avcodec/truemotion2: Fix multiple integer overflows in tm2_null_res_block()
Fixes: signed integer overflow: 1795032576 + 598344192 cannot be represented in type 'int' Fixes: 16196/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5636723419119616 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/vc1_block: Check the return code from vc1_decode_p_block()
Fixes: left shift of negative value -1 Fixes: 16424/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3_fuzzer-5656579055026176 Fixes: 16358/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5714436358144000 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
non res_sprite leads to decoder delay which leads to assertion failure Fixes: Assertion failure Fixes: 16402/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3IMAGE_fuzzer-5704510034411520 Fixes: left shift of 1073741824 by 1 places cannot be represented in type 'int' Fixes: 16425/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3IMAGE_fuzzer-5692858838810624 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: out of array read Fixes: 16331/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3IMAGE_fuzzer-5672735195267072 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avutil/mathematics: Fix 2 overflows in av_add_stable()
Fixes: signed integer overflow: 9223372036854775807 + 1 cannot be represented in type 'long' Fixes: 16022/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5759796759756800 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Marton Balint [Sat, 24 Aug 2019 20:00:12 +0000 (22:00 +0200)]
avformat/utils: return pending IO error on EOF in av_read_frame()
avio_feof() returns true both in case of actual EOF and in case of IO errors.
Some demuxers (matroska) have special handling to be able to return the proper
error for this exact reason, e.g.:
if (avio_feof(pb)) {
if (pb->error) {
return pb->error;
} else {
return AVERROR_EOF;
}
}
However, most of the demuxers do not, and they simply return AVERROR_EOF if
avio_feof() is true, so there is a real chance that IO errors are mistaken for
EOF.
We might just say that the API user should always check the IO context error
attribute on EOF to make sure no IO errors happened, but not even ffmpeg.c does
this. It should be more intuitive to the API user if we simply return the IO
error as the return value of av_read_frame() instead of AVERROR_EOF.
What actually matters is that if we parse the PCR of the PCR PID or not, so
let's use the cached discard value of the actual PCR PID instead of the stream
discard value, which may be different.
Also fixes ticket #7567, which was caused by the fact that teletext PTS values
were not touched if the PCR pid was discarded even before a1b4f120c031e6697bac9fd8c725d9c37ee36d13.
Fixes: out of array read Fixes: 16510/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VORBIS_fuzzer-5754510382727168 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Guo, Yejun [Thu, 29 Aug 2019 05:53:41 +0000 (13:53 +0800)]
dnn: change .model file format to put layer number at the end of file
currently, the layer number is at the beginning of the .model file,
so we have to scan twice in python script, the first scan to get the
layer number. Only one scan needed after put the layer number at the
end of .model file.
Signed-off-by: Guo, Yejun <yejun.guo@intel.com> Signed-off-by: Pedro Arthur <bygrandao@gmail.com>
Aman Gupta [Thu, 29 Aug 2019 15:44:45 +0000 (08:44 -0700)]
configure: fix --enable-omx compile on raspberry pi
Many ffmpeg + rpi compilation guides on the internet recommend
using `./configure --enable-omx --enable-omx-rpi`. This fails
to find the IL OMX headers on device because the omx require_headers
check happens first before the add_cflags in omx_rpi.
A workaround is to use `./configure --enable-omx-rpi` only, since
omx_rpi already implies omx. But because many users expect to use
existing scripts and commands, we swap the order here so omx_rpi
special cases are applied first.
In the past this wasn't an issue because users noticed the OMX_Core.h
missing error and installed libomxil-bellagio-dev. But since 76c82843ccad1, the rpi specific headers from /opt/vc/include/IL
are required.
Fixes: signed integer overflow: -395281576 + -1827578048 cannot be represented in type 'int' Fixes: 16038/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5646109705240576 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This makes the code bitexact between platforms.
Intermediate timestamps between frames are preserved.
The timebase is simplified.
Rounding differs from doubles in cases where timestamps/durations
are "funny"
Suggested-by: jb Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
How to check it:
./ffmpeg -f lavfi -i testsrc -c:v mpeg2video -f null -
master:
Side data:
cpb: bitrate max/min/avg: 0/0/200000 buffer size: 0 vbv_delay: 18446744073709551615
patch applied:
Side data:
cpb: bitrate max/min/avg: 0/0/200000 buffer size: 0 vbv_delay: N/A
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Limin Wang <lance.lmwang@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavcodec/amfenc: Vulkan initialization support for encoder.
Added linux support for amf encoder through vulkan.
To use h.264(AMD VCE) encoder on linux amdgru-pro version 19.20+ and
amf-amdgpu-pro package(amdgru-pro contains, but does not install
automatically) are required.
This driver can be installed using amdgpu-pro-install script in
official amd driver archive.
Initialization of amf encoder occurs in this order:
1) trying to initialize through dx11(only windows)
2) trying to initialize through dx9(only windows)
3) trying to initialize through vulkan
James Almer [Mon, 26 Aug 2019 17:29:59 +0000 (14:29 -0300)]
avcodec/qtrle: call ff_reget_buffer() only when the picture data is going to change
ff_reget_buffer() will attempt to create a writable copy of the frame,
which is not needed when the decoder intends to return a reference to
the same buffer as the previous frame.
