| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
avutil_version() currently performs several checks before
just returning the version. There is a static int that aims
to ensure that these tests are run only once. The reason is that
there used to be a slightly expensive check, but it has been removed
in 92e3a6fdac73f7e1d69d69717219a7538877d7a0. Today running only
once is unnecessary and can be counterproductive: GCC 10 optimizes
all the actual checks away, but the checks_done variable and the code
setting it has been kept. Given that this check is inherently racy
(it uses non-atomic variables), it is best to just remove it.
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit ff800903747325f15056444c11053279e391d60b)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Up until now, the scc demuxer not only read the line that it intends
to process, but also the next line, in order to be able to calculate
the duration of the current line. This approach leads to unnecessary
complexity and also to bugs: For the last line, the timing of the
next subtitle is not only logically indeterminate, but also
uninitialized and the same applies to the duration of the last packet
derived from it.* Worse yet, in case of e.g. an empty file, it is not
only the duration that is uninitialized, but the whole timing as well
as the line buffer itself.** The latter is used in av_strtok(), which
could lead to crashes. Furthermore, the current code always outputs
at least one packet, even for empty files.
This commit fixes all of this: It stops using two lines at a time;
instead only the current line is dealt with and in case there is
a packet after that, the duration of the last packet is fixed up
after having already parsed it; consequently the duration of the
last packet is left in its default state (meaning "unknown/up until
the next subtitle"). If no further line could be read, processing
is stopped; in particular, no packet is output for an empty file.
*: Due to stack reuse it seems to be zero quite often; for the same
reason Valgrind does not report any errors for a normal input file.
**: While ff_subtitles_read_line() claims to always zero-terminate
the buffer like snprintf(), it doesn't do so if it didn't read anything.
And even if it did, it would not necessarily help here: The current
code jumps over 12 bytes that it deems to have read even when it
hasn't.
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit 60e12318bb9372b3053703f2a3b849270b9d2fe5)
|
| |
|
|
|
|
|
|
|
|
| |
It claims to always zero-terminate its buffer like snprintf(),
yet it does it not on EOF. Because of this the mcc demuxer
used uninitialized values when reading an empty input file.
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit 8766361fc16b6d25ee8be880bf55c9761490cb99)
|
| |
|
|
|
|
|
| |
Happened for all slaves which didn't use the FIFO.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit 3a27fcb168af07f168e58577f6b3696a8fe74803)
|
| |
|
|
|
| |
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit 4df34df642d252ec7849e07812548c417961f9ec)
|
| |
|
|
|
|
|
| |
Fixes Coverity issue #1439566.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit c9b44a79d1bc87251f36926b288f79adefec397f)
|
| |
|
|
|
|
| |
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit cd1aaec760273bd7673b27609f114599e2d9b5a9)
|
| |
|
|
|
|
| |
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit 0429d8eed85674ae19cccab81f7fbb13a4ccc705)
|
| |
|
|
|
|
| |
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit bae96fa9776cf35cdf32f285f2a980b31e63560a)
|
| |
|
|
|
|
|
|
|
| |
Fix this by switching to av_dynarray_add_nofree() which is more
natural anyway because the entries of the array are pointers.
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit 05c1f78a72916ef2466cc5a4fc778810503225ee)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
av_image_copy() expects an array of four pointers according to its
declaration; although it currently only touches pointers that
are actually in use (depending upon the pixel format) this might
change at any time (as has already happened for the linesizes
in d7bc52bf456deba0f32d9fe5c288ec441f1ebef5).
This fixes ticket #9264 as well as a warning from GCC 11.
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit 9b17273c77ee2868ef34abc49efa70260453235b)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When an flite filter instance is uninitialized and the refcount
of the corresponding voice_entry reaches zero, the voice is
unregistered, yet the voice_entry's pointer to the voice is not reset.
(Whereas some other pointers are needlessly reset.)
Because of this a new flite filter instance will believe said voice
to already be registered, leading to use-after-frees.
Fix this by resetting the right pointer instead of the wrong ones.
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit 18ddb25c7a58404641de2f6aa68220bd509e376c)
|
| |
|
|
|
|
|
|
|
|
|
| |
Could also happen if initializing flite failed* or if an unknown voice
has been selected or if registering the voice failed.
*: which it currently can't, because it is a no-op.
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit 304cc0379870ebf155502069939582f1065ef3b5)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 723c37d3b7b5555f23bfdfe3e5c3599543c06332.
Said commit was in preparation for auto-inserting the idet filter.
This has never happened; even if it did, the code is wrong, because
it segfaults if the filter instance doesn't have a name (having one
is not mandatory). Furthermore, it is documented for libavfilter to
not assign any semantics to the name, which this check violates.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit f626a3d0e0e6c59af4e844c7e2d308a93ea8c3e2)
|
| |
|
|
|
|
|
|
| |
Fixes ticket #9497.
