Gyan Doshi [Sat, 16 Jun 2018 10:01:51 +0000 (15:31 +0530)]
avformat/movenc: read track title from correct key
da9cc22d5bd allowed the MOV muxer to relay a custom stream handler name,
whether populated from the input stream or user-set. However, the entry
key didn't match the key set by the MOV demuxer, so it wasn't
effective. Fixed.
Due to the change, four FATE refs have to be updated. Verified that the
target payload of the tests hasn't changed in terms of CRC.
CLI options -maxrate, -bufsize and -rc_init_occupancy can now be picked
up by the x265 wrapper. Min. rc init has to be 1001 to avoid x265
setting it to vbv-bufsize.
Aman Gupta [Mon, 11 Jun 2018 07:43:31 +0000 (00:43 -0700)]
avformat/mpegts: parse large PMTs with multiple tables
In 9152c1e4955, the mpegts parser was taught how to parse
PMT sections which contained multiple tables. That commit
fixed parsing of PMT packets from some cable providers,
which included a special SCTE table (0xc0) before the
standard program map table (0x2).
Sometimes, however, the combined 0xc0 and 0x2 tables are
larger than a single TS packet (188 bytes). The mpegts parser
already attempts to parse sections which span multiple packets,
but still assumed that the split section only contained one
table.
This patch fixes parsing of such a sample[1].
Before:
Input #0, mpegts, from 'combined-pmt-tids-split.ts':
Duration: 00:00:01.26, start: 39188.931756, bitrate: 597 kb/s
Program 1
No Program
Stream #0:0[0xeff]: Audio: ac3, 48000 Hz, mono, fltp, 64 kb/s
Stream #0:1[0xefd]: Audio: mp3, 0 channels, fltp
Stream #0:2[0xefe]: Unknown: none
With the patch, the PMT is parsed correctly so the streams are
created in the correct order, are associated with "Program 1",
and their codecs are set correctly.
Aman Gupta [Mon, 18 Jun 2018 18:53:27 +0000 (11:53 -0700)]
Revert "avcodec/mediacodecdec: wait on first frame after input buffers are full"
@xyz reported a regression on his Sony Xperia Z3 Tablet Compact where
playback would intermittently fail to start, essentially deadlocking in
the decoder. Bisecting narrowed down the issue to this commit, which was
meant as an optimization but is not necessary.
Jerome Borsboom [Fri, 8 Jun 2018 09:01:26 +0000 (11:01 +0200)]
avcodec/vc1: add Simple and Main profile to vc1_put_signed_blocks_clamped
Simple and Main Profile also need unsigned put_pixels_clamped. Add an argument
to choose between signed and unsigned put_pixels and change function name to
vc1_put_blocks_clamped.
Jerome Borsboom [Wed, 9 May 2018 05:50:28 +0000 (07:50 +0200)]
avcodec/vc1: support multi-slice field interlaced pictures with hwaccel
When using hardware accelerated decoding for multi-slice field interlaced pictures,
only the first slice was decoded. This patch adds the neccesary looping over the
remaining slices that may exist in field interlaced pictures. Additionally, we align
the calculation of mby_start for the second field with the method given in VC-1 spec.
Jerome Borsboom [Wed, 9 May 2018 05:50:23 +0000 (07:50 +0200)]
avcodec/vaapi_vc1: slice_vertical_position starts from zero for the second field
Contrary to VC-1 spec, VAAPI expects the row address of the first
macroblock row in the first slice to start from zero for the second
field in a field interlaced picture.
Jerome Borsboom [Wed, 6 Jun 2018 18:47:23 +0000 (20:47 +0200)]
avcodec/vc1: add Simple and Main profile to vc1_put_signed_blocks_clamped
Simple and Main profile also need unsigned put_pixels_clamped. Add an argument
to choose between signed and unsigned put_pixels and change function name to
vc1_put_blocks_clamped.
Jerome Borsboom [Fri, 8 Jun 2018 09:01:20 +0000 (11:01 +0200)]
avcodec/vc1: fix overlap and loop filtering for Simple and Main profile
Overlap filtering I and BI frames for Simple and Main profile is only
dependent on PQUANT. Restrict testing for CONDOVER and OVERFLAGS to
advanced profile. Change from mb_width to end_mb_x in ff_vc1_i_loop_filter
to avoid breaking the Microsoft Screen 2 decoder.
