aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* avcodec/tiff: Avoid forward declarationsAndreas Rheinhardt2021-04-081-199/+195
| | | | | | | | | | | | In this case it also fixes a potential for compilation failures: Not all compilers can handle the case in which a function with a forward declaration declared with an attribute to always inline it is called before the function body appears. E.g. GCC 4.2.1 on OS X 10.6 doesn't like it. Reviewed-by: Pavel Koshevoy <pkoshevoy@gmail.com> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com> (cherry picked from commit e5d6af7b35d97f5c1252ecf8bd61f3295909fb6c)
* avcodec/pthread_frame: ReindentationAndreas Rheinhardt2021-04-081-19/+19
| | | | | Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit 659996094074b0c34904c2fd391c4a12bbf58211)
* avcodec/pthread_frame: Check initializing mutexes/condition variablesAndreas Rheinhardt2021-04-081-25/+73
| | | | | | | | | | | | | | | | | | | Up until now, initializing the mutexes/condition variables wasn't checked by ff_frame_thread_init(). This commit changes this. Given that it is not documented to be save to destroy a zeroed but otherwise uninitialized mutex/condition variable, one has to choose between two approaches: Either one duplicates the code to free them in ff_frame_thread_init() in case of errors or one records which have been successfully initialized. This commit takes the latter approach: For each of the two structures with mutexes/condition variables an array containing the offsets of the members to initialize is added. Said array is used both for initializing and freeing and the only thing that needs to be recorded is how many of these have been successfully initialized. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit c85fcc96b79a502b1d2cd022c6f0c638e4527732)
* avcodec/pthread_frame: Fix cleanup during initAndreas Rheinhardt2021-04-081-70/+67
| | | | | | | | | | | | | | | | | | In case an error happened when setting up the child threads, ff_frame_thread_init() would up until now call ff_frame_thread_free() to clean up all threads set up so far, including the current, not properly initialized one. But a half-allocated context needs special handling which ff_frame_thread_frame_free() doesn't provide. Notably, if allocating the AVCodecInternal, the codec's private data or setting the options fails, the codec's close function will be called (if there is one); it will also be called if the codec's init function fails, regardless of whether the FF_CODEC_CAP_INIT_CLEANUP is set. This is not supported by all codecs; in ticket #9099 it led to a crash. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit e9b66175793e5c2af19beefe8e143f6e4901b5df)
* avcodec/pthread_frame: Factor initializing single thread outAndreas Rheinhardt2021-04-081-59/+68
| | | | | Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit 24ee1514021e2a2419b1ae9a779e6a18a4add064)
* avcodec/dv_profile: PAL DV files with dsf flag 0 - detect via pal flag and ↵Mark Plomer2021-04-031-6/+4
| | | | | | | | | | | | | | buf_size Some old DV AVI files have the DSF-Flag of frames set to 0, although it is PAL (maybe rendered with an old Ulead Media Studio Pro) ... this causes ffmpeg/VLC-player to produce/play corrupted video (other players/editors like VirtualDub work fine). Fixes ticket #8333 and replaces/extends hack for ticket #2177 Signed-off-by: Marton Balint <cus@passwd.hu> (cherry picked from commit 6ef5d8ca86c1d17e486300daa476dc6e0799f2f6)
* avcodec/cfhd: Keep track of which subbands have been readMichael Niedermayer2021-04-032-0/+27
| | | | | | | | | | | | | | | | This avoids use of uninitialized data also several checks are inside the band reading code so it is important that it is run at least once Fixes: out of array accesses Fixes: 28209/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CFHD_fuzzer-5684714694377472 Fixes: 32124/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CFHD_fuzzer-5425980681355264 Fixes: 30519/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CFHD_fuzzer-4558757155700736 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit da8c86dd8be244100da226a11b416c20d0c914d6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/cfhd: Require valid setup before Lowpass coefficients, BandHeader ↵Michael Niedermayer2021-04-031-12/+27
| | | | | | | | | | | and BandSecondPass Previously the code skipped all security checks when these where encountered but prior data was incorrect. Also replace an always true condition by an assert Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3b88c88fa1888c47b0767d84bfebf1fd656c7846) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/cfhd: Check transform_type consistentlyMichael Niedermayer2021-04-032-2/+10
