avcodec/takdec: Fixes: integer overflow in AV_SAMPLE_FMT_U8P output
Fixes: runtime error: signed integer overflow: 2147483543 + 128 cannot be represented in type 'int' Fixes: 2234/clusterfuzz-testcase-minimized-6266896041115648 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Daniel Kucera [Mon, 5 Jun 2017 18:30:16 +0000 (20:30 +0200)]
libavformat/file: return AVERROR_EOF on EOF
Signed-off-by: Daniel Kucera <daniel.kucera@gmail.com> Reviewed-by: Nicolas George <george@nsup.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Daniel Kucera [Mon, 5 Jun 2017 18:32:39 +0000 (20:32 +0200)]
libavformat/subfile: return AVERROR_EOF on EOF
Signed-off-by: Daniel Kucera <daniel.kucera@gmail.com> Reviewed-by: Nicolas George <george@nsup.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/jpeg2000dsp: Reorder operations in ict_int() to avoid 2 integer overflows
Fixes: runtime error: signed integer overflow: 58065 * 51981 cannot be represented in type 'int' Fixes: 2271/clusterfuzz-testcase-minimized-5778297776504832 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/hevcpred_template: Fix left shift of negative value
Fixes: runtime error: left shift of negative value -1 Fixes: 2250/clusterfuzz-testcase-minimized-5693382112313344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/hevcdec: Fix signed integer overflow in decode_lt_rps()
Fixes: runtime error: signed integer overflow: 2147483647 + 6 cannot be represented in type 'int' Fixes: 2263/clusterfuzz-testcase-minimized-4800359627227136 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: runtime error: left shift of 255 by 24 places cannot be represented in type 'int' Fixes: 2249/clusterfuzz-testcase-minimized-5388542379294720 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/jpeg2000dec: Check nonzerobits more completely
Fixes: runtime error: shift exponent 36 is too large for 32-bit type 'int' Fixes: 2239/clusterfuzz-testcase-minimized-5639766592716800 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: runtime error: signed integer overflow: 2143315325 + 4186162 cannot be represented in type 'int' Fixes: 2134/clusterfuzz-testcase-minimized-4619258405322752 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/truemotion2: Move skip computation after checks
Fixes: runtime error: signed integer overflow: 630067357 * 4 cannot be represented in type 'int' Fixes: 2233/clusterfuzz-testcase-minimized-5943031318446080 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/jpeg2000: Fixes integer overflow in ff_jpeg2000_ceildivpow2()
Fixes: runtime error: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself Fixes: 2231/clusterfuzz-testcase-minimized-4565181982048256 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Given how incredibly limited the official specifications are (limiting all use
to only the most common broadcasting formats), permit all supported inputs
by default. This makes the encoder more useful.
Tyler Jones [Wed, 14 Jun 2017 20:59:07 +0000 (14:59 -0600)]
vorbisenc: Stop tracking number of samples per frame
Each frame is now padded with 0 values if not enough samples are
present, and all frames are guaranteed to have exactly
1 << (venc->log2_blocksize[1] - 1) samples.
Signed-off-by: Tyler Jones <tdjones879@gmail.com> Reviewed-by: Rostislav Pehlivanov <atomnuker@gmail.com>
Tyler Jones [Wed, 14 Jun 2017 20:58:55 +0000 (14:58 -0600)]
vorbisenc: Apply and output correct length window and mdct
Usage of blocksize, window, mode, and mdct indexes are switched from
default 0 to a default of 1 to better align with specs. A flag of 0
should correspond with short windows, a flag of 1 with long.
Signed-off-by: Tyler Jones <tdjones879@gmail.com> Reviewed-by: Rostislav Pehlivanov <atomnuker@gmail.com>
Tyler Jones [Wed, 14 Jun 2017 20:58:22 +0000 (14:58 -0600)]
vorbisenc: Separate copying audio samples from windowing
Audio samples are shifted around when copying from the frame queue so that
analysis can be done without negatively impacting calculation of the MDCT.
Window coefficients are applied to the current two overlapped windows
simultaneously instead of applying overlap for the next frame ahead of time.
This improves readability when applying windows of varying lengths.
Signed-off-by: Tyler Jones <tdjones879@gmail.com> Reviewed-by: Rostislav Pehlivanov <atomnuker@gmail.com>
avcodec/hevc_refs: Check nb_refs in add_candidate_ref()
Fixes: runtime error: index 16 out of bounds for type 'int [16]' Fixes: 2209/clusterfuzz-testcase-minimized-5012343912136704 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/mpeg4videodec: Check sprite delta upshift against overflowing.
Fixes: runtime error: signed integer overflow: -268386304 * 16 cannot be represented in type 'int' Fixes: 2204/clusterfuzz-testcase-minimized-5616756909408256 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/mpeg4videodec: Fix integer overflow in num_sprite_warping_points=2 case
Fixes: runtime error: signed integer overflow: 131072 + 2147352576 cannot be represented in type 'int' Fixes: 2192/clusterfuzz-testcase-minimized-5370387988742144 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Mark Thompson [Sat, 4 Mar 2017 23:57:42 +0000 (23:57 +0000)]
vf_hwmap: Add reverse mapping for hardware frames
This is something of a hack. It allocates a new hwframe context for
the target format, then maps it back to the source link and overwrites
the input link hw_frames_ctx so that the previous filter will receive
the frames we want from ff_get_video_buffer(). It may fail if
the previous filter imposes any additional constraints on the frames
it wants to use as output.
