Musee Ullah [Mon, 23 Nov 2020 19:52:01 +0000 (13:52 -0600)]
avfilter/vf_xfade: ensure metadata is copied to transition frames
I was having an issue where, using a filter chain of xfade -> ass, the
colors on the subtitles were incorrect only on the frames where xfade
was being used. This resolves that issue for me.
avcodec/aac*: Make initializing ff_aac_pow*sf_tab thread-safe
This table is currently initialized up to three times: Once by the
encoder and twice by the decoders (once by the fixed and once by the
floating-point decoder); each of these initializations is guarded by an
AVOnce, yet the fact that there are three of them implies that there
might be data races (the fact that each entry is only written to once
(to its final value) when initializing means that this is safe in
practice, yet it is still undefined behaviour). Fix this by only
initializing the table from one place that is guarded by a single AVOnce.
This also avoids unnecessary duplications of the init code.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
avcodec/atrac9dec: Don't confuse max_depth of VLC with max codelength
The whole point of VLCs with their tables is to read more than one bit
at a time; therefore max_depth, the number of times one has to
(maximally) read further bits is given by ceil(max_code_length / table_bits)
which in the case of ATRAC9's coefficient VLCs gives an upper bound of
two. Instead the maximum length of a code of the given VLC has been used
(which is not even a compile-time constant). Use two instead.
Furthermore, given that this was the only usage of the field containing
the maximum of all the code lengths of a given VLC the field has been
removed from its containing struct.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
avcodec/mpegaudiodsp: Make initializing synth windows thread-safe
These arrays are used by the Musepack decoders, the MPEG audio decoders
as well as qdm2 and up until now, these arrays might be initialized more
than once, leading to potential data races as well as unnecessary
initializations. Therefore this commit ensures that each array will only
be initialized once.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
avcodec/mpegaudiodsp: Make ff_mpadsp_init() thread-safe
The only thing missing for this is to make ff_mpadsp_init_x86()
thread-safe; it currently isn't because a static table is initialized
every time ff_mpadsp_init() is called (when ARCH_X86 is true). Solve
this by initializing this table only once, namely together with the
ordinary not-arch specific tables. This also allows to reuse their AVOnce.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
avcodec/fft_template, fft_init_table: Make ff_fft_init() thread-safe
Commit 1af615683e4a1a858407afbaa2fd686842da7e49 put initializing
the ff_fft_offsets_lut (which is typically used if FFT_FIXED_32)
behind an ff_thread_once() to make ff_fft_init() thread-safe; yet
there is a second place where said table may be initialized which
is not guarded by this AVOnce: ff_fft_init_mips(). MIPS uses this LUT
even for ordinary floating point FFTs, so that ff_fft_init() is not
thread-safe (on MIPS) for both 32bit fixed-point as well as
floating-point FFTs; e.g. ff_mdct_init() inherits this flaw and
therefore initializing e.g. the AAC decoders is not thread-safe (on
MIPS) despite them having FF_CODEC_CAP_INIT_CLEANUP set.
This commit fixes this by moving the AVOnce to fft_init_table.c and
using it to guard all initializations of ff_fft_offsets_lut.
(It is not that bad in practice, because every entry of
ff_fft_offsets_lut is never read during initialization and is only once
ever written to (namely to its final value); but even these are
conflicting actions which are (by definition) data races and lead to
undefined behaviour.)
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
avcodec/motionpixels: Be more strict when parsing Huffman trees
This ensures that the number of leafs in the Huffman tree equals the
number it is supposed to be and therefore ensures that the VLC tree is
complete, allowing us to remove checks.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
avcodec/motionpixels: Only create VLC iff it is going to be used
If the Huffman tree consists of only one entry (which has length zero),
no tree is used at all for parsing as the VLC API currently can't handle
this. So it makes no sense to create a VLC in this case.
Commit 41b7389cade702383e59343561776f83bb26e17f added a check for
whether creating the VLC should be skipped, but it also skipped decoding
the packet and it used the wrong check: It checked max_codes_bits,
the maximum length of a code; but this value is only updated iff there is
more than one Huffman entry. So if there is only one Huffman entry, and
there was a previous frame with more than one entry, then a VLC was
created unnecessarily; yet if there was no previous frame with more than
one entry, then this frame will be skipped which is probably
spec-incompliant. I have no sample for the latter.