| | | | | | | | | | | | Fixes: out of array accesses Fixes: 29754/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CFHD_fuzzer-6333598414274560 Fixes: 30519/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CFHD_fuzzer-6298424511168512 Fixes: 30739/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CFHD_fuzzer-5011292836462592 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 20473a93d2a385a7137ef03e8b2604fa5e79eaa7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* libswscale/x86/yuv2yuvX: Removes unrolling for mmx and mmxextAlan Kelly2021-04-031-1/+13
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3ce8d092448827842c451807f03010ad5129fd8f) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* libswscale/x86/swscale: Only call ff_yuv2yuvX functions if the input size is > 0Alan Kelly2021-04-031-2/+4
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit dc57762cb43619f91fd2a5d95510fa3b14cfeaaf) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* tests/checkasm/sw_scale: adds additional tests sizes for yux2yuvXAlan Kelly2021-04-031-3/+3
| | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e1484bc455dff500f8b35b58d434924bca0e03d6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mjpegdec: Check initializing Huffman tablesAndreas Rheinhardt2021-04-031-1/+2
| | | | | | Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com> (cherry picked from commit d5ddfec6c3ce0ff743e3d67c42a1a59d3afe8e8c)
* avcodec/mjpegdec: Fix leak in case of invalid external Huffman tablesAndreas Rheinhardt2021-04-031-0/+1
| | | | | | | | | | | | | | When using external Huffman tables fails during init, the decoder reverts back to using the default Huffman tables; and when doing so, the current VLC tables leak because init_default_huffman_tables() doesn't free them before overwriting them. Sample: samples.ffmpeg.org/archive/all/avi+mjpeg+pcm_s16le++mjpeg-interlace.avi Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com> (cherry picked from commit 3cc685b7bcc2bcc781b5632bf2e0af6ed941ae27)
* avcodec/a64multienc: Don't use static buffers, fix potential racesAndreas Rheinhardt2021-04-031-4/+7
| | | | | | | | | | | | | render_charset() used static buffers that are always completely initialized before every use, so that it is unnecessary for the values in these arrays to be kept after leaving the function. Given that this is not only unnecessary, but harmful due to the possibility of data races if several instances of a64multi/a64multi5 run simultaneously these buffers have been replaced by ordinary buffers on the stack (they are small enough for this). Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com> (cherry picked from commit 0ca09335aa47fee181c36187143403811b5452f6)
* avcodec/rawdec: Free bitstream_bufAndreas Rheinhardt2021-04-031-0/+1
| | | | | Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com> (cherry picked from commit 5c0f6d53da154ef51933eb5820424612aedda50d)
* avformat/vividas: Fix crash when seeking without audio streamAndreas Rheinhardt2021-04-031-7/+12
| | | | | | | | The current code tries the access the codecpar of a nonexistent audio stream when seeking. Stop that. Fixes ticket #9121. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com> (cherry picked from commit af867e59d9ac3db5aaf7df4691f032e14ea51588)
* avcodec/ass_split: Don't presume strlen to be >= 2Andreas Rheinhardt2021-04-021-1/+1
| | | | | | | Fixes potential heap-buffer-overflow. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit f38f791a23a8acade7ea6554c80455dce7543dbd)
* avcodec/binkaudio: Check return value of functions that can failAndreas Rheinhardt2021-04-021-3/+5
| | | | | Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit 0062aca592868e9fd7b6fcb322747d42d71e7315)
* avcodec/binkaudio: Fix memleak upon init failureAndreas Rheinhardt2021-04-021-0/+2
| | | | | Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit 85aed2e390799dc4037a6f0b95310dfda44fa6eb)
* avcodec/flacenc: Fix memleak upon init errorAndreas Rheinhardt2021-04-021-0/+1
| | | | | | | An AVMD5 struct would leak if an error happened after its allocation. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit 56bd071e5487fcf516d942bbc84d7a77b0bdf9b6)
* avcodec/proresenc_anatoliy: Fix memleak upon init errorAndreas Rheinhardt2021-04-021-0/+2
| | | | | | | | A buffer may leak in case of YUVA444P10 with dimensions that are not both divisible by 16. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit d789d72d30d8cb6c0a9b5b1140589da1eae44e1e)
* avcodec/bsf: Fix segfault when freeing half-allocated BSFAndreas Rheinhardt2021-04-021-19/+20
| | | | | | | | When allocating a BSF fails, it could happen that the BSF's close function has been called despite a failure to allocate the private data. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com> (cherry picked from commit 9bf2b32da048732ad79e075dfefd40777e9f935a)
* avcodec/av1_metadata_bsf: Check for the existence of unitsAndreas Rheinhardt2021-04-021-1/+1
