- 11 Mar, 2020 13 commits
-
-
Michael Niedermayer authored
Fixes: out of array access Fixes: 19734/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5673507031875584 Fixes: 19353/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5703944462663680 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: left shift of negative value -1 Fixes: 20859/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_PSX_fuzzer-5720391507247104 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Fixes: left shift of negative value -695 Fixes: 19232/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG1VIDEO_fuzzer-5702856963522560 Fixes: 19555/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG1VIDEO_fuzzer-5741218147598336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Carl Eugen Hoyos authored
Fixes ticket #8509.
-
Paul B Mahol authored
-
Paul B Mahol authored
-
David Bryant authored
Add support for WavPack DSD files to the existing WavPack decoder using avcodec/dsd to perform the 8:1 decimation to 32-bit float samples. We must serialize the dsd2pcm operation (cross-boundary filtering) but would like to use frame-level multithreading for the CPU-intensive DSD decompression, and this is accomplished with ff_thread_report/await_progress(). Because the dsd2pcm operation is independent across channels we use slice-based multithreading for that part. Also a few things were removed from the existing WavPack decoder that weren't being used (primarily the SavedContext stuff) and the WavPack demuxer was enhanced to correctly determine the sampling rate of DSD files (and of course to no longer reject them). Signed-off-by:David Bryant <david@wavpack.com>
-
Carl Eugen Hoyos authored
-
Carl Eugen Hoyos authored
-
Carl Eugen Hoyos authored
Fixes ticket #8565.
-
Carl Eugen Hoyos authored
Fixes part of ticket #8565.
-
Carl Eugen Hoyos authored
-
James Almer authored
Also remove the ancient reference to libmpcodecs while at it. Signed-off-by:
James Almer <jamrial@gmail.com> Reviewed-by:
Paul B Mahol <onemda@gmail.com>
-
- 10 Mar, 2020 8 commits
-
-
Zane van Iperen authored
Signed-off-by:
Zane van Iperen <zane@zanevaniperen.com> Signed-off-by:
-
Andreas Rheinhardt authored
Slices that end after their header (meaning slices after the header without any data before the rbsp_stop_one_bit or possibly without any rbsp_stop_one_bit at all) are invalid and are now dropped. This ensures that one doesn't run into two asserts in cbs_h2645_write_slice_data(). Signed-off-by:
Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Fixes: 19629/clusterfuzz-testcase-minimized-ffmpeg_BSF_H264_METADATA_fuzzer-5676822528524288 Signed-off-by:
-
Andreas Rheinhardt authored
Trailing zeroes are already discarded when splitting a fragment, which makes the code to remove them when decomposing slices dead code. Signed-off-by:
-
Andreas Rheinhardt authored
Up until now, v4l2_m2m would write via snprintf() into an intermediate buffer and then copy from there (via strncpy()) to the end buffer. This commit changes this by removing the intermediate buffer. The call to strncpy() was actually of the form strncpy(dst, src, strlen(src) + 1) which is unsafe in general, but safe in this instance because dst and src were both of the same size and src was a proper zero-terminated string. But this nevertheless led to a compiler warning "‘strncpy’ specified bound depends on the length of the source argument [-Wstringop-overflow=]" in GCC 9.2. strlen() was unnecessary anyway. Reviewed-by:
Andriy Gelman <andriy.gelman@gmail.com> Signed-off-by:
-
vectronic authored
If 'write_colr' movflag is set, then movflag 'prefer_icc' can be used to first look for an AV_PKT_DATA_ICC_PROFILE entry to encode. If ICC profile doesn't exist, default behaviour enabled by 'write_colr' occurs. Signed-off-by:vectronic <hello.vectronic@gmail.com>
-
vectronic authored
Signed-off-by: -
vectronic authored
Signed-off-by: -
vectronic authored
Signed-off-by:
-
- 09 Mar, 2020 6 commits
-
-
Linjie Fu authored
Use desc->log2_chroma_w/h to calculate the sps->conf_win_right/bottom_offset. Based on Table 6-1, SubWidthC and SubHeightC depend on chroma format(log2_chroma_w/h). Based on D-28 and D-29, set the correct cropped width/height. croppedWidth = pic_width_in_luma_samples − SubWidthC * ( conf_win_right_offset + conf_win_left_offset ); croppedHeight = pic_height_in_luma_samples − SubHeightC * ( conf_win_bottom_offset + conf_win_top_offset ); Signed-off-by:Linjie Fu <linjie.fu@intel.com>
-
Andriy Gelman authored
Signed-off-by:
Marton Balint <cus@passwd.hu>
-
Andriy Gelman authored
Supports connecting to a RabbitMQ broker via AMQP version 0-9-1. Signed-off-by:
-
Zane van Iperen authored
Signed-off-by: -
Zane van Iperen authored
Signed-off-by:
-
Zane van Iperen authored
Signed-off-by:
-
- 08 Mar, 2020 4 commits
-
-
phunkyfish authored
Signed-off-by: -
Marton Balint authored
This is redundant after the last patch and also fixes ticket #7712. Signed-off-by: -
Marton Balint authored
Signed-off-by: -
Marton Balint authored
Fixes ticket #8549. Signed-off-by:
-
- 07 Mar, 2020 1 commit
-
-
Timo Rothenpieler authored
This ensures old commandlines using -hwaccel cuvid don't break due to the recent removal of the the cuvid-specific hwaccel bringup.