Jerome Borsboom [Wed, 30 May 2018 11:53:48 +0000 (13:53 +0200)]
avcodec/vc1: fix overlap smoothing filter for P frames
The v_overlap_filter needs to run on the colocated block of the previous
macroblock. For the luma plane, the colocated block is located two blocks
on the left instead of one. In addition, the overlap filter needs to run
on the non-edge blocks of the first macroblock row and column.
avcodec/aacdec_fixed: Fix undefined integer overflow in apply_independent_coupling_fixed()
Fixes: signed integer overflow: 1195517 * 2048 cannot be represented in type 'int' Fixes: 8636/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-4695836326887424 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/dirac_dwt_template: Fix undefined behavior in interleave()
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 8697/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5197148130902016 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avutil/common: Fix undefined behavior in av_clip_uintp2_c()
Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself Fixes: 8521/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5639024952737792 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
fftools/ffmpeg: Fallback to duration if sample rate is unavailable
Regression since: af1761f7 Fixes: Division by 0 Fixes: ffmpeg_crash_1 Found-by: Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu with AFLSmart Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
erankor [Fri, 1 Jun 2018 06:55:45 +0000 (09:55 +0300)]
qt-faststart - stco offset bug fix
when the last offsets in the stco atom are close to 4GB, the addition of
the moov atom size can overflow, causing corruption near the end of the
mp4 file.
this patch upgrades all stco atoms to co64 when such an edge case is
detected. in order to accomplish this, the implementation was changed to
walk the atom tree, instead of searching for the strings 'stco'/'co64'.
this was required since when an stco atom is changed to co64, its size
changes, and the sizes of all containing atoms (moov, trak, etc.) have
to be updated as well.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/mpeg4videodec: Clear bits_per_raw_sample if it has originated from a previous instance
Fixes: assertion failure Fixes: ffmpeg_crash_5.avi Found-by: Thuan Pham <thuanpv@comp.nus.edu.sg>, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu with AFLSmart Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Timo Teräs [Mon, 4 Jun 2018 14:36:19 +0000 (17:36 +0300)]
avformat/movenc: fix recognization of cover image streams
For chapter images, the mov demux produces streams with disposition set
to attached_pic+timed_thumbnails. This patch fixes to properly recognize
streams that should be encoded as cover image (ones with only and only
attached_pic disposition set).
Signed-off-by: Timo Teräs <timo.teras@iki.fi> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Gyan Doshi [Sun, 10 Jun 2018 14:48:10 +0000 (20:18 +0530)]
avformat: deprecate unused MP4A_LATM flag
A generic lavf flag for AAC LATM packetization for the RTP muxer was
added in ef409645f0 and then made inert 20 days later in 0832122880
when a private muxer option was added and the generic flag no longer
read.
Marton Balint [Mon, 4 Jun 2018 08:02:46 +0000 (10:02 +0200)]
avdevice/decklink_dec: use a custom memory allocator
The default memory allocator is limited in the max number of frames available,
and therefore caused frame drops if the frames were not freed fast enough.
avcodec/h264_slice: Fix overflow in recovery_frame computation
Fixes: signed integer overflow: 15 + 2147483646 cannot be represented in type 'int' Fixes: 8381/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-6225533137321984 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/h264_mc_template: Only prefetch motion if the list is used.
Fixes: index 59 out of bounds for type 'H264Ref [48]' Fixes: 8232/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5703295145345024 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: OOM Fixes: 8178/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XWD_fuzzer-4844793342459904 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 2146907204 + 26846088 cannot be represented in type 'int' Fixes: 8105/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVPACK_fuzzer-6233036682166272 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Carl Eugen Hoyos [Sun, 10 Jun 2018 01:19:59 +0000 (03:19 +0200)]
lsws/rgb2rgb_template: Do not compile unneeded shuffle functions on big-endian.
Fixes the following warnings:
In file included from libswscale/rgb2rgb.c:128:0:
libswscale/rgb2rgb_template.c:346:13: warning: 'shuffle_bytes_3210_c' defined but not used
libswscale/rgb2rgb_template.c:346:13: warning: 'shuffle_bytes_3012_c' defined but not used
libswscale/rgb2rgb_template.c:346:13: warning: 'shuffle_bytes_1230_c' defined but not used
Jacob Trimble [Thu, 7 Jun 2018 17:29:33 +0000 (10:29 -0700)]
avformat/mov: Fix reading saio/saiz for clear content.
This validates that the common encryption saio/saiz atoms only appear
when the data is actually encrypted. This also ignores those atoms
in clear content.
Found by Chrome's ClusterFuzz: http://crbug.com/850389
Signed-off-by: Jacob Trimble <modmaker@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 3 * 1006632960 cannot be represented in type 'int' Fixes: 8278/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5692857166856192 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/shorten: Fix undefined shift in fix_bitshift()
Fixes: left shift of negative value -9 Fixes: 8571/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5715966875926528 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/shorten: Fix a negative left shift in shorten_decode_frame()
Fixes: left shift of negative value -9057 Fixes: 8527/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5666853924896768 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: OOM Fixes: 8195/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5179785826271232
The reference software appears to use longs for 32bits and it uses int for nmeans
hinting that the intended maximum size was not 32bit.
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/shorten: Check non COMM chunk len before skip in decode_aiff_header()
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 8024/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5109204648984576 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/mjpegdec: Fix integer overflow in ljpeg_decode_rgb_scan()
Fixes: signed integer overflow: 32768 + 2147450880 cannot be represented in type 'int' Fixes: 7885/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THP_fuzzer-5298834394578944 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/truemotion2: Fix overflow in tm2_apply_deltas()
Fixes: signed integer overflow: 1077952576 + 1077952576 cannot be represented in type 'int' Fixes: 7712/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5056281753681920 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>