file retrieval with seeking
- do not require a known file size for seek to work
- read the files till the actual end, do not limit data at the queried file
size
- fix a bug which causes reading 0 byte files for non-existing files
- properly check the return status of the FTP server at the end of the file
retrieval
Marton Balint [Mon, 3 Feb 2020 22:06:09 +0000 (23:06 +0100)]
avformat/http: split the fragment part from the HTTP URL before the request
RFC 3986 states that the fragment identifier is separated from the rest of the
URI prior to a dereference, and thus the identifying information within the
fragment itself is dereferenced solely by the user agent.
Marton Balint [Mon, 3 Feb 2020 00:32:00 +0000 (01:32 +0100)]
avformat/utils: make av_url_split search for hashmark as well to separate hostname
RFC 3986 states that the generic syntax uses the slash ("/"), question mark
("?"), and number sign ("#") characters to delimit components that are
significant to the generic parser's hierarchical interpretation of an
identifier.
avformat/utils: Fix memleaks in avformat_open_input()
A demuxer might have allocated memory while reading the header. If
reading the header was successfull and an error happens before returning
(e.g. when queueing the attached pictures), the read_close function
would have never been called, so that all those allocations would leak.
This commit changes this.
Furthermore, there would be even more memleaks if the error level was
set to AV_EF_EXPLODE in case there is both metadata and id3v2 metadata.
This has been fixed, too.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Marton Balint <cus@passwd.hu>
avcodec/dvdsub: Fix warning about incompatible pointer type
Fixes "passing argument 2 of ‘strtoul’ from incompatible pointer
type [-Wincompatible-pointer-types]" ("expected ‘char ** restrict’ but
argument is of type ‘const char **’") for GCC and "passing 'const char
**' to parameter of type 'char **' discards qualifiers in nested pointer
types [-Wincompatible-pointer-types-discards-qualifiers]" for Clang.
The cast itself is safe; it is only needed because strtoul itself is not
const-correct.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: James Almer <jamrial@gmail.com>
James Almer [Thu, 13 Feb 2020 02:40:22 +0000 (23:40 -0300)]
avcodec/cbs_av1: add missing value constrains to point_y_value, point_cb_value and point_cr_value
If i is greater than 0, it is a requirement of bitstream conformance that point_y_value[ i ] is greater than point_y_value[ i - 1 ].
If i is greater than 0, it is a requirement of bitstream conformance that point_cb_value[ i ] is greater than point_cb_value[ i - 1 ].
If i is greater than 0, it is a requirement of bitstream conformance that point_cr_value[ i ] is greater than point_cr_value[ i - 1 ].
Reviewed-by: Mark Thompson <sw@jkqxz.net> Signed-off-by: James Almer <jamrial@gmail.com>
Lynne [Sat, 8 Feb 2020 23:13:28 +0000 (23:13 +0000)]
lavu/tx: implement 32 bit fixed point FFT and MDCT
Required minimal changes to the code so made sense to implement.
FFT and MDCT tested, the output of both was properly rounded.
Fun fact: the non-power-of-two fixed-point FFT and MDCT are the fastest ever
non-power-of-two fixed-point FFT and MDCT written.
This can replace the power of two integer MDCTs in aac and ac3 if the
MIPS optimizations are ported across.
Unfortunately the ac3 encoder uses a 16-bit fixed point forward transform,
unlike the encoder which uses a 32bit inverse transform, so some modifications
might be required there.
The 3-point FFT is somewhat less accurate than it otherwise could be,
having minor rounding errors with bigger transforms. However, this
could be improved later, and the way its currently written is the way one
would write assembly for it.
Similar rounding errors can also be found throughout the power of two FFTs
as well, though those are more difficult to correct.
Despite this, the integer transforms are more than accurate enough.
For audio packets with dts != AV_NOPTS_VALUEs the dts was converted
twice to the muxer's timebase during streamcopy, once as a normal
packet and once specifically as an audio packet. This has been changed.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: left shift of negative value -463 Fixes: 20542/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5688714435231744 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Wonkap Jang [Mon, 10 Feb 2020 18:30:09 +0000 (10:30 -0800)]
avcodec/libvpxenc: add a way to explicitly set temporal layer id
In order for rate control to correctly allocate bitrate to each temporal
layer, correct temporal layer id has to be set to each frame. This
commit provides the ability to set correct temporal layer id for each
frame.
Martin Storsjö [Tue, 4 Feb 2020 14:23:27 +0000 (16:23 +0200)]
libfdk-aacdec: Allow explicitly disabling the DRC reference level option
Previously, it was always left in the automatic mode, if the option
was set to the only special (negative) value. Now there's two separate
special values for this option, -1 for automatic (metadata based)
and -2 for explicitly disabled.
Martin Storsjö [Tue, 4 Feb 2020 14:07:06 +0000 (16:07 +0200)]
libfdk-aacdec: Use the decoder's default level limiter settings
It was disabled by default in 2dbd35b00c6433e587d5f44d5dbc8972ebbaa88e
as it added delay, but now we compensate for the delay properly
by offsetting timestamps.
avfilter/vf_dedot: Fix leak of AVFrame if making it writable fails
Even in this scenario, the frame still contains references to data that
won't be freed if the frame isn't unreferenced. And the AVFrame itself
will leak, too.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Since bae8844e the packet will always be unreferenced when a demuxer
returns an error, so that a lot of calls to av_packet_unref() in lots of
demuxers are now redundant and can be removed.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Marton Balint <cus@passwd.hu>
avcodec/dpcm: Fix integer overflow in AV_CODEC_ID_GREMLIN_DPCM
Fixes: signed integer overflow: -2147479324 + -32568 cannot be represented in type 'int' Fixes: 20103/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_GREMLIN_DPCM_fuzzer-5667667579240448 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/wmalosslessdec: Fix integer overflow with sliding in padding bits
Fixes: signed integer overflow: -53716100 * 256 cannot be represented in type 'int' Fixes: 20143/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5716604000403456 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/wmalosslessdec: Fix loop in revert_acfilter()
Fixes: out of array read Fixes: 20059/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5691776237305856
No testcase except the fuzzed one.
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/agm: YUV420 without DCT needs even dimensions
Fixes: out of array access Fixes: 19892/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AGM_fuzzer-5707525924323328 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Bug #8255 points out a double free error in libwscale/utils.c file.
The double free is because the pointer to cascaded_context of an
sw_context is not set to NULL after freeing it. When the sw_context
is later freed, sws_freeContext is called on the cascaded_context,
causing a double free.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>