Fixes: signed integer overflow: -395281576 + -1827578048 cannot be represented in type 'int' Fixes: 16038/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5646109705240576 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This makes the code bitexact between platforms.
Intermediate timestamps between frames are preserved.
The timebase is simplified.
Rounding differs from doubles in cases where timestamps/durations
are "funny"
Suggested-by: jb Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
How to check it:
./ffmpeg -f lavfi -i testsrc -c:v mpeg2video -f null -
master:
Side data:
cpb: bitrate max/min/avg: 0/0/200000 buffer size: 0 vbv_delay: 18446744073709551615
patch applied:
Side data:
cpb: bitrate max/min/avg: 0/0/200000 buffer size: 0 vbv_delay: N/A
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Limin Wang <lance.lmwang@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavcodec/amfenc: Vulkan initialization support for encoder.
Added linux support for amf encoder through vulkan.
To use h.264(AMD VCE) encoder on linux amdgru-pro version 19.20+ and
amf-amdgpu-pro package(amdgru-pro contains, but does not install
automatically) are required.
This driver can be installed using amdgpu-pro-install script in
official amd driver archive.
Initialization of amf encoder occurs in this order:
1) trying to initialize through dx11(only windows)
2) trying to initialize through dx9(only windows)
3) trying to initialize through vulkan
James Almer [Mon, 26 Aug 2019 17:29:59 +0000 (14:29 -0300)]
avcodec/qtrle: call ff_reget_buffer() only when the picture data is going to change
ff_reget_buffer() will attempt to create a writable copy of the frame,
which is not needed when the decoder intends to return a reference to
the same buffer as the previous frame.
Fixes: shift exponent 32 is too large for 32-bit type 'unsigned int' Fixes: 15764/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5102101203517440 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: James Almer <jamrial@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Xuewei Meng [Thu, 22 Aug 2019 10:28:44 +0000 (18:28 +0800)]
libavfilter: Add dehaze-filter option in existing derain.
Add the support of dehaze filter in existing derain filter source
code. As the processing procedure in FFmpeg is the same for current
derain and dehaze, we reuse the derain filter source code. The
model training and generation scripts are in repo
https://github.com/XueweiMeng/derain_filter.git
Reviewed-by: Steven Liu <lq@onvideo.cn> Signed-off-by: Xuewei Meng <xwmeng96@gmail.com>
vtctx->cached_hw_frames_ctx is unref'd in videotoolbox_uninit,
but videotoolbox_hevc used ff_videotoolbox_uninit which
doesn't unref cache_hw_frames_ctx.
Signed-off-by: Pavel Koshevoy <pkoshevoy@gmail.com>
Dave Stevenson [Thu, 17 Jan 2019 17:39:34 +0000 (17:39 +0000)]
avcodec/omx: Fix handling of fragmented buffers
See https://trac.ffmpeg.org/ticket/7687
If an encoded frame is returned split over two or more
IL buffers due to the size, then there is a race between
whether get_buffer will fail, return NULL, and a truncated
frame is passed on, or IL will return the remaining part
of the encoded frame.
If get_buffer returns NULL, part of the frame is left behind
in the codec, and will be collected on the next call. That
then leaves a frame stuck in the codec. Repeat enough times
and the codec FIFO is full, and the pipeline stalls.
A performance improvement in the Raspberry Pi firmware means
that the timing has changed, and now frequently drops into the
case where get_buffer returns NULL.
Add code such that should a buffer be received without
OMX_BUFFERFLAG_ENDOFFRAME that get_buffer is called with wait
set, so we wait for the remainder of the frame.
This code has been made conditional on the Pi build in case
other IL implementations don't handle ENDOFFRAME correctly.
Signed-off-by: Dave Stevenson <dave.stevenson@raspberrypi.org> Signed-off-by: Aman Gupta <aman@tmm1.net> Signed-off-by: Martin Storsjö <martin@martin.st>
Marton Balint [Thu, 8 Aug 2019 07:53:10 +0000 (09:53 +0200)]
avformat/mpegtsenc: get rid of packet counting for sdt/pat/pmt
The packet counting based approach caused excessive sdt/pat/pmt for VBR, so
let's use a timestamp based approach instead similar to how we emit PCRs.
SDT/PAT/PMT period should be consistent for both VBR and CBR from now on.
