avcodec/iff: Check for overlap in cmap_read_palette()
Fixes: undefined memcpy() use Fixes: 16302/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5678750575886336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/apedec: Fix 32bit int overflow in do_apply_filter()
Fixes: signed integer overflow: 2147480546 + 4096 cannot be represented in type 'int' Fixes: 16280/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5123442566758400 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
James Almer [Fri, 30 Aug 2019 14:37:25 +0000 (11:37 -0300)]
avcodec/decode: add a flags parameter to ff_reget_buffer()
Some decoders may not need a writable buffer in some specific cases, but only
a reference to the existing buffer with updated frame properties instead, for
the purpose of returning duplicate frames. For this, the
FF_REGET_BUFFER_FLAG_READONLY flag is added, which will prevent potential
allocations and buffer copies when they are not needed.
On some DVB stream SCTE-35 data packet are available before the end of
MpegTSContext initialization. We have to check if it is the case to
avoid a SEGFAULT.
Aman Gupta [Mon, 2 Sep 2019 20:04:42 +0000 (21:04 +0100)]
configure: ensure --enable-omx-rpi uses rpi-specific IL headers
When compiling natively on an RPI where libomxil-bellagio-dev
was also installed, `check_headers OMX_Core.h` succeeded and
the -isystem compiler flag was never added to the build.
For non-native builds, the error message now mentions the
raspberrypi/firmware repository where the RPI specific
headers are available.
Aman Gupta [Wed, 28 Aug 2019 23:42:46 +0000 (16:42 -0700)]
avcodec/v4l2_context: use EAGAIN to signal when input buffers are unavailable
ENOMEM indicates an allocation failure, and there are no allocations
happening here. The buffers are pre-allocated and there are simply
none available at this time.
When ffmpeg was streaming, multiple clients were only supported by using a
multicast destination address. An alternative was to stream to a server which
re-distributes the content. This commit adds ZeroMQ as a protocol, which allows
multiple clients to connect to a single ffmpeg instance.
Aman Gupta [Thu, 29 Aug 2019 23:00:50 +0000 (16:00 -0700)]
avcodec/omx: fix xFramerate calculation
Integer overflow in the Q16 framerate calculation was sending
invalid values to the OMX encoder.
On the RPI4, this manifested as bitrate controls being ignored
on video streams with 60000/1001 framerates. Video streams with
30000/1001 framerates were not affected.
Unfortunately both checks were wrong, because in order to make sure DTS > PCR
we have to give us some headroom, so instead of using a dts_difference <
max_delay check let's use a dts_difference < max_delay/2 check.
avcodec/ralf: fix undefined shift in extend_code()
Fixes: left shift of negative value -3 Fixes: 16147/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5658392722407424 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: left shift of negative value -2 Fixes: 16145/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5146671058518016 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
vcodec/apedec: Fix integer overflow in filter_3800()
Fixes: signed integer overflow: 2021654528 + 2032575680 cannot be represented in type 'int' Fixes: 16270/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5732438816325632 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/apedec: Fix integer overflow in filter_fast_3320()
Fixes: signed integer overflow: -1094994793 * 2 cannot be represented in type 'int' Fixes: 16139/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5663911036059648 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Pavel Koshevoy [Mon, 2 Sep 2019 06:34:35 +0000 (00:34 -0600)]
lavc/v4l2_m2m: don't close the file descriptor we don't own
ff_v4l2_m2m_create_context initialized V4L2m2mContext.fd to 0
which is a valid file descriptor value. Next ff_v4l2_m2m_codec_init
failed and v4l2_m2m_destroy_context closed file descriptor 0 even
though it didn't belong to V4L2m2mContext.
Signed-off-by: Pavel Koshevoy <pkoshevoy@gmail.com>
Andrey Semashev [Wed, 28 Aug 2019 20:16:35 +0000 (23:16 +0300)]
configure: Update libmysofa check with a new symbol.
The current code in libavfilter/af_sofalizer.c requires
mysofa_neighborhood_init_withstepdefine function, which only appeared
in libmysofa 0.7. Use this function in configure script to bail out
early if a too old libmysofa is found in the system instead of failing
at compile time.
avcodec/vp3: Check for end of input in 2 places of vp4_unpack_macroblocks()
Fixes: Timeout (82sec -> 1sec) Fixes: 16411/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP3_fuzzer-5166958151991296 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Paul B Mahol [Mon, 2 Sep 2019 14:12:01 +0000 (16:12 +0200)]
avfilter/vf_delogo: unbreak fate
It is not clear what was real intention of previous commit to this filter.
It was not working correctly, hopefully this is fixed now.
It never checked that new x/y/w/h are actually valid, hopeffully this is fixed now.
It uses named variables in expressions that are never set, still not fixed.
It does not set named variables that uses actual frame widht/height, making actual
expressions less usable for our users, still now fixed.
