Fixes: left shift of 1 by 31 places cannot be represented in type 'int'
Fixes: 35023/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CLEARVIDEO_fuzzer-6740166587842560
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Given that the AVCodec.next pointer has now been removed, most of the
AVCodecs are not modified at all any more and can therefore be made
const (as this patch does); the only exceptions are the very few codecs
for external libraries that have a init_static_data callback.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
Both the motion vector as well as the bias VLCs have an escape code;
for the motion vectors, this value depended on the specific VLC table,
whereas all the bias VLCs used the same value; the escape value has not
been inlined in the latter case.
But for both kinds of VLCs there are lots of values that are unused for
all the VLCs of each kind and each of these can be used as common escape
value, thus allowing to inline the escape value. This commit implements
this.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
After the motion vector and bias values tables have been reordered so
that the codes are ordered from left to right, it emerged that the
length of these entries are actually ascending for every table.
Therefore it is possible to encode them in a run-length style and create
the actual length tables during runtime. This commit implements this.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
The ClearVideo decoder uses VLC tables that are initialized at runtime
from static length, symbol and codes tables. Yet the code tables can be
omitted by subjecting all of these tables to the permutation that orders
the codes from left to right in the tree. After this is done, the codes
can be easily computed at runtime from the lengths and therefore
omitted. This saves about 10KB.
Only one minor complication is encountered when doing so: The tree
corresponding to the AC VLC codes is incomplete; but this can be
handled by adding an entry with negative length.
Furthermore, there are also VLCs that are only initialized with lengths
and codes tables with codes of type uint16_t. These have also been
switched to ff_init_vlc_from_lengths() as this means that one can
replace the uint16_t codes tables with uint8_t symbols tables.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Some decoders may not need a writable buffer in some specific cases, but only
a reference to the existing buffer with updated frame properties instead, for
the purpose of returning duplicate frames. For this, the
FF_REGET_BUFFER_FLAG_READONLY flag is added, which will prevent potential
allocations and buffer copies when they are not needed.
Signed-off-by: James Almer <jamrial@gmail.com>
Fixes: left shift of 1 by 31 places cannot be represented in type 'int'
Fixes: 15631/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CLEARVIDEO_fuzzer-5690110605000704
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: Timeout (183 ms instead of about 20 sec)
Fixes: 3147/clusterfuzz-testcase-4870592182353920
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes CID1401671
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer
Andreas Rheinhardt
Anton Khirnov
James Almer
Paul B Mahol
Carl Eugen Hoyos
Luca Barbato
Diego Biurrun
Kostya Shishkov