Also change the type of sdt_period and pat_period to AV_OPT_TYPE_DURATION so no
floating point math is necessary.
avcodec/alac: Fix multiple integer overflows in lpc_prediction()
Fixes: signed integer overflow: 2088795537 + 2147254401 cannot be represented in type 'int' Fixes: signed integer overflow: -1500363496 + -1295351808 cannot be represented in type 'int' Fixes: signed integer overflow: -79560 * 32640 cannot be represented in type 'int' Fixes: signed integer overflow: 2088910005 + 2088796058 cannot be represented in type 'int' Fixes: signed integer overflow: -117258064 - 2088725225 cannot be represented in type 'int' Fixes: signed integer overflow: 2088725225 - -117258064 cannot be represented in type 'int' Fixes: 15739/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5630664122040320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/pnm_parser: Use memmove() to handle "overread"
This is significantly faster
Fixes: Timeout (1sec after this and the previous commit) Fixes: 15558/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PPM_fuzzer-5705273643106304 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/pnm: skip reading trailing bytes in get_pnm()
None of the keys we support is that long and other keys
lead to decoder failure. None of the values is expected
to be longer, they are all numbers or short keywords.
This simplifies the code
Fixes: Timeout (9sec->43ms) Fixes: 15177/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PAM_fuzzer-5080556716425216 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avformat/mpsubdec: Check pts / duration before cast
Fixes: 3e+47 is outside the range of representable values of type 'int' Fixes: 16057/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5691111307214848 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/lcldec: Check mthread_inlen instead of cliping
Clipping was added in 2009 to avoid crashes.
The clipped case would produce a 2nd slice with 0 input
thus also producing 0 output.
Subsequent checks will cause decoder failure unless both
slices have the same output length. thus the only way this
would not already fail is if the output from both slices
was 0 bytes.
Fixes: Timeout (134sec -> 241ms) Fixes: 15599/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSZH_fuzzer-5658127116009472 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
leozhang [Wed, 14 Aug 2019 03:07:18 +0000 (11:07 +0800)]
avformat/flvdec: delete unused code
Reviewed-by: Carl Eugen Hoyos <ceffmpeg@gmail.com> Signed-off-by: leozhang <leozhang@qiyi.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: memleaks Fixes: 16289/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_LATM_fuzzer-5200695692623872 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avformat/vividas: Check av_xiphlacing() return value before use
Fixes: out of array access Fixes: 16277/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5696629440512000 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Add assembly support for -fsanitize=hwaddress tagged globals.
As of LLVM r368102, Clang will set a pointer tag in bits 56-63 of the
address of a global when compiling with -fsanitize=hwaddress. This requires
an adjustment to assembly code that takes the address of such globals: the
code cannot use the regular R_AARCH64_ADR_PREL_PG_HI21 relocation to refer
to the global, since the tag would take the address out of range. Instead,
the code must use the non-checking (_NC) variant of the relocation (the
link-time check is substituted by a runtime check).
This change makes the necessary adjustment in the movrel macro, where it is
needed when compiling with -fsanitize=hwaddress.
Signed-off-by: Peter Collingbourne <pcc@google.com> Reviewed-by: Martin Storsjö Reviewed-by: Janne Grunau
Add the usage of tensorflow model in derain filter. Training scripts
as well as scripts for tf/native model generation are provided in the
repository at https://github.com/XueweiMeng/derain_filter.git.
Reviewed-by: Steven Liu <lq@onvideo.cn> Signed-off-by: Xuewei Meng <xwmeng96@gmail.com>
avcodec/alsdec: Fix integer overflow in decode_var_block_data()
Fixes: signed integer overflow: 1927975249 - -514719744 cannot be represented in type 'int' Fixes: 16413/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5651206856245248 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Thilo Borgmann <thilo.borgmann@mail.de> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Zhong Li [Tue, 13 Aug 2019 06:11:09 +0000 (14:11 +0800)]
lavc/qsvdec: Replace current parser with MFXVideoDECODE_DecodeHeader()
Using MSDK parser can improve qsv decoder pass rate in some cases (E.g:
sps declares a wrong level_idc, smaller than it should be).
And it is necessary for adding new qsv decoders such as MJPEG and VP9
since current parser can't provide enough information.
Actually using MFXVideoDECODE_DecodeHeader() was disscussed at
https://ffmpeg.org/pipermail/ffmpeg-devel/2015-July/175734.html and merged as commit 1acb19d,
but was overwritten when merged libav patches (commit: 1f26a23) without any explain.
Split decode header from decode_init, and call it for everyframe to
detect format/resoultion change. It can fix some regression issues such
as hevc 10bits decoding.
Signed-off-by: Zhong Li <zhong.li@intel.com> Signed-off-by: Dmitry Rogozhkin <dmitry.v.rogozhkin@intel.com>