Fixes: signed integer overflow: 1406796319 * 2 cannot be represented in type 'int'
Fixes: 32777/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5632576913014784
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Export them in UTC, not the local timezone. This way the output is
the same everywhere. The timezone information stored in the file is
still ignored, since there seems to be no simple way to export it
correctly.
Format them according to ISO 8601, which we generally use for exporting
dates.
Fixes fate-flv-demux, which was broken since
958bea5248 on some platforms.
Even though all samples are meant to be zero (if flag == 0x07),
doesn't mean that they aren't there. See No$PSX docs [1].
[1]: https://problemkaputt.de/psx-spx.htm#spuadpcmsamples
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
The JPEG-2000 decoder and encoder share common luts; the decoder
initializes them once, guarded by a dedicated AVOnce, whereas
the encoder initializes them always during init. This means that
the decoder is not init-threadsafe; in fact there is a potential
data race because these luts can be initialized while an active
decoder/encoder is using them.
Fix this and make the decoder init-threadsafe by making the
initialization function guard initialization itself with a dedicated
AVOnce.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
mqc currently initializes three arrays at runtime; each of them
has 2 * 47 elements, one is uint16_t, two are uint8_t, so that their
combined size is 8 * 47. The source data for these initializations
is contained in an array of 47 elements of size six. Said array is
only used in order to initialize the other arrays, so the savings
are just 2 * 47B. Yet this is dwarfed by the size of the code for
performing the initializations: It is 109B (GCC 10.2, x64, -O3 albeit
in an av_cold function); this does not even include the size of the
code in the callers. So just hardcode these tables.
This also fixes a data race, because the encoder always initialized
these tables during init, although they might already be used at the
same time by already running encoder/decoder instances.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
The Vorbis encoder has an array of a structure containing all
the ingredients for a codebook; this includes a pointer to
the actual codebook and some even have a pointer to an array
containing quant values. Each of these real codebooks is
an array of its own.
These pointers lead to relocations and therefore the array will
be placed in .data.rel.ro and not in .rodata.
This commit avoids the pointers altogether by combining all the actual
codebooks into one big array; the actual codebooks are now accessed
consecutively by incrementing the pointer used to access them by the
length of the actual codebook that has just been dealt with (said length
is contained in the structure describing the codebook). There is
no downside to this given that these codebooks are already only used
once during init.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
The Vorbis encoder allocates several arrays destined to contain pointers
to separately allocated arrays; yet these arrays are allocated without
initializing them: They are uninitialized until their final values
are stored in them; so if allocating one of the earlier subarrays fails,
all of the remaining pointers to subarrays are still uninitialized.
But they are used for freeing, resulting in crashes.
Fix this by zero-initializing the arrays with subarrays.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
ff_wma_init() can fail without freeing everything it has allocated;
so add the FF_CODEC_CAP_INIT_CLEANUP to the codecs using it.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
The address of this variable never leaks, so it cannot be modified
by anyone else at all.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
commit 95b854dd06 "rename sum option to normalize" missed command
part docs
Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
Reviewed-by: Gyan Doshi <ffmpeg@gyani.pro>
duplicate ff_hex_to_data() function from avformat and rename it to
hex_to_data() as static function.
Reviewed-by: Guo, Yejun <yejun.guo@intel.com>
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
CID: 1482090
there can return null from av_frame_get_side_data, and will use sd->data
after av_frame_get_side_data, so should check null return value.
Signed-off-by: Steven Liu <liuqi05@kuaishou.com>
Testing model is tensorflow offical model in github repo, please refer
https://github.com/tensorflow/models/blob/master/research/object_detection/g3doc/tf2_detection_zoo.md
to download the detect model as you need.
For example, local testing was carried on with 'ssd_mobilenet_v2_coco_2018_03_29.tar.gz', and
used one image of dog in
https://github.com/tensorflow/models/blob/master/research/object_detection/test_images/image1.jpg
Testing command is:
./ffmpeg -i image1.jpg -vf dnn_detect=dnn_backend=tensorflow:input=image_tensor:output=\
"num_detections&detection_scores&detection_classes&detection_boxes":model=ssd_mobilenet_v2_coco.pb,\
showinfo -f null -
We will see the result similar as below:
[Parsed_showinfo_1 @ 0x33e65f0] side data - detection bounding boxes:
[Parsed_showinfo_1 @ 0x33e65f0] source: ssd_mobilenet_v2_coco.pb
[Parsed_showinfo_1 @ 0x33e65f0] index: 0, region: (382, 60) -> (1005, 593), label: 18, confidence: 9834/10000.
[Parsed_showinfo_1 @ 0x33e65f0] index: 1, region: (12, 8) -> (328, 549), label: 18, confidence: 8555/10000.
[Parsed_showinfo_1 @ 0x33e65f0] index: 2, region: (293, 7) -> (682, 458), label: 1, confidence: 8033/10000.
[Parsed_showinfo_1 @ 0x33e65f0] index: 3, region: (342, 0) -> (690, 325), label: 1, confidence: 5878/10000.
There are two boxes of dog with cores 94.05% & 93.45% and two boxes of person with scores 80.33% & 58.78%.
Signed-off-by: Ting Fu <ting.fu@intel.com>
Signed-off-by: Guo, Yejun <yejun.guo@intel.com>
Otherwise decoding will crash lateron; e.g. because dct_tokens
is never set or because a VLC that has not been allocated is used.
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
The DNXHD encoder's context contains an array of 32 pointers to
DNXHDEncContexts used in case of slice threading; when trying
to use more than 32 threads with slice threading, the encoder's init
function errors out, but the close function takes avctx->thread_count
at face value and tries to free inexistent elements of the array,
leading to potential crashes.
Fix this by modifying the check used to decide whether the slice
contexts should be freed.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Initializing zlib in the way we do here is threadsafe, see
https://www.zlib.net/zlib_faq.html#faq21
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Michael Niedermayer
James Almer
Anton Khirnov
Zane van Iperen
Andreas Rheinhardt
Jun Zhao
Limin Wang
Steven Liu
Ting Fu
