- 10 May, 2020 2 commits
-
-
Michael Niedermayer authored
Fixes: out of array access Fixes: 20659/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DST_fuzzer-5735812071424000 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegReviewed-by:
Paul B Mahol <onemda@gmail.com> Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc>
-
James Almer authored
Signed-off-by:James Almer <jamrial@gmail.com>
-
- 09 May, 2020 17 commits
-
-
Andriy Gelman authored
V4L2 api can indicate that flushing of the capture buffers is completed by setting the V4L2_BUF_FLAG_LAST flag. Use guards because the flag was only defined in Linux v4.2. Reference: linux/Documentation/media/uapi/v4l/dev-decoder.rst "The client must continue to handle both queues independently, similarly to normal decode operation. This includes: ... - queuing and dequeuing CAPTURE buffers, until a buffer marked with the V4L2_BUF_FLAG_LAST flag is dequeued" Reviewed-by:Ming Qian <ming.qian@nxp.com> Signed-off-by:
Andriy Gelman <andriy.gelman@gmail.com>
-
Andriy Gelman authored
v4l2_m2m devices may send an empty packet/frame while draining to indicate that all capture buffers have been flushed. Currently, the empty packet/frame is not handled correctly: When encoding, the empty packet is forwarded to the muxer, usually creating warnings. When decoding, a reference to the memory is created anyway. Since in the past this memory contained a decoded frame, it results in an extra frame being decoded. This commit discards the empty packet/frame. References: linux/Documentation/media/uapi/v4l/dev-decoder.rst: "The last buffer may be empty (with :c:type:`v4l2_buffer` bytesused = 0) and in that case it must be ignored by the client, as it does not contain a decoded frame." linux/Documentation/media/uapi/media/v4l/vidioc-encoder-cmd.rst: "...This buffer may be empty, indicated by the driver setting the ``bytesused`` field to 0." Reviewed-by: -
Michael Niedermayer authored
Regression since 4d9b9c5e Fixes: Null pointer dereference Fixes: 21642/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_LATM_fuzzer-5670101358739456 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
The demuxer code assumes the existence of a video stream Fixes: assertion failure Fixes: 21512/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5699660783288320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Fixes: 8233/PPY6574574605_cut.mp3 Signed-off-by: -
Michael Niedermayer authored
Fixes: 21089/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APNG_fuzzer-5135981419429888 Fixes: out of array read Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Fixes: Timeout (84sec -> 2sec) Fixes: 21127/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APNG_fuzzer-5098412367413248 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Fixes: out of array access Fixes: 21469/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G2M_fuzzer-5199357982015488 Alternatively the arrays can be made bigger or the index can be clipped. In case a real file with such huge tiles exist we ask the user to upload it. Signed-off-by: -
Michael Niedermayer authored
Fixes: OOM Fixes: 20774/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HAP_fuzzer-5678608951803904 Fixes: 20956/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HAP_fuzzer-5713643025203200 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
James Almer authored
Signed-off-by: -
James Almer authored
Signed-off-by: -
David Manouchehri authored
Signed-off-by:David Manouchehri <david.manouchehri@riseup.net>
-
Andreas Rheinhardt authored
When the Ogg muxer writes a page, it has to do three things: It needs to write a page header, then it has to actually copy the page data and then it has to calculate and write a CRC checksum of both header as well as data at a certain position in the page header. To do this, the muxer used a dynamic buffer for both writing as well as calculating the checksum via an AVIOContext's feature to automatically calculate checksums on the data it writes. This entails an allocation of an AVIOContext, of the opaque specific to dynamic buffers and of the buffer itself (which may be reallocated multiple times) as well as memcopying the data (first into the AVIOContext's small write buffer, then into the dynamic buffer's big buffer). This commit changes this: The page header is no longer written into a dynamic buffer any more; instead the (small) page header is written into a small buffer on the stack. The CRC is then calculated directly via av_crc() on both the page header as well as the page data. Then both the page header and the page data are written. Finally, ogg_write_page() can now no longer fail, so it has been modified to return nothing; this also fixed a bug in the only caller of this function: It didn't check the return value. Signed-off-by:Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Limin Wang authored
Signed-off-by:Limin Wang <lance.lmwang@gmail.com>
-
Limin Wang authored
Signed-off-by: -
Limin Wang authored
Signed-off-by: -
Limin Wang authored
Signed-off-by:
-
- 08 May, 2020 21 commits
-
-
Lou Logan authored
After this claim was made in e34e3619 kamedo2 did an in-depth ABX test comparing these encoders: https://hydrogenaud.io/index.php?topic=111085.0 Result: FFmpeg AAC wasn't as good as libfdk_aac on average. I know some things have changed since then such as, "use the fast coder as the default" (fcb681ac) for example, so maybe the situation is different now. However, I am unaware of any recent comparison. So without any substantiation we shouldn't make such a blantant claim. Signed-off-by:
Lou Logan <lou@lrcd.com> Signed-off-by:
Gyan Doshi <ffmpeg@gyani.pro>
-
Andreas Rheinhardt authored
Reviewed-by:
-
Andreas Rheinhardt authored
