Bug #8255 points out a double free error in libwscale/utils.c file.
The double free is because the pointer to cascaded_context of an
sw_context is not set to NULL after freeing it. When the sw_context
is later freed, sws_freeContext is called on the cascaded_context,
causing a double free.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: division by zero Fixes: 20436/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5763229752229888 Fixes: 20503/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4841641154445312 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavcodec/mvha: Check height before applying median predictor
Fixes: out of array read Fixes: 20495/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MVHA_fuzzer-5711179129552896 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: out of array read Fixes: 20494/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MVDV_fuzzer-5681452423577600 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/cbs: Fix potential double-free when adding unit fails
ff_cbs_insert_unit_data() has two modes of operation: It can insert a
unit with a newly created reference to an already existing AVBuffer; or
it can take a buffer and create an AVBuffer for it. Said buffer will
then become owned by the unit lateron.
A potential memleak/double-free exists in the second case, because if
creating the AVBuffer fails, the function immediately returns, but when
it fails lateron, the supplied buffer will be freed. The caller has no
way to distinguish between these two outcomes. The only such caller
(cbs_jpeg_split_fragment() in cbs_jpeg.c) opted for a potential
double-free.
This commit changes this by explicitly stating that a non-refcounted
buffer will be freed on error. The aforementioned caller has been
brought in line with this.
Lynne [Sat, 8 Feb 2020 23:06:09 +0000 (23:06 +0000)]
lavu/tx: mention FFT output is not normalized
Not even FFTW's output is normalized.
This should prevent at least some users from complaining that doing a forward
transform followed by an inverse transform has a mismatching output to the
original input.
avfilter/vf_paletteuse: Fix potential double-free of AVFrame
apply_palette() would free an AVFrame given to it only via an AVFrame *
(and not via AVFrame **) in three of its four exists (namely in the
normal path and in two error paths). So upon error the caller has no way
to know whether the frame has already been freed or not;
load_apply_palette(), the only caller, opted to free the frame in this
scenario.
This commit changes this by making apply_palette not freeing the frame
at all, which is left to load_apply_palette().
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/cavsdsp: Fix undefined left shifts of negative numbers
Affected the ffmpeg-filter_colorkey FATE-test (but only if the C version
of idct8_add is used and not e.g. the x86 SSE2 version).
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Fixes: left shift of negative value -107 Fixes: 20398/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CAVS_fuzzer-5725389278412800 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Zane van Iperen [Thu, 6 Feb 2020 06:58:14 +0000 (06:58 +0000)]
avformat: add demuxer for Simon & Schuster Interactive's VAG format
Adds support for the custom VAG container used by some Simon & Schuster
Interactive games such as Real War, and Real War: Rogue States.
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com> Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Zane van Iperen [Thu, 6 Feb 2020 06:58:10 +0000 (06:58 +0000)]
avcodec: add decoder for Simon & Schuster Interactive's ADPCM variant
Adds support for the ADPCM variant used by some Simon & Schuster
Interactive games such as Real War, and Real War: Rogue States.
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com> Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
James Almer [Sun, 26 Jan 2020 15:08:26 +0000 (12:08 -0300)]
configure: don't enable $ARCH_external if $ARCH is disabled
The check_x86asm() checks would force enable these variables on success,
bypassing any --disable-* command line option.
This is important in the case of AVX512, where the relevant define is used
to choose between different values for memory alignment and strides in
some allocations.
Lynne [Sun, 27 Oct 2019 14:48:16 +0000 (14:48 +0000)]
lavfi: add an chromaber_vulkan filter
This commit adds a chromatic aberration filter for Vulkan that attempts to
emulate a lens chromatic aberration effect.
For a YUV frame it will instead shift the chroma channels, providing a
simple approximation.
Lynne [Sun, 27 Oct 2019 14:44:00 +0000 (14:44 +0000)]
lavfi: add Vulkan filtering framework
This commit adds a Vulkan filtering infrastructure for libavfilter.
It attempts to abstract as much as possible of the Vulkan API from filters.
The way the hwcontext and the framework are designed permits for parallel,
non-CPU-blocking filtering throughout, with the exception of up/downloading
and mapping.
Philip Langdale [Thu, 24 Oct 2019 01:11:37 +0000 (18:11 -0700)]
lavfi/vf_hwupload: Add support for HW -> HW transfers
As we find ourselves wanting a way to transfer frames between
HW devices (or more realistically, between APIs on the same device),
it's desirable to have a way to describe the relationship. While
we could imagine introducing a `hwtransfer` filter, there is
almost no difference from `hwupload`. The main new feature we need
is a way to specify the target device. Having a single device
for the filter chain is obviously insufficient if we're dealing
with two devices.
So let's add a way to specify the upload target device, and if none
is specified, continue with the existing behaviour.
We must also correctly preserve the sw_format on such a transfer.
Lynne [Wed, 28 Aug 2019 20:58:10 +0000 (21:58 +0100)]
lavu: add Vulkan hwcontext code
This commit adds the necessary code to initialize and use a Vulkan device
within the hwcontext libavutil framework.
Currently direct mapping to VAAPI and DRM frames is functional, and
transfers to CUDA and native frames are supported.
Lets hope the future Vulkan video decode extension fits well within this
framework.
Philip Langdale [Thu, 24 Oct 2019 01:01:52 +0000 (18:01 -0700)]
lavu/hwcontext: Add support for HW -> HW transfers
We are beginning to consider scenarios where a given HW Context
may be able to transfer frames to another HW Context without
passing via system memory - this would usually be when two
contexts represent different APIs on the same device (eg: Vulkan
and CUDA).
This is modelled as a transfer, as we have today, but where both
the src and the dst are hardware frames with hw contexts. We need
to be careful to ensure the contexts are compatible - particularly,
we cannot do transfers where one of the frames has been mapped via
a derived frames context - we can only do transfers for frames that
were directly allocated by the specified context.
Additionally, as we have two hardware contexts, the transfer function
could be implemented by either (or indeed both). To handle this
uncertainty, we explicitly look for ENOSYS as an indicator to try
the transfer in the other direction before giving up.
Jai Luthra [Fri, 24 Jan 2020 10:33:33 +0000 (16:03 +0530)]
mlpenc: improve lpc filtering
* fix a possible memory leak (apply_filter returned before freeing)
* use apply_filters in process_major_frame
* revert back to checking bounds with 24 bitdepth, as huff offset takes
care of it
avcodec/apedec: Fix integer overflows in predictor_decode_mono_3950()
Fixes: signed integer overflow: -2147407150 + -1871606 cannot be represented in type 'int' Fixes: 18702/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5679095417667584 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Marton Balint [Sun, 2 Feb 2020 21:58:08 +0000 (22:58 +0100)]
avformat/dashenc: use AV_OPT_TYPE_DICT for http_opts
This changes the separator character from comma to colon, but since this option
was only added recently I think it should be done for consistency with other
similar options.
This commit reuses the configuration options for VP8 that enables
temporal scalability for VP9. It also adds a way to enable three
preset temporal structures (refer to the documentation for more
detail) that can be used in offline encoding.
Fixes: signed integer overflow: 2147482897 + 2048 cannot be represented in type 'int' Fixes: 19240/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5743240326414336 Fixes: 19869/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5150136636538880 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>