Mark Thompson [Sat, 4 Mar 2017 23:57:40 +0000 (23:57 +0000)]
hwcontext: Improve allocation in derived contexts
Use the flags argument of av_hwframe_ctx_create_derived() to pass the
mapping flags which will be used on allocation. Also, set the format
and hardware context on the allocated frame automatically - the user
should not be required to do this themselves.
Mark Thompson [Sat, 4 Mar 2017 23:57:39 +0000 (23:57 +0000)]
hwcontext: Add frame context mapping for nontrivial contexts
Some frames contexts are not usable without additional format-specific
state in hwctx. This change adds new functions frames_derive_from and
frames_derive_to to initialise this state appropriately when deriving
a frames context which will require it to be set.
Mark Thompson [Sat, 4 Mar 2017 23:57:38 +0000 (23:57 +0000)]
ffmpeg: Support setting the hardware device to use when filtering
This only supports one device globally, but more can be used by
passing them with input streams in hw_frames_ctx or by deriving new
devices inside a filter graph with hwmap.
Mark Thompson [Sun, 2 Apr 2017 22:05:13 +0000 (23:05 +0100)]
vaapi_encode: Use gop_size consistently in RC parameters
The non-H.26[45] codecs already use this form. Since we don't
currently generate I frames for codecs which support them separately
to IDR, the p_per_i variable is set to infinity by default so that it
doesn't interfere with any other calculation. (All the code for I
frames still exists, and it works for H.264 if set manually.)
Mark Thompson [Mon, 27 Feb 2017 21:29:46 +0000 (21:29 +0000)]
vf_deinterlace_vaapi: Add support for field rate output
In order to work correctly with the i965 driver, this also fixes the
direction of forward/backward references - forward references are
intended to be those from the past to the current frame, not from the
current frame to the future.
Mark Thompson [Sat, 4 Mar 2017 23:57:29 +0000 (23:57 +0000)]
hwcontext: Make it easier to work with device types
Adds functions to convert to/from strings and a function to iterate
over all supported device types. Also adds a new invalid type
AV_HWDEVICE_TYPE_NONE, which acts as a sentinel value.
Mark Thompson [Mon, 30 Jan 2017 19:11:28 +0000 (19:11 +0000)]
hwcontext_vaapi: Try to support the VDPAU wrapper
The driver is somewhat bitrotten (not updated for years) but is still
usable for decoding with this change. To support it, this adds a new
driver quirk to indicate no support at all for surface attributes.
avcodec/aacsbr_fixed: Fix signed integer overflow in sbr_hf_inverse_filter()
Fixes: runtime error: signed integer overflow: 2147483584 + 128 cannot be represented in type 'int' Fixes: 2164/clusterfuzz-testcase-minimized-4715936172998656 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/avpacket: Limit iterations in ff_packet_split_and_drop_side_data()
This avoids scaning beyond what a valid packet can contain Fixes: Timeout Fixes: 541/clusterfuzz-testcase-610189291657625 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/fft_template: Fix multiple runtime error: signed integer overflow: -1943918714 - 1935113003 cannot be represented in type 'int'
Fixes: 1735/clusterfuzz-testcase-minimized-5350472347025408
This uses unsigned instead of SUINT because the later was rejected by multiple developers
See: [FFmpeg-devel] [PATCH] avcodec/fft_template: Fix multiple runtime error: signed integer overflow: -1943918714 - 1935113003 cannot be represented in type 'int'
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/cfhd: Check band parameters before storing them
Fixes out of array read Fixes: 2169/clusterfuzz-testcase-minimized-5688641642823680 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/h264_parse: Check picture structure when initializing weight table
Fixes: runtime error: index 49 out of bounds for type 'int [48][2][2]' Fixes: 2159/clusterfuzz-testcase-minimized-5267945972301824 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Sasi Inguva [Tue, 6 Jun 2017 18:16:01 +0000 (11:16 -0700)]
lavf/mov.c: offset index timestamps by the minimum pts to make first pts zero
If the videos starts with B frame, then the minimum composition time
as computed by stts + ctts will be non-zero. Hence we need to shift
the DTS, so that the first pts is zero. This was the intention of that
code-block. However it was subtracting by the wrong amount.
For example, for one of the videos in the bug nonFormatted.mp4 we have
The resulting composition times are : 3003, 1001, 2002, 6006, ...
The minimum composition time or PTS is 1001, which should be used to
offset DTS. However the code block was wrongly using ctts[0] which is
3003. Hence the PTS was negative. This change computes the minimum pts
encountered while fixing the index, and then subtracts it from all the
timestamps after the edit list fixes are applied.
fate-suite/h264/twofields_packet.mp4 is a similar file starting with 2
B frames. Before this change the PTS of first two B-frames was -6006
and -3003, and I am guessing one of them got dropped when being decoded
and remuxed to the framecrc before, and now it is not being dropped.