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit 9139dc6140e8fb8d84760f3c567332b41858798d)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
h263_get_motion_length() forgot to take an absolute value;
as a consequence, a negative index was used to access an array.
This leads to potential crashes, but mostly it just accesses what
is to the left of ff_mvtab (unless one uses ASAN), thereby defeating
the purpose of the AV_CODEC_FLAG2_NO_OUTPUT because the sizes of
the returned packets differ from the sizes the encoder would actually
have produced.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit 9207dc3b0db368bb9cf5eb295cbc1129c2975e31)
|
| |
|
|
|
|
|
|
| |
Fixes ticket #9537.
Probably a regression since 2b3206891649f317c20993411efef4bee39ae784.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit d1b47f3bfcc625ca1cae210fc198dcbd54381a88)
|
| |
|
|
|
|
|
|
|
| |
Regression since af043b839c38e850af1184fd6be691f8475c048e.
Fixes ticket #9409.
Reviewed-by: Philip Langdale <philipl@overt.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit bb89a2f64fd1d74cc51af62d5ef133be274dd7af)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
av_image_copy() expects an array of four pointers and linesizes
according to its declaration; it currently only pointers that are
actually in use (depending upon the pixel format), but this might
change at any time. It has already happened for the linesizes in
d7bc52bf456deba0f32d9fe5c288ec441f1ebef5 and so increasing their
array fixes a stack-buffer overread.
This fixes a -Wstringop-overflow= and -Wstringop-overread warning
from GCC 11.2.
Reviewed-by: Linjie Fu <linjie.justin.fu@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit b0b90100bfda8c5cf95889e00183589de0abce60)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
av_image_copy() expects an array of four pointers according to its
declaration; although it currently only touches pointers that
are actually in use (depending upon the pixel format) this might
change at any time (as has already happened for the linesizes
in d7bc52bf456deba0f32d9fe5c288ec441f1ebef5).
This fixes a -Wstringop-overflow= warning with GCC 11.2.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit b09ea67b40e342f5e4183e9ebc0c14801ecd218c)
|
| |
|
|
|
|
|
|
| |
Due to this bush.aa (from the FATE suite) exported garbage metadata
with key "_040930".
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit 0a76f8217e0d80d336ad8d9c46523fd3d1262c8c)
|
| |
|
|
|
| |
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit 38e5ca9310b1a4dbb72fbe28769c9119bb880691)
|
| |
|
|
|
|
|
|
| |
(cherry picked from commit 3c2b67446875f925909fa33d8ee14264e11c293d)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Conflicts:
libavformat/udp.c
|
| | |
|
| |
|
|
|
| |
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit e228d7b0db7d6cb02a73bee6d3bf4f6ecf92d0bf)
|
| |
|
|
|
|
|
|
| |
Forgotten in 555f5c1fc5ae0c4e7b0431dc3166c3fcf3f4e979.
Reviewed-by: Zane van Iperen <zane@zanevaniperen.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit df4cb384fb68454e23f8cc2b369e344c1bd8be7d)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This fixes compilation errors in case nvenc is enabled
(e.g. autodected) with both nvenc-based encoders disabled
because nvenc uses ff_alloc_a53_sei(), yet only the nvenc-based
encoders require atsc_a53.
(This error does not manifest itself in case of static linking
(nothing pulls in nvenc.o), but it exists with shared builds.)
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
|
| |
|
|
|
|
|
|
|
| |
- quantizer delta and matrix level specific.
- support loop filter delta.
- support use superres.
Signed-off-by: Fei Wang <fei.w.wang@intel.com>
(cherry picked from commit 84c73102d933c9b7f64f504196c91edddad99618)
|
| |
|
|
|
| |
Signed-off-by: Fei Wang <fei.w.wang@intel.com>
(cherry picked from commit dc94f2eaaf0ae623d7dc02e1273c829015c025a3)
|
| |
|
|
|
|
|
|
|
| |
VAAPI needs 2 output surface for film grain frame. One used for
reference and the other used for applying film grain and pushing
to downstream.
Signed-off-by: Fei Wang <fei.w.wang@intel.com>
(cherry picked from commit 7871144cf801bc8b9e3b00319dd7c3c3d91dd3fa)
|
| |
|
|
|
|
|
|
|
| |
For film grain clip, vaapi_av1 decoder will cache additional 8
surfaces that will be used to store frames which apply film grain.
So increase the pool size by plus 8 to avoid leak of surface.