Fixes: shift exponent 32 is too large for 32-bit type 'unsigned int' Fixes: 15764/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5102101203517440 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: James Almer <jamrial@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Xuewei Meng [Thu, 22 Aug 2019 10:28:44 +0000 (18:28 +0800)]
libavfilter: Add dehaze-filter option in existing derain.
Add the support of dehaze filter in existing derain filter source
code. As the processing procedure in FFmpeg is the same for current
derain and dehaze, we reuse the derain filter source code. The
model training and generation scripts are in repo
https://github.com/XueweiMeng/derain_filter.git
Reviewed-by: Steven Liu <lq@onvideo.cn> Signed-off-by: Xuewei Meng <xwmeng96@gmail.com>
vtctx->cached_hw_frames_ctx is unref'd in videotoolbox_uninit,
but videotoolbox_hevc used ff_videotoolbox_uninit which
doesn't unref cache_hw_frames_ctx.
Signed-off-by: Pavel Koshevoy <pkoshevoy@gmail.com>
Dave Stevenson [Thu, 17 Jan 2019 17:39:34 +0000 (17:39 +0000)]
avcodec/omx: Fix handling of fragmented buffers
See https://trac.ffmpeg.org/ticket/7687
If an encoded frame is returned split over two or more
IL buffers due to the size, then there is a race between
whether get_buffer will fail, return NULL, and a truncated
frame is passed on, or IL will return the remaining part
of the encoded frame.
If get_buffer returns NULL, part of the frame is left behind
in the codec, and will be collected on the next call. That
then leaves a frame stuck in the codec. Repeat enough times
and the codec FIFO is full, and the pipeline stalls.
A performance improvement in the Raspberry Pi firmware means
that the timing has changed, and now frequently drops into the
case where get_buffer returns NULL.
Add code such that should a buffer be received without
OMX_BUFFERFLAG_ENDOFFRAME that get_buffer is called with wait
set, so we wait for the remainder of the frame.
This code has been made conditional on the Pi build in case
other IL implementations don't handle ENDOFFRAME correctly.
Signed-off-by: Dave Stevenson <dave.stevenson@raspberrypi.org> Signed-off-by: Aman Gupta <aman@tmm1.net> Signed-off-by: Martin Storsjö <martin@martin.st>
Marton Balint [Thu, 8 Aug 2019 07:53:10 +0000 (09:53 +0200)]
avformat/mpegtsenc: get rid of packet counting for sdt/pat/pmt
The packet counting based approach caused excessive sdt/pat/pmt for VBR, so
let's use a timestamp based approach instead similar to how we emit PCRs.
SDT/PAT/PMT period should be consistent for both VBR and CBR from now on.
Also change the type of sdt_period and pat_period to AV_OPT_TYPE_DURATION so no
floating point math is necessary.
avcodec/alac: Fix multiple integer overflows in lpc_prediction()
Fixes: signed integer overflow: 2088795537 + 2147254401 cannot be represented in type 'int' Fixes: signed integer overflow: -1500363496 + -1295351808 cannot be represented in type 'int' Fixes: signed integer overflow: -79560 * 32640 cannot be represented in type 'int' Fixes: signed integer overflow: 2088910005 + 2088796058 cannot be represented in type 'int' Fixes: signed integer overflow: -117258064 - 2088725225 cannot be represented in type 'int' Fixes: signed integer overflow: 2088725225 - -117258064 cannot be represented in type 'int' Fixes: 15739/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5630664122040320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/pnm_parser: Use memmove() to handle "overread"
This is significantly faster
Fixes: Timeout (1sec after this and the previous commit) Fixes: 15558/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PPM_fuzzer-5705273643106304 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/pnm: skip reading trailing bytes in get_pnm()
None of the keys we support is that long and other keys
lead to decoder failure. None of the values is expected
to be longer, they are all numbers or short keywords.
This simplifies the code
Fixes: Timeout (9sec->43ms) Fixes: 15177/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PAM_fuzzer-5080556716425216 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avformat/mpsubdec: Check pts / duration before cast
Fixes: 3e+47 is outside the range of representable values of type 'int' Fixes: 16057/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5691111307214848 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/lcldec: Check mthread_inlen instead of cliping
Clipping was added in 2009 to avoid crashes.
The clipped case would produce a 2nd slice with 0 input
thus also producing 0 output.
Subsequent checks will cause decoder failure unless both
slices have the same output length. thus the only way this
would not already fail is if the output from both slices
was 0 bytes.
Fixes: Timeout (134sec -> 241ms) Fixes: 15599/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSZH_fuzzer-5658127116009472 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
leozhang [Wed, 14 Aug 2019 03:07:18 +0000 (11:07 +0800)]
avformat/flvdec: delete unused code
Reviewed-by: Carl Eugen Hoyos <ceffmpeg@gmail.com> Signed-off-by: leozhang <leozhang@qiyi.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: memleaks Fixes: 16289/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_LATM_fuzzer-5200695692623872 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
projects / ffmpeg / log