Nick Renieris [Thu, 29 Aug 2019 13:10:54 +0000 (16:10 +0300)]
lavc/tiff: Enable decoding of LinearRaw images
"LinearRaw" is a value that the PhotometricInterpretation tag can be set
to on DNG images that contain color information for all channels instead
of being bayer-encoded ("CFA" value).
The DNG decoder is complete enough that we can enable this now.
Nick Renieris [Thu, 29 Aug 2019 13:10:48 +0000 (16:10 +0300)]
lavc/mjpegdec: Enable decoding of single-component bayer images
Also, ensure no false positives when determining DNG bayer images, by
setting them in tiff.c instead of relying on a heuristic. There's no
way to determine this just from the JPEG data, so we have to pass this
information from outside the MJPEG decoder.
Signed-off-by: Nick Renieris <velocityra@gmail.com>
Nick Renieris [Thu, 29 Aug 2019 13:10:45 +0000 (16:10 +0300)]
lavc/tiff: Fix edge case with full-length/width tiles
When the height is equal to the tile length (full-height tile)
after `height % tile_length` is applied with the current code,
it results in the operating tile_length to be 0. This commit
makes this leftover logic only applies if it's necessary.
Signed-off-by: Nick Renieris <velocityra@gmail.com>
avcodec/truemotion2: Fix multiple integer overflows in tm2_null_res_block()
Fixes: signed integer overflow: 1795032576 + 598344192 cannot be represented in type 'int' Fixes: 16196/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5636723419119616 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/vc1_block: Check the return code from vc1_decode_p_block()
Fixes: left shift of negative value -1 Fixes: 16424/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3_fuzzer-5656579055026176 Fixes: 16358/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5714436358144000 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
non res_sprite leads to decoder delay which leads to assertion failure Fixes: Assertion failure Fixes: 16402/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3IMAGE_fuzzer-5704510034411520 Fixes: left shift of 1073741824 by 1 places cannot be represented in type 'int' Fixes: 16425/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3IMAGE_fuzzer-5692858838810624 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: out of array read Fixes: 16331/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3IMAGE_fuzzer-5672735195267072 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avutil/mathematics: Fix 2 overflows in av_add_stable()
Fixes: signed integer overflow: 9223372036854775807 + 1 cannot be represented in type 'long' Fixes: 16022/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5759796759756800 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Marton Balint [Sat, 24 Aug 2019 20:00:12 +0000 (22:00 +0200)]
avformat/utils: return pending IO error on EOF in av_read_frame()
avio_feof() returns true both in case of actual EOF and in case of IO errors.
Some demuxers (matroska) have special handling to be able to return the proper
error for this exact reason, e.g.:
if (avio_feof(pb)) {
if (pb->error) {
return pb->error;
} else {
return AVERROR_EOF;
}
}
However, most of the demuxers do not, and they simply return AVERROR_EOF if
avio_feof() is true, so there is a real chance that IO errors are mistaken for
EOF.
We might just say that the API user should always check the IO context error
attribute on EOF to make sure no IO errors happened, but not even ffmpeg.c does
this. It should be more intuitive to the API user if we simply return the IO
error as the return value of av_read_frame() instead of AVERROR_EOF.
What actually matters is that if we parse the PCR of the PCR PID or not, so
let's use the cached discard value of the actual PCR PID instead of the stream
discard value, which may be different.
Also fixes ticket #7567, which was caused by the fact that teletext PTS values
were not touched if the PCR pid was discarded even before a1b4f120c031e6697bac9fd8c725d9c37ee36d13.
Fixes: out of array read Fixes: 16510/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VORBIS_fuzzer-5754510382727168 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Guo, Yejun [Thu, 29 Aug 2019 05:53:41 +0000 (13:53 +0800)]
dnn: change .model file format to put layer number at the end of file
currently, the layer number is at the beginning of the .model file,
so we have to scan twice in python script, the first scan to get the
layer number. Only one scan needed after put the layer number at the
end of .model file.
Signed-off-by: Guo, Yejun <yejun.guo@intel.com> Signed-off-by: Pedro Arthur <bygrandao@gmail.com>
Aman Gupta [Thu, 29 Aug 2019 15:44:45 +0000 (08:44 -0700)]
configure: fix --enable-omx compile on raspberry pi
Many ffmpeg + rpi compilation guides on the internet recommend
using `./configure --enable-omx --enable-omx-rpi`. This fails
to find the IL OMX headers on device because the omx require_headers
check happens first before the add_cflags in omx_rpi.
A workaround is to use `./configure --enable-omx-rpi` only, since
omx_rpi already implies omx. But because many users expect to use
existing scripts and commands, we swap the order here so omx_rpi
special cases are applied first.
In the past this wasn't an issue because users noticed the OMX_Core.h
missing error and installed libomxil-bellagio-dev. But since 76c82843ccad1, the rpi specific headers from /opt/vc/include/IL
are required.