| | | | | | | | Fixes a crash with ISOBMFF extradata containing no OBUs. Reviewed-by: James Almer <jamrial@gmail.com> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com> (cherry picked from commit 8081a0b10f5325b60e885d8823593485019b8a18)
* avcodec/h264_metadata_bsf: Don't add AUD to extradataAndreas Rheinhardt2021-04-021-1/+1
| | | | | | | | This is a regression since switching to the generic CBS BSF code. Reviewed-by: James Almer <jamrial@gmail.com> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com> (cherry picked from commit b917218c35d240d9266c163103353e51facb0cae)
* avcodec/msmpeg4enc: Don't use code for static init that can failAndreas Rheinhardt2021-04-023-18/+10
| | | | | Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit f0042e573e13858ab16b08ad9899eb8c908cd058)
* avformat/dss: Don't prematurely modify context variableAndreas Rheinhardt2021-04-021-20/+17
| | | | | | | | | | | | | | | | | The DSS demuxer currently decrements a counter that should be positive at the beginning of read_packet; should it become negative, it means that the data to be read can't be read contiguosly, but has to be read in two parts. In this case the counter is incremented again after the first read if said read succeeded; if not, the counter stays negative. This can lead to problems in further read_packet calls; in tickets #9020 and #9023 it led to segfaults if one tries to seek lateron if the seek failed and generic seek tried to read from the beginning. But it could also happen when av_new_packet() failed and the user attempted to read again afterwards. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com> (cherry picked from commit afa511ad34452b1806a6cfa2dd785168140843e6)
* avformat/utils: Check allocations for failureAndreas Rheinhardt2021-04-021-4/+12
| | | | | | | There would be leaks in case of failure. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com> (cherry picked from commit 543e4a194252050cf1abcded7c75e4b889e3db4f)
* avcodec/ac3enc: Use actual size of buffer in init_put_bits()Andreas Rheinhardt2021-04-022-2/+1
| | | | | | | | | | | | | Since the very beginning (since de6d9b6404bfd1c589799142da5a95428f146edd) the AC-3 encoder used AC3_MAX_CODED_FRAME_SIZE (namely 3840) for the size of the output buffer (without any check at all). This causes problems when encoding EAC-3 for which the maximum is too small, smaller than the actual size of the buffer: One can run into asserts used by the PutBits API. Ticket #8513 is about such a case and this commit fixes it by using the real size of the buffer. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com> (cherry picked from commit 968c158abde36ebb7520706a69eebe3e8eacbd81)
* avcodec/flashsv2enc: Fix undefined NULL + 0Andreas Rheinhardt2021-04-021-1/+1
| | | | | | | Affected the vsynth*-flashsv2 FATE-tests. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit b7b73e83e3d5c78a5fea96a6bcae02e1f0a5c45f)
* avutil/pixdesc: Fix 1 << 32Andreas Rheinhardt2021-04-021-1/+1
| | | | | Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit b7565b65b87845d5476343d454976e8f26c2dfc6)
* avcodec/motion_est: Fix invalid left shift of negative numbersAndreas Rheinhardt2021-04-022-31/+32
| | | | | | | Affected many FATE-tests. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit 3ef65fd4d1d0cdfa0b60351c719bef93d3664ea2)
* avfilter/vf_codecview: Fix undefined left shifts of negative numbersAndreas Rheinhardt2021-04-021-4/+4
| | | | | | | Affected the filter-codecview-mvs FATE-test. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit 3c151e79991181c8b7b9f9b888ac46eba91c5012)
* avcodec/g2meet: Fix undefined NULL + 0Andreas Rheinhardt2021-04-021-1/+1
| | | | | | | Affected the g2m4 FATE-test. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit a86f3e983ec113689af48dd49ae043d85c8dc8bd)
* avutil/base64: Fix undefined NULL + 0Andreas Rheinhardt2021-04-021-2/+7
| | | | | | | Affected the base64 FATE test. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit bbf8431b1bb947bdb3c9cb34718879ad1fc4e1be)
* avcodec/vmdvideo: Fix NULL + 0Andreas Rheinhardt2021-04-021-7/+12
| | | | | | | Affected the FATE tests filter-gradfun-sample and sierra-vmd-video. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit 566bf56791ea96df2bbc334feec0f1cdfc93b2da)
* avcodec/mss12: Don't apply non-zero offset to null pointerAndreas Rheinhardt2021-04-021-7/+10
| | | | | | | Affected the FATE tests mss2-wmv and mss1-pal. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit 8429661db86b1e76bcae9d8381389098e57417de)
* avcodec/lcldec: Fix undefined NULL + 0Andreas Rheinhardt2021-04-021-3/+5
| | | | | | | Affected the FATE tests vsynth*-zlib, mszh and zlib. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit dd9cbd1cc31e72ad9f11d10d086a46d339a924ca)