This commit improves the check to create a VLC iff it is going to be
used.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Jan Ekström [Mon, 23 Nov 2020 15:36:20 +0000 (17:36 +0200)]
avcodec/av1{dec,parser}: move to ff_cbs_read_extradata_from_codec
This lets us re-utilize the extradata-related checks in the CBS
to add support for passing the AV1CodecConfigurationRecord
as extradata as-is without further filtering.
avcodec/exr: skip bottom clearing loop when its outside the image
Fixes: signed integer overflow: 1633771809 * 32960 cannot be represented in type 'int' Fixes: 26532/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5613925708857344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: out of array access Fixes: 26532/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5613925708857344 Fixes: 27443/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5631239813595136 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avformat/avs: Use 64bit for the avio_tell() output
Fixes: signed integer overflow: 9223372036854775807 - -1 cannot be represented in type 'long' Fixes: 26549/clusterfuzz-testcase-minimized-ffmpeg_dem_AVS_fuzzer-4844306424397824 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Leo Izen [Fri, 20 Nov 2020 16:38:31 +0000 (11:38 -0500)]
avformat/movenc: allow Apple Lossless inside mp4
The 'alac' identifier has been registered to ISO and thus towards
ISOBMFF at the MP4 registration authority. The existing non-MOV
mux mode matches the official ALAC-in-MP4 specification.
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 27369/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOBICLIP_fuzzer-5083469356728320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avformat/wavdec: More complete size check in find_guid()
Fixes: signed integer overflow: 9223372036854775807 + 8 cannot be represented in type 'long' Fixes: 27341/clusterfuzz-testcase-minimized-ffmpeg_dem_W64_fuzzer-5442833206738944 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 2110302399 + 39074947 cannot be represented in type 'int' Fixes: 27330/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MV30_fuzzer-5664923153334272 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Andriy Gelman [Mon, 12 Oct 2020 20:36:09 +0000 (16:36 -0400)]
avformat/rtsp: don't forget to call ff_network_close() on error
In sdp_read_header() some ff_network_close() calls were missed.
Also in rtp_read_header() update comment to explain why a single
call to ff_network_close() is enough to cover all cases even if
sdp_read_header() returns an error.
Reviewed-by: Martin Storsjö <martin@martin.st> Signed-off-by: Andriy Gelman <andriy.gelman@gmail.com>
Andriy Gelman [Mon, 12 Oct 2020 20:36:04 +0000 (16:36 -0400)]
avformat/rtspdec: add network init to listen mode
As per the docs network initialization is required before ff_url_join().
Furthermore, because the ff_network_init() was skipped, this makes
one additional call to ff_network_close() if the stream exits without
errors.
Steve Lhomme [Sun, 15 Nov 2020 08:59:48 +0000 (09:59 +0100)]
avformat/matroskadec: adjust the cluster time to the track timebase
The Block timestamp read in matroska_parse_block() is in track timebase and is
passed on as such to the AVPacket which uses this timebase.
In the normal case the Cluster and Track timebases are the same because the
track->time_scale is 1.0. But when it is not the case, the values in Cluster
timebase need to be transformed in Track timebase so they can be added
together.
Martin Storsjö [Thu, 12 Nov 2020 22:06:30 +0000 (00:06 +0200)]
http: Check for AVERROR_EOF in the check for premature end
When the check was added (in 3668701f9600, in 2015), some IO
functions returned 0 on EOF (in particular, the TCP protocol
did, but the TLS protocol returned AVERROR_EOF). Since 0e1f771d2200d in 2017, the TCP protocol also returns AVERROR_EOF
instead of 0, making the check for premature end never have the
intended effect.
Marton Balint [Sat, 14 Nov 2020 23:31:11 +0000 (00:31 +0100)]
avformat/mpegts: make sure mpegts_read_header always stops at the first pmt
mpegts_read_header stops parsing the file at the first PMT. However the check
that ensured this was wrong because streams can also be added before the first
PMT is received (e.g. EIT).
So let's make sure we are in the header reading phase by checking if ts->pkt is
unset instead of checking if the number of streams found so far is 0.