-
- 06 Mar, 2020 1 commit
-
-
Gyan Doshi authored
Add details and all options for mov.c demuxer.
-
- 05 Mar, 2020 7 commits
-
-
Andreas Rheinhardt authored
3469cfab added a check for whether the extradata coincided with the beginning of the packet's data in order not to add extradata to packets that already have it. But the check used was buggy for packets whose size is smaller than the extradata's size. This commit fixes this. Signed-off-by:
-
Andreas Rheinhardt authored
Mainly reindentation, but some variables were also put into a smaller scope. Signed-off-by:
-
Andreas Rheinhardt authored
1. Left shifts of signed values are undefined as soon as the result is no longer representable in the target type. Therefore make nal_size an uint32_t and drop the check for whether it is < 0. 2. The two checks for overreads (whether the length field is contained in the packet and whether the actual unit is contained in the packet) can be combined into one because the packet is padded, i.e. a potential overread caused by reading the length field without checking whether said length field is actually part of the packet's buffer is allowed as one always stays within the padding. But one has to be aware of a pitfall: The comparison must be performed in (at least) int64_t as otherwise buf_end - buf might be promoted to uint32_t in which case an already occured overread would appear as a very large number. A comment explaining this has been added, too. 3. Units of size zero are now silently dropped; the earlier code would instead read the first byte of the next length field (or the first byte of padding) to infer the type of the current unit. 4. Futhermore, the earlier code returned the wrong error code. This has been fixed, too. Fixes #8290. Signed-off-by:
-
Andreas Rheinhardt authored
Up until now, h264_mp4toannexb would grow the output packet's buffer by the desired amount every time another NAL unit of the input packet has been read; this commit changes this: The input buffer is now essentially parsed twice, once to determine the final size of the output packet and once to write the output packet's data. Fixes: Timeout Fixes: 19322/clusterfuzz-testcase-minimized-ffmpeg_BSF_H264_MP4TOANNEXB_fuzzer-5688407821123584 Signed-off-by:
-
Andreas Rheinhardt authored
h264_mp4toannexb_filter currently uses both indices/offsets as well as direct pointers comparisons for the checks whether one has reached or even surpassed the end. This commit removes the offsets. Signed-off-by:
-
Andreas Rheinhardt authored
If processing an input NAL unit triggers the insertion of data from extradata in front of said NAL unit, the output packet is grown (i.e. reallocated) once to accomodate both the new extradata as well as the input NAL unit itself; this has been changed: In such a situation, the packet is now grown twice. While this is bad for performance, it allows to simplify the code and ultimately to stop reallocating the packet altogether. Signed-off-by:
-
Andreas Rheinhardt authored
According to the H.264 specifications, the only NAL units that need to have four byte startcodes in H.264 Annex B format are SPS/PPS units and units that start a new access unit. Before af7e953a, the first of these conditions wasn't upheld as already existing in-band parameter sets would not automatically be written with a four byte startcode, but only when they already were at the beginning of their input packets. But it made four byte startcodes be used too often as every unit that is written together with a parameter set that is inserted from extradata received a four byte startcode although a three byte start code would suffice unless the unit itself were a parameter set. FATE has been updated to reflect the changes. Although the patch leaves the extradata unchanged, the size of the extradata according to the FATE reports changes. This is due to a quirk in ff_h2645_packet_split which is used by extract_extradata: If the input is Annex B, the first zero of a four byte startcode is considered a part of the last unit (if any). Signed-off-by:
-
