1. 03 Aug, 2019 13 commits
  2. 02 Aug, 2019 4 commits
  3. 01 Aug, 2019 2 commits
  4. 31 Jul, 2019 8 commits
  5. 30 Jul, 2019 4 commits
  6. 29 Jul, 2019 9 commits
    • Andreas Rheinhardt's avatar
      cbs_mpeg2: Fix parsing the last unit · fd93d5ef
      Andreas Rheinhardt authored
      There is one way to find out if avpriv_find_start_code has found a start
      code or not: One has to check whether the state variable contains a
      start code, i.e. whether the three most significant bytes are 0x00 00 01.
      Checking for whether the return value is the end of the designated
      buffer is not enough: If the last four bytes constitute a start code,
      the return value is also the end of the buffer. This happens with
      sequence_end_codes which have been ignored for exactly this reason,
      although e.g. all three files used for fate tests of cbs_mpeg2 contain
      sequence_end_codes.
      Signed-off-by: 's avatarAndreas Rheinhardt <andreas.rheinhardt@gmail.com>
      fd93d5ef
    • Andreas Rheinhardt's avatar
      cbs_mpeg2: Rearrange start code search · 276b21a5
      Andreas Rheinhardt authored
      1. Currently, cbs_mpeg2_split_fragment uses essentially three variables
      to hold the start code values found by avpriv_find_start_code. By
      rearranging the code, one of them can be omitted.
      2. The return value of avpriv_find_start_code points to the byte after
      the byte containing the start code identifier (or to the byte after the
      last byte of the fragment's data if no start code was found), but
      cbs_mpeg2_split_fragment needs to work with the pointer to the byte
      containing the start code identifier; it already did this, but in a
      clumsy way. This has been changed.
      3. Also use the correct type for the variable holding the
      CodedBitstreamUnitType.
      Signed-off-by: 's avatarAndreas Rheinhardt <andreas.rheinhardt@gmail.com>
      276b21a5
    • Andreas Rheinhardt's avatar
      cbs_mpeg2: Decompose Sequence End · 0e66e1b6
      Andreas Rheinhardt authored
      Sequence End units (or actually, sequence_end_codes) have up until now
      not been decomposed; in fact due to a bug in cbs_mpeg2_split_fragment they
      have mostly been treated as part of the preceding unit. So implement
      decomposing them as preparation for fixing said bug.
      Signed-off-by: 's avatarAndreas Rheinhardt <andreas.rheinhardt@gmail.com>
      0e66e1b6
    • Andreas Rheinhardt's avatar
      cbs_h264: Improve adding SEI messages · ae49993c
      Andreas Rheinhardt authored
      Up until now, if an SEI messages was to be added to a fragment, it was
      tried to add said SEI message to the first SEI NAL unit of the fragment
      and if this SEI NAL unit already contained H264_NAL_SEI SEI messages (an
      arbitrary limit imposed by cbs_h264), adding failed; if there was no SEI
      NAL unit, a new one has been added.
      With this commit, the fragment is searched for further NAL units to add
      the SEI messages to. If all of them are full, a new SEI NAL unit is added.
      Signed-off-by: 's avatarAndreas Rheinhardt <andreas.rheinhardt@gmail.com>
      ae49993c
    • Andreas Rheinhardt's avatar
      cbs: Don't set AVBuffer's opaque · 4e7e30bb
      Andreas Rheinhardt authored
      cbs is currently inconsistent regarding the opaque field that can be
      used as a special argument to av_buffer_create in order to be used
      during freeing the buffer: ff_cbs_alloc_unit_content and all the free
      functions used name this parameter as if it should contain a pointer to
      the unit whose content is about to be created; but both
      ff_cbs_alloc_unit_content as well as ff_cbs_h264_add_sei_message
      actually use a pointer to the CodedBitstreamContext as opaque. It should
      actually be neither, because it is unneeded (as is evidenced by the fact
      that none of the free functions use this pointer at all) and because it
      ties the unit's content to the lifetime of other objects, although a
      refcounted buffer is supposed to have its own lifetime that only ends
      when its reference count reaches zero. This problem manifests itself in
      the pointer becoming dangling.
      The pointer to the unit can become dangling if another unit is added to
      the fragment later as happens in the bitstream filters; in this case,
      the pointer can point to the wrong unit (if the fragment's unit array
      needn't be relocated) or it can point to where the array was earlier.
      It can also become dangling if the unit's content is meant to survive
      the resetting of the fragment it was originally read with. This applies
      to the extradata of H.264 and HEVC.
      The pointer to the context can become dangling if the context is closed
      before the content is freed. Although this doesn't seem to happen right
      now, it could happen, in particular if one uses different
      CodedBitstreamContexts for in- and output.
      Signed-off-by: 's avatarAndreas Rheinhardt <andreas.rheinhardt@gmail.com>
      4e7e30bb
    • Michael Niedermayer's avatar
      avcodec/eatqi: Check for minimum frame size · 5ffb8e87
      Michael Niedermayer authored
      The minimum header is 8 bytes, the smallest bitstream that is passed to
      the MB decode code is 4 bytes
      
      Fixes: Timeout (35sec -> 18sec)
      Fixes: 15800/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EATQI_fuzzer-5684154517159936
      
      Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegReviewed-by: 's avatarPaul B Mahol <onemda@gmail.com>
      Signed-off-by: 's avatarMichael Niedermayer <michael@niedermayer.cc>
      5ffb8e87
    • Michael Niedermayer's avatar
      avcodec/eatgv: Check remaining size after the keyframe header · 009ec8dc
      Michael Niedermayer authored
      The minimal size which unpack() will not fail on is 5 bytes
      Fixes: Timeout (14sec -> 77ms) (testcase 15508)
      Fixes: 15508/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EATGV_fuzzer-5700053513011200
      Fixes: 15996/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EATGV_fuzzer-5751353223151616
      
      Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: 's avatarMichael Niedermayer <michael@niedermayer.cc>
      009ec8dc
    • Mark Thompson's avatar
      h264_metadata: Support overscan_appropriate_flag · b123d078
      Mark Thompson authored
      Fixes #8041.
      b123d078
    • Mark Thompson's avatar
      cbs_h264: Fix missing inferred colour description fields · f9b85036
      Mark Thompson authored
      With video_signal_type_present_flag set but colour_description_present_flag
      unset the colour fields would not have had their correct values inferred.
      f9b85036