Signed-off-by: Fei Wang <fei.w.wang@intel.com>
(cherry picked from commit 53403158cc19b9e5baeff6af9317f14d1a20d0cb)
|
| |
|
|
|
|
|
|
|
|
| |
Defined in spec 5.9.24/5.9.25. Since function void
global_motion_params(AV1DecContext *s) already updates
gm type/params, the wminvalid parameter only need to get
the value from cur_frame.gm_invalid.
Signed-off-by: Tong Wu <tong1.wu@intel.com>
(cherry picked from commit 4e7a7d75e3c21a6af03c4cd52ffc50270664e58a)
|
| |
|
|
|
| |
Signed-off-by: Fei Wang <fei.w.wang@intel.com>
(cherry picked from commit 0d0ea70e7bdd85def85d526480d728740a371744)
|
| |
|
|
|
|
|
| |
Defined in spec 7.11.3.6/7.11.3.7.
Signed-off-by: Fei Wang <fei.w.wang@intel.com>
(cherry picked from commit de7475b111679120b3b089fe543224f50882287c)
|
| |
|
|
|
| |
Signed-off-by: Fei Wang <fei.w.wang@intel.com>
(cherry picked from commit 75de7fe26218cb37fff9d5afa7b5b2b8bee4a9a8)
|
| |
|
|
|
|
|
|
|
| |
Since order_hint_bits_minus_1 range is 0~7, cur_frame_hint can be
most 128. And similar return value for cbs_av1_get_relative_dist.
So if plus them and use int8_t for the result may lose its precision.
Signed-off-by: Fei Wang <fei.w.wang@intel.com>
(cherry picked from commit e7ff5722b1abae4284e79da707e71ff82b409699)
|
| |
|
|
|
| |
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 9a7fe439d969485de698569faa0b42e948cbd753)
|
| |
|
|
|
|
|
| |
libdav1d 1.0.0 will be the first version supporting Dav1dSettings.n_threads == 0.
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit d873b5fffc8292242549c4c026023e370e15c05b)
|
| |
|
|
| |
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
| |
|
|
|
|
|
|
|
| |
Fixes: out if array read
Fixes: 40109/clusterfuzz-testcase-minimized-ffmpeg_dem_FLAC_fuzzer-4805686811295744
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Mattias Wadman <mattias.wadman@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
| |
|
|
|
|
|
|
|
|
| |
Fixes: signed integer overflow: 822841647 + 1647055738 cannot be represented in type 'int'
Fixes: 39935/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-4592657142251520
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f24028c798397af720acb838357785aa705a8122)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
| |
|
|
|
|
|
| |
Reviewed-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e154353fdb73dc1b3c1519350244d5346f761850)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
| |
|
|
|
|
|
|
|
|
| |
Fixes: out of array access
Fixes: 39736/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ARGO_fuzzer-4820016722214912
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 17e36fac0b5432f67e25adca7186c57f2dbe1c71)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The calling code does not handle failures and will fail with assertion failures later.
Seeking can always fail even when the position was previously read.
Fixes: Assertion failure
Fixes: 35253/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-4693059982983168
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d115eec97929e23fd1b06df2d95f48cf5000eb87)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
| |
|
|
|
|
|
|
|
|
| |
Fixes: Timeout
Fixes: 39554/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-4915221701984256
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 849138f476f4b08656681bfc3aec5beac47777fb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
| |
|
|
|
|
|
|
|
|
| |
Fixes: memleak
Fixes: 39166/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-5153276690038784
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8fe3566b8fdf4bcf5eed419c1aab6eb848287ff3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
| |
|
|
|
|
|
|
|
|
| |
Fixes: runtime error: signed integer overflow: 727298502 * 3 cannot be represented in type 'int'
Fixes: 39172/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-638602483033702
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f059b56195da9c0e2c11a5f7f357a3d6101e6bf0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
| |
|
|
|
|
|
|
|
|
| |
Fixes: signed integer overflow: -2145648640 - 3357696 cannot be represented in type 'int'
Fixes: 38899/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5358815017566208
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ad517ee6e44f093e28021ffd51c7eb2e1394b1a9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
| |
|
|
|
|
|
|
|
|
| |
Fixes: signed integer overflow: 9223372036854775807 + 8 cannot be represented in type 'long'
Fixes: 38787/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-4859845799444480
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 255a7b423ed5e07536bdc72e993056daa4efe009)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
| |
|
|
|
|
|
|
|
|
|
| |
Fixes: infinite loop
Fixes: 37986/clusterfuzz-testcase-minimized-ffmpeg_dem_MPEGTSRAW_fuzzer-5292311517462528 -
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Marton Balint <cus@passwd.hu>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 83b2e4c8f15a00f037040131e26e20de83f0d842)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