* avcodec/qtrleenc: Fix negative linesizes, don't use NULL + offsetAndreas Rheinhardt2021-04-021-8/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | Before commit f1e17eb446577180ee9976730aacb46563766518, the qtrle encoder had undefined pointer arithmetic: Outside of a loop, two pointers were set to point to the ith element (with index i-1) of a line of a frame. At the end of each loop iteration, these pointers were decremented, so that they pointed to the -1th element of the line after the loop. Furthermore, one of these pointers can be NULL (in which case all pointer arithmetic is automatically undefined behaviour). Commit f1e17eb44 added a check in order to ensure that the elements never point to the -1th element of the array: The pointers are only decremented if they are bigger than the frame's base pointer (i.e. AVFrame.data[0]). Yet this check does not work at all in case of negative linesizes; furthermore in case the pointer that can be NULL is NULL initializing it still involves undefined pointer arithmetic. This commit fixes both of these issues: First, non-NULL pointers are initialized to point to the element after the ith element and decrementing is moved to the beginning of the loop. Second, if a pointer is NULL, it is just made to point to the other pointer, as this allows to avoid checks before decrementing it. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit 911fe69c5f5946461d9e7c785b19e3841dabd873)
* avcodec/qtrleenc: Use keyframe when no previous frame is availableAndreas Rheinhardt2021-04-021-1/+2
| | | | | | | | If keeping a reference to an earlier frame failed, the next frame must be an I frame for lack of reference frame. This commit implements this. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit d5fc16a6a87a24360312b812a560e7a3664e3791)
* libswresample/audioconvert: Fix undefined NULL + 0Andreas Rheinhardt2021-04-021-2/+2
| | | | | | | Affected 26 FATE tests like swr-resample_async-s16p-44100-8000. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit 64977ed7ae1e437910ca837ccb282e07d9200249)
* avcodec/proresdec2: Don't apply non-zero offset to null pointerAndreas Rheinhardt2021-04-021-6/+8
| | | | | | | | Affected ProRes without alpha; affected 32 FATE tests, e.g. prores-422, prores-422_proxy, prores-422_lt or matroska-prores-header-insertion-bz2. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit f83976344ecdc776ec827b06b19c2fcaa2b8ccdb)
* avcodec/mpegvideo_enc: Don't apply non-zero offset to null pointerAndreas Rheinhardt2021-04-021-1/+2
| | | | | | | Affected many FATE tests (mostly vsynth ones). Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit 4863671d888273392e9dcc2429f3852c00330498)
* avfilter/af_hdcd: Fix undefined shiftsAndreas Rheinhardt2021-04-021-4/+4
| | | | | | | Affected the filter-hdcd-* FATE tests. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit 9eadd616b7ec31f9a6b691ff3faa2c6c3716335f)
* avcodec/dcaenc: Fix undefined left shift of negative numbersAndreas Rheinhardt2021-04-021-4/+4
| | | | | | | Affected the acodec-dca and acodec-dca2 FATE tests. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit 659a925939011338cac1ab3c21d58d4b077fc926)
* avcodec/mjpegenc: Fix segfault when freeing incomplete contextAndreas Rheinhardt2021-04-021-2/+4
| | | | | | | | | | | When allocating the MJpegContext fails (or if the dimensions run afoul of the 65500x65500 limit), an attempt to free a subbuffer of said context leads to a segfault in ff_mjpeg_encode_close(). Seems to be a regression since 467d9e27e0cb2bf74f41dc832f2f8d191ba58ec9. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com> (cherry picked from commit 84ac35ecb8a53bf313b468b5a9f1b0617f2a3de2)
* avfilter/vf_paletteuse: Fix left shift outside of range of intAndreas Rheinhardt2021-04-021-2/+3
| | | | | | | | by keeping the variable uint32_t which in this situation is the natural type anyway. This affected the FATE-test filter-paletteuse-sierra2_4a. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit 797c2ecc8fca65721b79637073df0a31fe31c463)
* avfilter/asrc_sine: Fix invalid left shift of negative numberAndreas Rheinhardt2021-04-021-1/+1
| | | | | | | | | | | by using a multiplication instead. The multiplication can never overflow an int because the sin-factor is only an int16_t. Affected the FATE-tests filter-concat and filter-concat-vfr. Reviewed-by: Nicolas George <george@nsup.org> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit 55b46902c1f855d02ea802de1285d68577a38806)
* avformat/webmdashenc: Don't pass NULL to memcmpAndreas Rheinhardt2021-04-021-1/+2
| | | | | | | | Affects the FATE-tests webm-dash-manifest-unaligned-video-streams, webm-dash-manifest and webm-dash-manifest-representations. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit a42c47b77feda837a966aa96569ed8a2553b1c36)
* avformat/libmodplug: Fix memleaks on errorAndreas Rheinhardt2021-04-021-13/+24
| | | | | Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit df6dc331dd54c779c779eb8b950ad83c81799de4)
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-01 21:43:55 +0000