struct v4l2_selection contains reserved bytes which should be set to
zero before the ioctl call.
Fixes valgrind error:
Syscall param ioctl(VKI_V4L2_S_SELECTION) points to uninitialised byte(s)
Signed-off-by: Andriy Gelman <andriy.gelman@gmail.com>
Currently the driver's frame period is incorrectly set to the frame
rate. This is fixed in the commit.
Signed-off-by: Ming Qian <ming.qian@nxp.com>
Signed-off-by: Andriy Gelman <andriy.gelman@gmail.com>
Fixes: out of array read
Fixes: 21286/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HCA_fuzzer-5683183715876864
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Up until now, it was completely unspecified what the content of the
destination packet dst was on error. Depending upon where the error
happened calling av_packet_unref() on dst might be dangerous.
This commit changes this by making sure that dst is blank on error, so
unreferencing it again is safe (and still pointless). This behaviour is
documented.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
av_packet_ref() mostly treated the destination packet dst as uninitialized,
i.e. the destination fields were simply overwritten. But if the source
packet was not reference-counted, dst->buf was treated as if it pointed
to an already allocated buffer (if != NULL) to be reallocated to the
desired size.
The documentation did not explicitly state whether the dst will be treated
as uninitialized, but it stated that if the source packet is not refcounted,
a new buffer in dst will be allocated. This and the fact that the side-data
as well as the codepath taken in case src is refcounted always treated the
packet as uninitialized means that dst should always be treated as
uninitialized for the sake of consistency. And this behaviour has been
explicitly documented.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Validate the value of ST field in the TLM marker of JPEG2000.
Throw an error when ST takes value of 0b11.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Resolution/format changes lead to re-initialization of hardware
accelerations(vaapi/dxva2/..) with new hwaccel_priv_data in
the worker-thread. But hwaccel_priv_data in user context won't
be updated until the resolution changing frame is output.
A termination with "-vframes" just after the reinit will lead to:
1. memory leak in worker-thread.
2. double free in user-thread.
Update user context in ff_frame_thread_free with the last thread
submit_packet() was called on.
To reproduce:
ffmpeg -hwaccel vaapi(dxva2) -v verbose -i
fate-suite/h264/reinit-large_420_8-to-small_420_8.h264 -pix_fmt nv12
-f rawvideo -vsync passthrough -vframes 47 -y out.yuv
Signed-off-by: Linjie Fu <linjie.fu@intel.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
The comments for some of the markers were incorrect.
This patch fixes the comments associated with the markers.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit fixes the names and constants of the reserved NAL units
with nal_unit_type 22 resp. 23. They were "IRAP_IRAP_VLC2x", but are
actually "RSV_IRAP_VLC2x".
This also required a change to cbs_h265_syntax_template.c.
Reviewed-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Surprisingly neither GCC nor Clang did this transformation on their own.
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Up until now, the name of every AVBSFContext for logging purposes was
"AVBSFContext", so that the default logging callback produced output
like "[AVBSFContext @ 0x55813bae92c0] Extradata". This has been changed
to "[trace_headers @ 0x60a000000700] Extradata" by adding an item_name-
function to the AVClass for bitstream filters.
Furthermore, the correct category has been set so that the introductory
part before the actual message (everything before "Extradata" in the
above examples) are displayed in a different colour than the rest.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Reviewed-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: James Almer <jamrial@gmail.com>
This happened for AVBSFContext.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Reviewed-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: James Almer <jamrial@gmail.com>
This fixes mpeg2video stream copies to mpeg muxer like this:
ffmpeg -i xdcamhd.mxf -c:v copy output.mpg
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Fixes: signed integer overflow: 685813396 + 1803454769 cannot be represented in type 'int'
Fixes: 21073/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SIREN_fuzzer-5744900508483584
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 1302123111085380114 - -8319005078741256972 cannot be represented in type 'long'
Fixes: 20991/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5148554161291264
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>