Up until now the documentation of ff_bsf_get_packet_ref() allowed return values >= 0 in case of success, whereas av_bsf_receive_packet() only allows 0 on success. Given that for some bitstream filters the return value of ff_bsf_get_packet_ref() is forwarded to the caller of av_bsf_receive_packet() without any filtering, there would be a problem if ff_bsf_get_packet_ref() actually returned values > 0. But it currently doesn't and there is no reason why it should ever do so. Therefore this commit aligns the return values of these functions by restricting ff_bsf_get_packet_ref() to always returns 0 on success. Reviewed-by:
-
Andreas Rheinhardt authored
Mainly includes reindentation and returning directly (i.e. without a goto fail when possible). Signed-off-by: -
Andreas Rheinhardt authored
The check will be true at most once anyway. Signed-off-by: -
Andreas Rheinhardt authored
Before this commit, the checks were unnecessarily scattered. Signed-off-by: -
Andreas Rheinhardt authored
hls_init() would at first allocate the vtt_basename string, then allocate the vtt_m3u8_name string followed by several operations that may fail and then open the subtitles' output context. Yet upon freeing, these strings were only freed when the subtitles' output context existed, ensuring that they leak if something goes wrong between their allocation and the opening of the subtitles' output context. So drop the check for whether this output context exists. Signed-off-by: -
Andreas Rheinhardt authored
Signed-off-by: -
Andreas Rheinhardt authored
This fixes memleaks in instances such as: a) When an allocation fails at one of the two places in hls_init() where the error is returned immediately without goto fail first. b) When an error happens when writing the header. c) When an allocation fails at one of the three places in hls_write_trailer() where the error is returned immediately without goto fail first. d) When one decides not to write the trailer at all (e.g. because of errors when writing packets). Furthermore, it removes code duplication and allows to return immediately, without goto fail first. Signed-off-by: -
Limin Wang authored
Reviewed-by:
-
Andreas Rheinhardt authored
Several variables which are only used when the HLS_SINGLE_FILE flag is unset have been set even when this flag is set. This has been changed. Signed-off-by: -
Andreas Rheinhardt authored
The Matroska specification allows multiple (level 1) Tags elements per file, yet our demuxer didn't: While it parsed any amount of Tags elements it found in front of the Clusters (albeit with warnings because of duplicate elements), it would treat any Tags element only referenced via a SeekHead entry as already parsed if any Tags element has already been parsed; therefore this Tags element would not be parsed at all. Signed-off-by: -
Andreas Rheinhardt authored
There can be more than one SeekHead in a Matroska file, but most of the other level 1 elements can only occur once.* Therefore the Matroska demuxer only allows one entry per ID in its internal list of level 1 elements known to it; the only exception to this are SeekHeads. The only exception to this are SeekHeads: When one is encountered (either directly or in the list of entries read from SeekHeads), a new entry in the list of known level-1 elements is always added, even when this entry is actually already known. This leads to lots of seeks in case of circular SeekHeads: Each time a SeekHead is parsed, a new entry for a SeekHead will be added to the list of entries read from SeekHeads. The exception for SeekHeads mentioned above now implies that this SeekHead will always appear new and unparsed and parsing will be attempted. This continued until the list of known level-1 elements is full. Fixing this is pretty simple: Don't add a new entry for a SeekHead if its position matches the position of an already known SeekHead. *: Actually, there can be multiple Tags and several other level 1 elements are "identically recurring" which means they may be resent multiple times, but each instance must be absolutely identical to the previous. Signed-off-by: -
Andreas Rheinhardt authored
A Seek element in a Matroska SeekHead should contain a SeekID and a SeekPosition element and upon reading, they should be sanitized: Given that IDs are restricted to 32 bit, longer SeekIDs should be treated as invalid. Instead currently the lower 32 bits have been used. For SeekPosition, no checks were performed for the element to be present and if present, whether it was excessively large (i.e. the absolute file position described by it exceeding INT64_MAX). The SeekPosition element had a default value of -1 which means that a check seems to have been intended; but it was not implemented. This commit adds a check for overflow to the calculation of the absolute file position of the referenced level 1 elements. Using -1 (i.e. UINT64_MAX) as default value for SeekPosition implies that a Seek element without SeekPosition will run afoul of this check. Signed-off-by: -
Michael Niedermayer authored
mails to GMX seem working again This reverts commit cd11fbcf.
-
Guo, Yejun authored
Signed-off-by:Guo, Yejun <yejun.guo@intel.com>
-
Guo, Yejun authored
it can be tested with model file generated with below python script: import tensorflow as tf import numpy as np import imageio in_img = imageio.imread('input.jpg') in_img = in_img.astype(np.float32)/255.0 in_data = in_img[np.newaxis, :] x = tf.placeholder(tf.float32, shape=[1, None, None, 3], name='dnn_in') x1 = tf.minimum(0.7, x) x2 = tf.maximum(x1, 0.4) y = tf.identity(x2, name='dnn_out') sess=tf.Session() sess.run(tf.global_variables_initializer()) graph_def = tf.graph_util.convert_variables_to_constants(sess, sess.graph_def, ['dnn_out']) tf.train.write_graph(graph_def, '.', 'image_process.pb', as_text=False) print("image_process.pb generated, please use \ path_to_ffmpeg/tools/python/convert.py to generate image_process.model\n") output = sess.run(y, feed_dict={x: in_data}) imageio.imsave("out.jpg", np.squeeze(output)) Signed-off-by: -
Limin Wang authored
Reviewed-by:
Carl Eugen Hoyos <ceffmpeg@gmail.com> Signed-off-by:
-
Limin Wang authored
Reviewed-by:
-
Limin Wang authored
Reviewed-by:
-
Limin Wang authored
Reviewed-by:
-
